From 3b310c69a5acd77ac93b01fb288db69af7a53310 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Sep 2019 18:22:50 +0200 Subject: [PATCH 001/247] Add a note to some invasive tests Signed-off-by: Gilles Peskine --- .../test_suite_psa_crypto_persistent_key.function | 12 ++++++++++++ tests/suites/test_suite_psa_its.function | 6 ++++++ 2 files changed, 18 insertions(+) diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index 4edc6979c..e2d87efd8 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -1,4 +1,12 @@ /* BEGIN_HEADER */ + +/* The tests in this module verify the contents of key store files. They + * access internal key storage functions directly. Some of the tests depend + * on the the storage format. On the other hand, these tests treat the storage + * subsystem as a black box, and in particular have no reliance on the + * internals of the ITS implementation. + */ + #include #include "psa_crypto_helpers.h" @@ -9,6 +17,10 @@ #define PSA_KEY_STORAGE_MAGIC_HEADER "PSA\0KEY" #define PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH ( sizeof( PSA_KEY_STORAGE_MAGIC_HEADER ) ) +/* Enforce the storage format for keys. The storage format is not a public + * documented interface, but it must be preserved between versions so that + * upgrades work smoothly, so it's a stable interface nonetheless. + */ typedef struct { uint8_t magic[PSA_KEY_STORAGE_MAGIC_HEADER_LENGTH]; uint8_t version[4]; diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index a1d39bf54..04a735a29 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -1,4 +1,10 @@ /* BEGIN_HEADER */ + +/* This test file is specific to the ITS implementation in PSA Crypto + * on top of stdio. It expects to know what the stdio name of a file is + * based on its keystore name. + */ + #include "../library/psa_crypto_its.h" #include "psa_helpers.h" From ab4b9b4165bd78138416877bb6ae6d4047c0fc50 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Sep 2019 18:23:10 +0200 Subject: [PATCH 002/247] New test strategy document: invasive testing Evaluate possible approaches for invasive testing. State some rules. This commit was originally written for Mbed Crypto only. Signed-off-by: Gilles Peskine --- docs/architecture/Makefile | 2 + docs/architecture/testing/invasive-testing.md | 255 ++++++++++++++++++ 2 files changed, 257 insertions(+) create mode 100644 docs/architecture/testing/invasive-testing.md diff --git a/docs/architecture/Makefile b/docs/architecture/Makefile index ab22fb16d..d8db2e067 100644 --- a/docs/architecture/Makefile +++ b/docs/architecture/Makefile @@ -5,6 +5,7 @@ default: all all_markdown = \ mbed-crypto-storage-specification.md \ testing/driver-interface-test-strategy.md \ + testing/invasive-testing.md \ testing/test-framework.md \ # This line is intentionally left blank @@ -22,3 +23,4 @@ all: html pdf clean: rm -f *.html *.pdf + rm -f testing/*.html testing/*.pdf diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md new file mode 100644 index 000000000..10fdb1aee --- /dev/null +++ b/docs/architecture/testing/invasive-testing.md @@ -0,0 +1,255 @@ +# Mbed Crypto invasive testing strategy + +## Introduction + +In Mbed Crypto and Mbed TLS, we use black-box testing as much as possible: test the documented behavior of the product, in a realistic environment. However this is not always sufficient. + +The goal of this document is to identify areas where black-box testing is insufficient and to propose solutions. + +This is a test strategy document, not a test plan. A description of exactly what is tested is out of scope. + +## Rules + +Always follow these rules unless you have a good reason not to. If you deviate, document the rationale somewhere. + +See the section [“Possible approaches”](#possible-approaches) for a rationale. + +### Interface design for testing + +Do not add test-specific interfaces if there's a practical way of doing it another way. All public interfaces should be useful in at least some configurations. Features with a significant impact on the code size or attack surface should have a compile-time guard. + +### Reliance on internal details + +In unit tests and in test programs, it's ok to include header files from `library/`. In contrast, sample programs must not include header files from `library/`. + +If test code or test data depends on internal details of the library and not just on its documented behavior, add a comment in the code that explains the dependency. For example: + +> ``` +> /* This test file is specific to the ITS implementation in PSA Crypto +> * on top of stdio. It expects to know what the stdio name of a file is +> * based on its keystore name. +> */ +> ``` + +> ``` +> # This test assumes that PSA_MAX_KEY_BITS (currently 65536-8 bits = 8191 bytes +> # and not expected to be raised any time soon) is less than the maximum +> # output from HKDF-SHA512 (255*64 = 16320 bytes). +> ``` + +### Rules for compile-time options + +If the most practical way to test something is to add code to the product that is only useful for testing, do so, but obey the following rules. For more information, see the [rationale](#guidelines-for-compile-time-options). + +* **Only use test-specific code when necessary.** Anything that can be tested through the documented API must be tested through the documented API. +* **Test-specific code must be guarded by `#if defined(MBEDTLS_TEST_HOOKS)`**. Do not create fine-grained guards for test-specific code. +* **Do not use `MBEDTLS_TEST_HOOKS` for security checks or assertions.** Security checks belong in the product. +* **Merely defining `MBEDTLS_TEST_HOOKS` must not change the behavior**. It may define extra functions. It may add fields to structures, but if so, make it very clear that these fields have no impact on non-test-specific fields. +* **Where tests must be able to change the behavior, do it by function substitution.** See [“rules for function substitution”](#rules-for-function-substitution) for more details. + +#### Rules for function substitution + +The code calls a function `mbedtls_foo()`. Usually this a macro defined to be a system function (like `mbedtls_calloc` or `mbedtls_fopen`), which we replace to mock or wrap it. This is useful to simulate I/O failure, for example. + +Sometimes the substitutable function is a `static inline` function that does nothing (not a macro, to avoid accidentally skipping side effects in its parameters), to provide a hook for test code; such functions should have a name that starts with the prefix `mbedtls_test_hook_`. In such cases, the function should generally not modify its parameters, so any pointer argument should be const. The function should return void. + +With `MBEDTLS_TEST_HOOKS` set, `mbedtls_foo` is a global variable of function pointer type. This global variable is initialized to the system function, or to a function that does nothing. The global variable is defined in a header in `library.h` such as `psa_crypto_invasive.h`. + +In test code that needs to modify the internal behavior: + +* The test function (or the whole test file) must depend on `MBEDTLS_TEST_HOOKS`. +* At the beginning of the function, set the global function pointers to the desired value. +* In the function's cleanup code, restore the global function pointers to their default value. + +## Requirements + +### General goals + +We need to balance the following goals, which are sometimes contradictory. + +* Coverage: we need to test behaviors which are not easy to trigger by using the API or which cannot be triggered deterministically, for example I/O failures. +* Correctness: we want to test the actual product, not a modified version, since conclusions drawn from a test of a modified product may not apply to the real product. +* Effacement: the product should not include features that are solely present for test purposes, since these increase the attack surface and the code size. +* Portability: tests should work on every platform. Skipping tests on certain platforms may hide errors that are only apparent on such platforms. +* Maintainability: tests should only enforce the documented behavior of the product, to avoid extra work when the product's internal or implementation-specific behavior changes. We should also not give the impression that whatever the tests check is guaranteed behavior of the product which cannot change in future versions. + +Where those goals conflict, we should at least mitigate the goals that cannot be fulfilled, and document the architectural choices and their rationale. + +### Problem areas + +#### Allocation + +Resource allocation can fail, but rarely does so in a typical test environment. How does the product cope if some allocations fail? + +Resources include: + +* Memory. +* Files in storage (PSA API only — in the Mbed TLS API, black-box unit tests are sufficient). +* Key handles (PSA API only). +* Key slots in a secure element (PSA SE HAL). +* Communication handles (PSA crypto service only). + +#### Storage + +Storage can fail, either due to hardware errors or to active attacks on trusted storage. How does the code cope if some storage accesses fail? + +We also need to test resilience: if the system is reset during an operation, does it restart in a correct state? + +#### Cleanup + +When code should clean up resources, how do we know that they have truly been cleaned up? + +* Zeroization of confidential data after use. +* Freeing memory. +* Closing key handles. +* Freeing key slots in a secure element. +* Deleting files in storage (PSA API only). + +#### Internal data + +Sometimes it is useful to peek or poke internal data. + +* Check consistency of internal data (e.g. output of key generation). +* Check the format of files (which matters so that the product can still read old files after an upgrade). +* Inject faults and test corruption checks inside the product. + +## Possible approaches + +Key to requirement tables: + +* ++ requirement is fully met +* \+ requirement is mostly met +* ~ requirement is partially met but there are limitations +* ! requirement is somewhat problematic +* !! requirement is very problematic + +### Fine-grained public interfaces + +We can include all the features we want to test in the public interface. Then the tests can be truly black-box. The limitation of this approach is that this requires adding a lot of interfaces that are not useful in production. These interfaces have costs: they increase the code size, the attack surface, and the testing burden (exponentially, because we need to test all these interfaces in combination). + +As a rule, we do not add public interfaces solely for testing purposes. We only add public interfaces if they are also useful in production, at least sometimes. For example, the main purpose of `mbedtls_psa_crypto_free` is to clean up all resources in tests, but this is also useful in production in some applications that only want to use PSA Crypto during part of their lifetime. + +Mbed TLS traditionally has very fine-grained public interfaces, with many platform functions that can be substituted (`MBEDTLS_PLATFORM_xxx` macros). PSA Crypto has more opacity and less platform substitution macros. + +| Requirement | Analysis | +| ----------- | -------- | +| Coverage | ~ Many useful tests are not reasonably achievable | +| Correctness | ++ Ideal | +| Effacement | !! Requires adding many otherwise-useless interfaces | +| Portability | ++ Ideal; the additional interfaces may be useful for portability beyond testing | +| Maintainability | !! Combinatorial explosion on the testing burden | +| | ! Public interfaces must remain for backward compatibility even if the test architecture changes | + +### Fine-grained undocumented interfaces + +We can include all the features we want to test in undocumented interfaces. Undocumented interfaces are described in public headers for the sake of the C compiler, but are described as “do not use” in comments (or not described at all) and are not included in Doxygen-rendered documentation. This mitigates some of the downsides of [fine-grained public interfaces](#fine-grained-public-interfaces), but not all. In particular, the extra interfaces do increase the code size, the attack surface and the test surface. + +Mbed TLS traditionally has a few internal interfaces, mostly intended for cross-module abstraction leakage rather than for testing. For the PSA API, we favor [internal interfaces](#internal-interfaces). + +| Requirement | Analysis | +| ----------- | -------- | +| Coverage | ~ Many useful tests are not reasonably achievable | +| Correctness | ++ Ideal | +| Effacement | !! Requires adding many otherwise-useless interfaces | +| Portability | ++ Ideal; the additional interfaces may be useful for portability beyond testing | +| Maintainability | ! Combinatorial explosion on the testing burden | + +### Internal interfaces + +We can write tests that call internal functions that are not exposed in the public interfaces. This is nice when it works, because it lets us test the unchanged product without compromising the design of the public interface. + +A limitation is that these interfaces must exist in the first place. If they don't, this has mostly the same downside as public interfaces: the extra interfaces increase the code size and the attack surface for no direct benefit to the product. + +Another limitation is that internal interfaces need to be used correctly. We may accidentally rely on internal details in the tests that are not necessarily always true (for example that are platform-specific). We may accidentally use these internal interfaces in ways that don't correspond to the actual product. + +This approach is mostly portable since it only relies on C interfaces. A limitation is that the test-only interfaces must not be hidden at link time (but link-time hiding is not something we currently do). Another limitation is that this approach does not work for users who patch the library by replacing some modules; this is a secondary concern since we do not officially offer this as a feature. + +| Requirement | Analysis | +| ----------- | -------- | +| Coverage | ~ Many useful tests require additional internal interfaces | +| Correctness | + Does not require a product change | +| | ~ The tests may call internal functions in a way that does not reflect actual usage inside the product | +| Effacement | ++ Fine as long as the internal interfaces aren't added solely for test purposes | +| Portability | + Fine as long as we control how the tests are linked | +| | ~ Doesn't work if the users rewrite an internal module | +| Maintainability | + Tests interfaces that are documented; dependencies in the tests are easily noticed when changing these interfaces | + +### Static analysis + +If we guarantee certain properties through static analysis, we don't need to test them. This puts some constraints on the properties: + +* We need to have confidence in the specification (but we can gain this confidence by evaluating the specification on test data). +* This does not work for platform-dependent properties unless we have a formal model of the platform. + +| Requirement | Analysis | +| ----------- | -------- | +| Coverage | ~ Good for platform-independent properties, if we can guarantee them statically | +| Correctness | + Good as long as we have confidence in the specification | +| Effacement | ++ Zero impact on the code | +| Portability | ++ Zero runtime burden | +| Maintainability | ~ Static analysis is hard, but it's also helpful | + +### Compile-time options + +If there's code that we want to have in the product for testing, but not in production, we can add a compile-time option to enable it. This is very powerful and usually easy to use, but comes with a major downside: we aren't testing the same code anymore. + +| Requirement | Analysis | +| ----------- | -------- | +| Coverage | ++ Most things can be tested that way | +| Correctness | ! Difficult to ensure that what we test is what we run | +| Effacement | ++ No impact on the product when built normally or on the documentation, if done right | +| | ! Risk of getting “no impact” wrong | +| Portability | ++ It's just C code so it works everywhere | +| | ~ Doesn't work if the users rewrite an internal module | +| Maintainability | + Test interfaces impact the product source code, but at least they're clearly marked as such in the code | + +#### Guidelines for compile-time options + +* **Minimize the number of compile-time options.**
+ Either we're testing or we're not. Fine-grained options for testing would require more test builds, especially if combinatorics enters the play. +* **Merely enabling the compile-time option should not change the behavior.**
+ When building in test mode, the code should have exactly the same behavior. Changing the behavior should require some action at runtime (calling a function or changing a variable). +* **Minimize the impact on code**.
+ We should not have test-specific conditional compilation littered through the code, as that makes the code hard to read. + +### Runtime instrumentation + +Some properties can be tested through runtime instrumentation: have the compiler or a similar tool inject something into the binary. + +* Sanitizers check for certain bad usage patterns (ASan, MSan, UBSan, Valgrind). +* We can inject external libraries at link time. This can be a way to make system functions fail. + +| Requirement | Analysis | +| ----------- | -------- | +| Coverage | ! Limited scope | +| Correctness | + Instrumentation generally does not affect the program's functional behavior | +| Effacement | ++ Zero impact on the code | +| Portability | ~ Depends on the method | +| Maintainability | ~ Depending on the instrumentation, this may require additional builds and scripts | +| | + Many properties come for free, but some require effort (e.g. the test code itself must be leak-free to avoid false positives in a leak detector) | + +### Debugger-based testing + +If we want to do something in a test that the product isn't capable of doing, we can use a debugger to read or modify the memory, or hook into the code at arbitrary points. + +This is a very powerful approach, but it comes with limitations: + +* The debugger may introduce behavior changes (e.g. timing). If we modify data structures in memory, we may do so in a way that the code doesn't expect. +* Due to compiler optimizations, the memory may not have the layout that we expect. +* Writing reliable debugger scripts is hard. We need to have confidence that we're testing what we mean to test, even in the face of compiler optimizations. Languages such as gdb make it hard to automate even relatively simple things such as finding the place(s) in the binary corresponding to some place in the source code. +* Debugger scripts are very much non-portable. + +| Requirement | Analysis | +| ----------- | -------- | +| Coverage | ++ The sky is the limit | +| Correctness | ++ The code is unmodified, and tested as compiled (so we even detect compiler-induced bugs) | +| | ! Compiler optimizations may hinder | +| | ~ Modifying the execution may introduce divergence | +| Effacement | ++ Zero impact on the code | +| Portability | !! Not all environments have a debugger, and even if they do, we'd need completely different scripts for every debugger | +| Maintainability | ! Writing reliable debugger scripts is hard | +| | !! Very tight coupling with the details of the source code and even with the compiler | + +## Solutions + +TODO From dff10c773bd4a2bf5c8a94cb596c2ffb6c73ceb5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 24 Mar 2020 22:50:26 +0100 Subject: [PATCH 003/247] Add a note that TLS requires further consideration Signed-off-by: Gilles Peskine --- docs/architecture/testing/invasive-testing.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 10fdb1aee..35d117bc9 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -1,13 +1,17 @@ -# Mbed Crypto invasive testing strategy +# Mbed TLS invasive testing strategy ## Introduction -In Mbed Crypto and Mbed TLS, we use black-box testing as much as possible: test the documented behavior of the product, in a realistic environment. However this is not always sufficient. +In Mbed TLS, we use black-box testing as much as possible: test the documented behavior of the product, in a realistic environment. However this is not always sufficient. The goal of this document is to identify areas where black-box testing is insufficient and to propose solutions. This is a test strategy document, not a test plan. A description of exactly what is tested is out of scope. +### TLS + +This document currently focuses on data structure manipulation and storage, which is what the crypto/keystore and X.509 parts of the library are about. More work is needed to fully take TLS into account. + ## Rules Always follow these rules unless you have a good reason not to. If you deviate, document the rationale somewhere. From 4b7279e5d9454d56e1290203ec6ff5716abc12a4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Sep 2019 17:39:33 +0200 Subject: [PATCH 004/247] Write up some solutions Signed-off-by: Gilles Peskine --- docs/architecture/testing/invasive-testing.md | 99 ++++++++++++++++++- 1 file changed, 98 insertions(+), 1 deletion(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 35d117bc9..0eca4dc56 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -256,4 +256,101 @@ This is a very powerful approach, but it comes with limitations: ## Solutions -TODO +This section lists some strategies that are currently used for invasive testing, or planned to be used. This list is not intended to be exhaustive. + +### Memory management + +#### Zeroization testing + +Goal: test that `mbedtls_platform_zeroize` does wipe the memory buffer. + +Solution ([debugger](#debugger-based-testing)): implemented in `tests/scripts/test_zeroize.gdb`. + +Rationale: this cannot be tested by adding C code, because the danger is that the compiler optimizes the zeroization away, and any C code that observes the zeroization would cause the compiler not to optimize it away. + +#### Memory cleanup + +Goal: test the absence of memory leaks. + +Solution ([instrumentation](#runtime-instrumentation)): run tests with Asan. (We also use Valgrind, but it's slower than Asan, so we favor Asan.) + +Since we run many test jobs with a memory leak detector, each test function must clean up after itself. Use the cleanup code (after the `exit` label) to free any memory that the function may have allocated. + +#### Robustness against memory allocation failure + +Solution: TODO. We don't test this at all at this point. + +#### PSA key store memory cleanup + +Goal: test the absence of resource leaks in the PSA key store code, in particular that `psa_close_key` and `psa_destroy_key` work correctly. + +Solution ([internal interface](#internal-interfaces)): in some tests, close keys explicitly call `PSA_DONE` instead of `mbedtls_psa_crypto_free`. `PSA_DONE` fails the test if the key store is not empty. + +Note there must also be tests that call `mbedtls_psa_crypto_free` with keys still open, to verify that it does close all keys. + +`PSA_DONE` is a macro defined in `psa_crypto_helpers.h` which uses `mbedtls_psa_get_stats()`. This feature is mostly but not exclusively useful for testing, and may be moved under `MBEDTLS_TEST_HOOKS`. + +### PSA storage + +#### PSA storage cleanup on success + +Goal: test that no stray files are left over in the key store after a test that succeeded. + +Solution: TODO. Currently the various test suites do it differently. + +#### PSA storage cleanup on failure + +Goal: ensure that no stray files are left over in the key store even if a test has failed (as that could cause other tests to fail). + +Solution: TODO. Currently the various test suites do it differently. + +#### PSA storage resilience + +Goal: test the resilience of PSA storage against power failures. + +Solution: TODO. + +See the [secure element driver interface test strategy](driver-interface-test-strategy.html) for more information. + +#### Corrupted storage + +Goal: test the robustness against corrupted storage. + +Solution ([internal interface](#internal-interfaces)): call `psa_its` functions to modify the storage. + +#### Storage read failure + +Goal: test the robustness against read errors. + +Solution: TODO + +#### Storage write failure + +Goal: test the robustness against write errors (`STORAGE_FAILURE` or `INSUFFICIENT_STORAGE`). + +Solution: TODO + +#### Storage format stability + +Goal: test that the storage format does not change between versions (or if it does, an upgrade path must be provided). + +Solution ([internal interface](#internal-interfaces)): call internal functions to inspect the content of the file. + +Note that the storage format is defined not only by the general layout, but also by the numerical values of encodings for key types and other metadata. For numerical values, there is a risk that we would accidentally modify a single value or a few values, so the tests should be exhaustive. This probably requires some compile-time analysis (perhaps the automation for `psa_constant_names` can be used here). TODO + +### Other fault injection + +#### PSA crypto init failure + +Goal: test the failure of `psa_crypto_init`. + +Solution ([compile-time option](#compile-time-options)): replace entropy initialization functions by functions that can fail. This is the only failure point for `psa_crypto_init` that is present in all builds. + +When we implement the PSA entropy driver interface, this should be reworked to use the entropy driver interface. + +#### PSA crypto data corruption + +The PSA crypto subsystem has a few checks to detect corrupted data in memory. We currently don't have a way to exercise those checks. + +Solution: TODO. To corrupt a multipart operation structure, we can do it by looking inside the structure content, but only when running without isolation. To corrupt the key store, we would need to add a function to the library or to use a debugger. + From fa51820e39d932ddd7fd02b4e76f50d4d2b605cf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Sep 2019 13:25:55 +0200 Subject: [PATCH 005/247] Expand the rule for internal functions exposed for tests only Clarify that using a header in library/ rather than include/ for internal functions is a rule, not just a possibility. As suggested by Manuel, state a rule for functions that need to be static for best optimization but that we want to unit-test. Signed-off-by: Gilles Peskine --- docs/architecture/testing/invasive-testing.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 0eca4dc56..54d635b17 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -24,7 +24,9 @@ Do not add test-specific interfaces if there's a practical way of doing it anoth ### Reliance on internal details -In unit tests and in test programs, it's ok to include header files from `library/`. In contrast, sample programs must not include header files from `library/`. +In unit tests and in test programs, it's ok to include header files from `library/`. Do not define non-public interfaces in public headers (`include/mbedtls` has `*_internal.h` headers for legacy reasons, but this approach is deprecated). In contrast, sample programs must not include header files from `library/`. + +Sometimes it makes sense to have unit tests on functions that aren't part of the public API. Declare such functions in `library/*.h` and include the corresponding header in the test code. If the function should be `static` for optimization but can't be `static` for testing, declare it as `MBEDTLS_STATIC_TESTABLE`, and make the tests that use it depend on `MBEDTLS_TEST_HOOKS` (see [“rules for compile-time options”](#rules-for-compile-time-options)). If test code or test data depends on internal details of the library and not just on its documented behavior, add a comment in the code that explains the dependency. For example: @@ -57,7 +59,7 @@ The code calls a function `mbedtls_foo()`. Usually this a macro defined to be a Sometimes the substitutable function is a `static inline` function that does nothing (not a macro, to avoid accidentally skipping side effects in its parameters), to provide a hook for test code; such functions should have a name that starts with the prefix `mbedtls_test_hook_`. In such cases, the function should generally not modify its parameters, so any pointer argument should be const. The function should return void. -With `MBEDTLS_TEST_HOOKS` set, `mbedtls_foo` is a global variable of function pointer type. This global variable is initialized to the system function, or to a function that does nothing. The global variable is defined in a header in `library.h` such as `psa_crypto_invasive.h`. +With `MBEDTLS_TEST_HOOKS` set, `mbedtls_foo` is a global variable of function pointer type. This global variable is initialized to the system function, or to a function that does nothing. The global variable is defined in a header in the `library` directory such as `psa_crypto_invasive.h`. In test code that needs to modify the internal behavior: From fea6eaf5e3d713c290d083fa3724b56e9b9afcba Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Sep 2019 13:27:48 +0200 Subject: [PATCH 006/247] Declare MBEDTLS_TEST_HOOKS in config.h When this option is enabled, the product includes additional interfaces that enable additional tests. This option should not be enabled in production, but is included in the "full" build to enable the extra tests. Signed-off-by: Gilles Peskine --- include/mbedtls/config.h | 20 ++++++++++++++++++++ library/version_features.c | 3 +++ programs/test/query_config.c | 8 ++++++++ 3 files changed, 31 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index d5502a947..6076b86b4 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1864,6 +1864,26 @@ */ //#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH +/** + * \def MBEDTLS_TEST_HOOKS + * + * Enable features for invasive testing such as introspection functions and + * hooks for fault injection. This enables additional unit tests. + * + * Merely enabling this feature should not change the behavior of the product. + * It only adds new code, and new branching points where the default behavior + * is the same as when this feature is disabled. + * However, this feature increases the attack surface: there is an added + * risk of vulnerabilities, and more gadgets that can make exploits easier. + * Therefore this feature must never be enabled in production. + * + * See `docs/architecture/testing/mbed-crypto-invasive-testing.md` for more + * information. + * + * Uncomment to enable invasive tests. + */ +//#define MBEDTLS_TEST_HOOKS + /** * \def MBEDTLS_THREADING_ALT * diff --git a/library/version_features.c b/library/version_features.c index d16ad1bac..7ecde2148 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -555,6 +555,9 @@ static const char * const features[] = { #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH", #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ +#if defined(MBEDTLS_TEST_HOOKS) + "MBEDTLS_TEST_HOOKS", +#endif /* MBEDTLS_TEST_HOOKS */ #if defined(MBEDTLS_THREADING_ALT) "MBEDTLS_THREADING_ALT", #endif /* MBEDTLS_THREADING_ALT */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index bd3f638a7..27c5d0db0 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1522,6 +1522,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */ +#if defined(MBEDTLS_TEST_HOOKS) + if( strcmp( "MBEDTLS_TEST_HOOKS", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_TEST_HOOKS ); + return( 0 ); + } +#endif /* MBEDTLS_TEST_HOOKS */ + #if defined(MBEDTLS_THREADING_ALT) if( strcmp( "MBEDTLS_THREADING_ALT", config ) == 0 ) { From c4672fdb81a88b66b49fe0658c4b2b6bb6199d6b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Sep 2019 13:39:11 +0200 Subject: [PATCH 007/247] New header common.h; define MBEDTLS_STATIC_TESTABLE Define MBEDTLS_STATIC_TESTABLE to mark code that is only exported for test purposes. Since this is for internal library use only, define it in a header in library/. Since there is no suitable header, create one. Signed-off-by: Gilles Peskine --- library/common.h | 55 ++++++++++++++++++++++++++++++++++ visualc/VS2010/mbedTLS.vcxproj | 1 + 2 files changed, 56 insertions(+) create mode 100644 library/common.h diff --git a/library/common.h b/library/common.h new file mode 100644 index 000000000..ba2c52e5c --- /dev/null +++ b/library/common.h @@ -0,0 +1,55 @@ +/** + * \file common.h + * + * \brief Utility macros for internal use in the library + */ +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef MBEDTLS_LIBRARY_COMMON_H +#define MBEDTLS_LIBRARY_COMMON_H + +#if defined(MBEDTLS_CONFIG_FILE) +#include MBEDTLS_CONFIG_FILE +#else +#include "mbedtls/config.h" +#endif + +/** Helper to define a function as static except when building invasive tests. + * + * If a function is only used inside its own source file and should be + * declared `static` to allow the compiler to optimize for code size, + * but that function has unit tests, define it with + * ``` + * MBEDTLS_STATIC_TESTABLE int mbedtls_foo(...) { ... } + * ``` + * and declare it in a header in the `library/` directory with + * ``` + * #if defined(MBEDTLS_TEST_HOOKS) + * int mbedtls_foo(...); + * #endif + * ``` + */ +#if defined(MBEDTLS_TEST_HOOKS) +#define MBEDTLS_STATIC_TESTABLE +#else +#define MBEDTLS_STATIC_TESTABLE static +#endif + +#endif /* MBEDTLS_LIBRARY_COMMON_H */ diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 6643abd29..5627e0dba 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -241,6 +241,7 @@ + From 502d4b45102a0665aa0b769c41ad1c7bdb96478e Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Sat, 25 Apr 2020 14:41:25 +0200 Subject: [PATCH 008/247] New mbedtls_x509_crt_parse_der_ext() routine This routine is functionally equivalent to mbedtls_x509_crt_parse_der(), but it accepts an additional callback function which it calls with every unsupported certificate extension. Proposed solution to https://github.com/ARMmbed/mbedtls/issues/3241 Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 56 ++++++++++++++++++++++++++++++++++++++ library/x509_crt.c | 30 +++++++++++++++----- 2 files changed, 79 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e4fb13543..19de1e968 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -303,6 +303,62 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); +/** + * \brief The type of certificate extension callbacks. + * + * Callbacks of this type are passed to and used by the + * mbedtls_x509_crt_parse_der_ext() routine when it encounters + * an unsupported extension. + * + * \param crt Pointer to the certificate being parsed + * \param oid Extension's OID + * \param critical If the extension is critical (per the RFC's definition) + * \param p On entry \c *p points to the start of the extension ASN.1 + * data. On successful completion \c *p must point to the + * first byte after it. + * On error, the value of \c *p is undefined. + * \param end End of extension data. + * + * \note The callback must fail and return a negative error code if + * it can not parse or does not support the extension. + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, + mbedtls_x509_buf const *oid, + int critical, + unsigned char **p, + const unsigned char *end ); + +/** + * \brief Parse a single DER formatted certificate and add it + * to the end of the provided chained list. + * + * \param chain The pointer to the start of the CRT chain to attach to. + * When parsing the first CRT in a chain, this should point + * to an instance of ::mbedtls_x509_crt initialized through + * mbedtls_x509_crt_init(). + * \param buf The buffer holding the DER encoded certificate. + * \param buflen The size in Bytes of \p buf. + * \param cb A callback invoked for every unsupported certificate + * extension. + * + * \note This call is functionally equivalent to + * mbedtls_x509_crt_parse_der(), but it calls the callback + * with every unsupported certificate extension. + * The callback must return a negative error code if it + * does not know how to handle such an extension. + * + * \return \c 0 if successful. + * \return A negative error code on failure. + */ +int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb + ); + /** * \brief Parse a single DER formatted certificate and add it * to the end of the provided chained list. This is a diff --git a/library/x509_crt.c b/library/x509_crt.c index 1e62ed5b0..9076b321b 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -892,7 +892,8 @@ static int x509_get_certificate_policies( unsigned char **p, */ static int x509_get_crt_ext( unsigned char **p, const unsigned char *end, - mbedtls_x509_crt *crt ) + mbedtls_x509_crt *crt, + mbedtls_x509_crt_ext_cb_t cb ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -955,6 +956,10 @@ static int x509_get_crt_ext( unsigned char **p, if( ret != 0 ) { + /* Give the callback (if any) a chance to handle the extension */ + if (cb && cb(crt, &extn_oid, is_critical, p, end_ext_octet) == 0) + continue; + /* No parser found, skip extension */ *p = end_ext_octet; @@ -1061,7 +1066,8 @@ static int x509_get_crt_ext( unsigned char **p, static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf, size_t buflen, - int make_copy ) + int make_copy, + mbedtls_x509_crt_ext_cb_t cb ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -1260,7 +1266,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, if( crt->version == 3 ) #endif { - ret = x509_get_crt_ext( &p, end, crt ); + ret = x509_get_crt_ext( &p, end, crt, cb ); if( ret != 0 ) { mbedtls_x509_crt_free( crt ); @@ -1323,7 +1329,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, - int make_copy ) + int make_copy, + mbedtls_x509_crt_ext_cb_t cb ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *crt = chain, *prev = NULL; @@ -1355,7 +1362,8 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, crt = crt->next; } - if( ( ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy ) ) != 0 ) + ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb ); + if( ret != 0 ) { if( prev ) prev->next = NULL; @@ -1373,14 +1381,22 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0 ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL ) ); +} + +int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb ) +{ + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, cb ) ); } int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1 ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL ) ); } /* From b2fff6d7ed40d040e867b27167543f0d925060f0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 May 2017 11:06:19 +0100 Subject: [PATCH 009/247] Shorten lines in library/ssl_cli.c to at most 80 characters Signed-off-by: Ronald Cron --- library/ssl_cli.c | 525 +++++++++++++++++++++++++++++----------------- 1 file changed, 335 insertions(+), 190 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 553e2b6a3..80c8ee8e3 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -108,8 +108,9 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, if( ssl->hostname == NULL ) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s", - ssl->hostname ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding server name extension: %s", + ssl->hostname ) ); hostname_len = strlen( ssl->hostname ); @@ -180,7 +181,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding renegotiation extension" ) ); if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len ) { @@ -191,8 +193,10 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, /* * Secure renegotiation */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) + & 0xFF ); *p++ = 0x00; *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; @@ -226,7 +230,8 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding signature_algorithms extension" ) ); for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) { @@ -311,12 +316,17 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding supported_elliptic_curves extension" ) ); #if defined(MBEDTLS_ECP_C) - for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) + for( grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++ ) #else - for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) + for( info = mbedtls_ecp_curve_list(); + info->grp_id != MBEDTLS_ECP_DP_NONE; + info++ ) #endif { #if defined(MBEDTLS_ECP_C) @@ -324,7 +334,8 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, #endif if( info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "invalid curve in ssl configuration" ) ); return; } @@ -340,9 +351,13 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, elliptic_curve_len = 0; #if defined(MBEDTLS_ECP_C) - for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) + for( grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++ ) #else - for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) + for( info = mbedtls_ecp_curve_list(); + info->grp_id != MBEDTLS_ECP_DP_NONE; + info++ ) #endif { #if defined(MBEDTLS_ECP_C) @@ -355,8 +370,10 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, if( elliptic_curve_len == 0 ) return; - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) + & 0xFF ); *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); @@ -376,7 +393,8 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding supported_point_formats extension" ) ); if( end < p || (size_t)( end - p ) < 6 ) { @@ -384,8 +402,10 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) + & 0xFF ); *p++ = 0x00; *p++ = 2; @@ -414,7 +434,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding ecjpake_kkpp extension" ) ); if( end - p < 4 ) { @@ -440,7 +461,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); + MBEDTLS_SSL_DEBUG_RET( 1 , + "mbedtls_ecjpake_write_round_one", ret ); return; } @@ -538,7 +560,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding max_fragment_length extension" ) ); if( end < p || (size_t)( end - p ) < 5 ) { @@ -546,8 +569,10 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) + & 0xFF ); *p++ = 0x00; *p++ = 1; @@ -572,7 +597,8 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding truncated_hmac extension" ) ); if( end < p || (size_t)( end - p ) < 4 ) { @@ -605,8 +631,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac " - "extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding encrypt_then_mac extension" ) ); if( end < p || (size_t)( end - p ) < 4 ) { @@ -639,8 +665,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret " - "extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding extended_master_secret extension" ) ); if( end < p || (size_t)( end - p ) < 4 ) { @@ -648,8 +674,10 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) + & 0xFF ); *p++ = 0x00; *p++ = 0x00; @@ -673,7 +701,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding session ticket extension" ) ); if( end < p || (size_t)( end - p ) < 4 + tlen ) { @@ -694,7 +723,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "sending session ticket of length %d", tlen ) ); memcpy( p, ssl->session_negotiate->ticket, tlen ); @@ -815,9 +845,10 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) * * \return 0 if valid, else 1 */ -static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info, - const mbedtls_ssl_context * ssl, - int min_minor_ver, int max_minor_ver ) +static int ssl_validate_ciphersuite( + const mbedtls_ssl_ciphersuite_t * suite_info, + const mbedtls_ssl_context * ssl, + int min_minor_ver, int max_minor_ver ) { (void) ssl; if( suite_info == NULL ) @@ -889,8 +920,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->max_major_ver == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, " - "consider using mbedtls_ssl_config_defaults()" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -904,8 +935,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) buf = ssl->out_msg; p = buf + 4; - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version( ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p ); p += 2; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]", @@ -956,7 +988,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->session_negotiate->ticket != NULL && ssl->session_negotiate->ticket_len != 0 ) { - ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 ); + ret = ssl->conf->f_rng( ssl->conf->p_rng, + ssl->session_negotiate->id, 32 ); if( ret != 0 ) return( ret ); @@ -1031,7 +1064,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( ciphersuites[i] ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -1081,7 +1115,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d", - MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) ); + MBEDTLS_SSL_COMPRESS_DEFLATE, + MBEDTLS_SSL_COMPRESS_NULL ) ); *p++ = 2; *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE; @@ -1229,8 +1264,10 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, ssl->peer_verify_data, ssl->verify_data_len ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } } @@ -1239,9 +1276,12 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, { if( len != 1 || buf[0] != 0x00 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( + 1, ( "non-zero length renegotiation info" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1264,9 +1304,12 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, len != 1 || buf[0] != ssl->conf->mfl_code ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching max fragment length extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching max fragment length extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1282,9 +1325,12 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching truncated HMAC extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching truncated HMAC extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1361,9 +1407,12 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching encrypt-then-MAC extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching encrypt-then-MAC extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1384,9 +1433,12 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching extended master secret extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching extended master secret extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1406,9 +1458,12 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching session ticket extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching session ticket extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1489,8 +1544,10 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, buf, len ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( ret ); } @@ -1509,8 +1566,10 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, if( ssl->conf->alpn_list == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1690,12 +1749,13 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->renego_max_records >= 0 && ssl->renego_records_seen > ssl->conf->renego_max_records ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " - "but not honored by server" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "renegotiation requested, but not honored by server" ) ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-handshake message during renegotiation" ) ); ssl->keep_current_message = 1; return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ); @@ -1703,8 +1763,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_RENEGOTIATION */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -1758,11 +1820,13 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->major_ver > ssl->conf->max_major_ver || ssl->minor_ver > ssl->conf->max_minor_ver ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - " - " min: [%d:%d], server: [%d:%d], max: [%d:%d]", - ssl->conf->min_major_ver, ssl->conf->min_minor_ver, - ssl->major_ver, ssl->minor_ver, - ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]", + ssl->conf->min_major_ver, + ssl->conf->min_minor_ver, + ssl->major_ver, ssl->minor_ver, + ssl->conf->max_major_ver, + ssl->conf->max_minor_ver ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); @@ -1799,8 +1863,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } } @@ -1839,9 +1905,12 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( comp != MBEDTLS_SSL_COMPRESS_NULL ) #endif/* MBEDTLS_ZLIB_SUPPORT */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server hello, bad compression: %d", comp ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } @@ -1851,7 +1920,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i ); if( ssl->handshake->ciphersuite_info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "ciphersuite info for %04x not found", i ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -1891,8 +1961,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( ret ); } } @@ -1901,7 +1973,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->handshake->resume ? "a" : "no" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", + buf[37 + n] ) ); /* * Perform cipher suite validation in same way as in ssl_write_client_hello. @@ -1912,8 +1985,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1924,16 +1999,21 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } } - suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); - if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 ) + suite_info = mbedtls_ssl_ciphersuite_from_id( + ssl->session_negotiate->ciphersuite ); + if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, + ssl->minor_ver ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && @@ -1950,15 +2030,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } ssl->session_negotiate->compression = comp; ext = buf + 40 + n; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, total extension length: %d", ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, + ( "server hello, total extension length: %d", ext_len ) ); while( ext_len ) { @@ -1970,8 +2053,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ext_size + 4 > ext_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1991,7 +2075,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found max_fragment_length extension" ) ); if( ( ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ) ) != 0 ) @@ -2044,7 +2129,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended_master_secret extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found extended_master_secret extension" ) ); if( ( ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ) ) != 0 ) @@ -2071,7 +2157,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found supported_point_formats extension" ) ); if( ( ret = ssl_parse_supported_point_formats_ext( ssl, ext + 4, ext_size ) ) != 0 ) @@ -2107,8 +2194,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", - ext_id ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown extension found: %d (ignoring)", ext_id ) ); } ext_len -= 4 + ext_size; @@ -2125,9 +2212,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) * Renegotiation security checks */ if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "legacy renegotiation, breaking off handshake" ) ); handshake_failure = 1; } #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -2135,12 +2224,14 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && renegotiation_info_seen == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "renegotiation_info extension missing (secure)" ) ); handshake_failure = 1; } else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); handshake_failure = 1; @@ -2149,15 +2240,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && renegotiation_info_seen == 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "renegotiation_info extension present (legacy)" ) ); handshake_failure = 1; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ if( handshake_failure == 1 ) { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -2168,7 +2262,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p, +static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, + unsigned char **p, unsigned char *end ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; @@ -2182,7 +2277,8 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char * * opaque dh_Ys<1..2^16-1>; * } ServerDHParams; */ - if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 ) + if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, + p, end ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret ); return( ret ); @@ -2340,7 +2436,8 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, if( ssl_check_server_ecdh_params( ssl ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message (ECDHE curve)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2366,8 +2463,8 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, */ if( end - (*p) < 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " - "(psk_identity_hint length)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message (psk_identity_hint length)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } len = (*p)[0] << 8 | (*p)[1]; @@ -2375,8 +2472,8 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, if( end - (*p) < len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " - "(psk_identity_hint length)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message (psk_identity_hint length)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2419,8 +2516,9 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, * opaque random[46]; * } PreMasterSecret; */ - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version( ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p ); if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) { @@ -2506,20 +2604,22 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, /* * Get hash algorithm */ - if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE ) + if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) + == MBEDTLS_MD_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported " - "HashAlgorithm %d", *(p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } /* * Get signature algorithm */ - if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE ) + if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) + == MBEDTLS_PK_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported " - "SignatureAlgorithm %d", (*p)[1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2528,13 +2628,15 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, */ if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered", - *(p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", + (*p)[1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", + (*p)[0] ) ); *p += 2; return( 0 ); @@ -2625,8 +2727,10 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( ret ); } @@ -2656,8 +2760,10 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -2676,10 +2782,12 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must " - "not be skipped" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server key exchange message must not be skipped" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -2703,8 +2811,10 @@ start_processing: if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } /* FALLTROUGH */ @@ -2726,8 +2836,10 @@ start_processing: if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2743,8 +2855,10 @@ start_processing: if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2762,8 +2876,10 @@ start_processing: if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2779,8 +2895,10 @@ start_processing: if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2813,17 +2931,24 @@ start_processing: if( ssl_parse_signature_algorithm( ssl, &p, end, &md_alg, &pk_alg ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - if( pk_alg != mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) + if( pk_alg != + mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2853,8 +2978,10 @@ start_processing: if( p > end - 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } sig_len = ( p[0] << 8 ) | p[1]; @@ -2863,8 +2990,10 @@ start_processing: if( p != end - sig_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2924,8 +3053,10 @@ start_processing: if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); } @@ -2940,8 +3071,10 @@ start_processing: #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) #endif - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) @@ -3013,8 +3146,10 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -3090,8 +3225,9 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + size_t sig_alg_len = + ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) + | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); #if defined(MBEDTLS_DEBUG_C) unsigned char* sig_alg; size_t i; @@ -3109,11 +3245,14 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * buf[...hdr_len + 3 + n + sig_alg_len], * which is one less than we need the buf to be. */ - if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len ) + if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + + 3 + n + sig_alg_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); } @@ -3121,8 +3260,9 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; for( i = 0; i < sig_alg_len; i += 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d" - ",%d", sig_alg[i], sig_alg[i + 1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "Supported Signature Algorithm found: %d,%d", + sig_alg[i], sig_alg[i + 1] ) ); } #endif @@ -3213,9 +3353,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) header_len = 6; ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng ); + (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + &ssl->out_msg[header_len], content_len, + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); @@ -3226,10 +3366,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + ssl->handshake->premaster, + MBEDTLS_PREMASTER_SIZE, + &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); @@ -3379,10 +3519,10 @@ ecdh_calc_secret: content_len = ssl->handshake->ecrs_n; #endif if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + &ssl->handshake->pmslen, + ssl->handshake->premaster, + MBEDTLS_MPI_MAX_SIZE, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) @@ -3419,8 +3559,8 @@ ecdh_calc_secret: if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " - "SSL buffer too short" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "psk identity too long or SSL buffer too short" ) ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } @@ -3471,8 +3611,8 @@ ecdh_calc_secret: if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" - " or SSL buffer too short" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "psk identity or DHM size too long or SSL buffer too short" ) ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } @@ -3530,7 +3670,8 @@ ecdh_calc_secret: ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) ); + MBEDTLS_SSL_DEBUG_MSG( + 1, ( "skip PMS generation for opaque PSK" ) ); } else #endif /* MBEDTLS_USE_PSA_CRYPTO && @@ -3538,7 +3679,8 @@ ecdh_calc_secret: if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, ciphersuite_info->key_exchange ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); + MBEDTLS_SSL_DEBUG_RET( + 1, "mbedtls_ssl_psk_derive_premaster", ret ); return( ret ); } } @@ -3736,8 +3878,9 @@ sign: * Until we encounter a server that does not, we will take this * shortcut. * - * Reason: Otherwise we should have running hashes for SHA512 and SHA224 - * in order to satisfy 'weird' needs from the server side. + * Reason: Otherwise we should have running hashes for SHA512 and + * SHA224 in order to satisfy 'weird' needs from the server + * side. */ if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) { @@ -3821,8 +3964,10 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } From 4c7bbe289a2ad70183158563ab56d416150c3449 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 7 May 2020 10:54:43 +0200 Subject: [PATCH 010/247] Remove unnecessary MBEDTLS_ECP_C preprocessor condition The ssl_cli.c:ssl_write_supported_elliptic_curves_ext() function is compiled only if MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C or MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED is defined which implies that MBEDTLS_ECP_C is defined. Thus remove the precompiler conditions on MBEDTLS_ECP_C in its code. Signed-off-by: Ronald Cron --- library/ssl_cli.c | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 80c8ee8e3..13acf5a8b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -308,30 +308,18 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const mbedtls_ecp_curve_info *info; -#if defined(MBEDTLS_ECP_C) const mbedtls_ecp_group_id *grp_id; -#else - ((void) ssl); -#endif *olen = 0; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); -#if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) -#else - for( info = mbedtls_ecp_curve_list(); - info->grp_id != MBEDTLS_ECP_DP_NONE; - info++ ) -#endif { -#if defined(MBEDTLS_ECP_C) info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); -#endif if( info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, @@ -350,19 +338,11 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, elliptic_curve_len = 0; -#if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) -#else - for( info = mbedtls_ecp_curve_list(); - info->grp_id != MBEDTLS_ECP_DP_NONE; - info++ ) -#endif { -#if defined(MBEDTLS_ECP_C) info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); -#endif elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } From 51018aab56d6878e65b141dbdfb87af887a20aa1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Apr 2017 14:54:42 +0100 Subject: [PATCH 011/247] Add macro for bounds checking This commit adds a macro for buffer bounds checks in the SSL module. It takes the buffer's current and end position as the first argument(s), followed by the needed space; if the available space is too small, it returns an SSL_BUFFER_TOO_SMALL error. Signed-off-by: Ronald Cron --- include/mbedtls/ssl_internal.h | 35 ++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index e92381c33..d655813ab 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -299,6 +299,41 @@ static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context * #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) +/** + * \brief This function checks if the remaining size in a buffer is + * greater or equal than a needed space. + * + * \param cur Pointer to the current position in the buffer. + * \param end Pointer to one past the end of the buffer. + * \param need Needed space in bytes. + * + * \return Non-zero if the needed space is available in the buffer, 0 + * otherwise. + */ +static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, + const uint8_t *end, size_t need ) +{ + return( cur <= end && need <= (size_t)( end - cur ) ); +} + +/** + * \brief This macro checks if the remaining size in a buffer is + * greater or equal than a needed space. If it is not the case, + * it returns an SSL_BUFFER_TOO_SMALL error. + * + * \param cur Pointer to the current position in the buffer. + * \param end Pointer to one past the end of the buffer. + * \param need Needed space in bytes. + * + */ +#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \ + do { \ + if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) == 0 ) \ + { \ + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \ + } \ + } while( 0 ) + #ifdef __cplusplus extern "C" { #endif From 6692a064e3204188f686f36b62c1889ff9d58e90 Mon Sep 17 00:00:00 2001 From: Jonas Date: Fri, 8 May 2020 16:57:18 +0900 Subject: [PATCH 012/247] Fix potential memory leak in EC multiplication Signed-off-by: Jonas --- library/ecp.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 104e1f122..3c4a91aab 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1544,7 +1544,10 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); if( count++ > 10 ) - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } } while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); @@ -2278,7 +2281,10 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); if( count++ > 10 ) - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } } while( mbedtls_mpi_cmp_int( &l, 1 ) <= 0 ); From d04b9ed7dd0b2290bcd0f91b459bfafd03098b80 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 May 2020 23:03:24 +0200 Subject: [PATCH 013/247] Spelling Signed-off-by: Gilles Peskine --- docs/architecture/testing/invasive-testing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 54d635b17..8ea21796e 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -274,7 +274,7 @@ Rationale: this cannot be tested by adding C code, because the danger is that th Goal: test the absence of memory leaks. -Solution ([instrumentation](#runtime-instrumentation)): run tests with Asan. (We also use Valgrind, but it's slower than Asan, so we favor Asan.) +Solution ([instrumentation](#runtime-instrumentation)): run tests with ASan. (We also use Valgrind, but it's slower than ASan, so we favor ASan.) Since we run many test jobs with a memory leak detector, each test function must clean up after itself. Use the cleanup code (after the `exit` label) to free any memory that the function may have allocated. From 21825857763263fd8ec1d2551fe4a5b1e39cf0ab Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 May 2020 23:03:33 +0200 Subject: [PATCH 014/247] Introduction: present the top-level sections Signed-off-by: Gilles Peskine --- docs/architecture/testing/invasive-testing.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 8ea21796e..6e8977199 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -8,6 +8,13 @@ The goal of this document is to identify areas where black-box testing is insuff This is a test strategy document, not a test plan. A description of exactly what is tested is out of scope. +This document is structured as follows: + +* [“Rules”](#rules) gives general rules and is written for brevity. +* [“Requirements”](#requirements) explores the reasons why invasive testing is needed and how it should be done. +* [“Possible approaches”](#possible-approaches) discusses some general methods for non-black-box testing. +* [“Solutions”](#solutions) explains how we currently solve, or intend to solve, specific problems. + ### TLS This document currently focuses on data structure manipulation and storage, which is what the crypto/keystore and X.509 parts of the library are about. More work is needed to fully take TLS into account. From 5925183b8a87298d5a7b21293cd7d852448450d5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 May 2020 23:05:01 +0200 Subject: [PATCH 015/247] Fix explanation of PSA_DONE Signed-off-by: Gilles Peskine --- docs/architecture/testing/invasive-testing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 6e8977199..a1488a31b 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -293,11 +293,11 @@ Solution: TODO. We don't test this at all at this point. Goal: test the absence of resource leaks in the PSA key store code, in particular that `psa_close_key` and `psa_destroy_key` work correctly. -Solution ([internal interface](#internal-interfaces)): in some tests, close keys explicitly call `PSA_DONE` instead of `mbedtls_psa_crypto_free`. `PSA_DONE` fails the test if the key store is not empty. +Solution ([internal interface](#internal-interfaces)): in most tests involving PSA functions, the cleanup code explicitly calls `PSA_DONE()` instead of `mbedtls_psa_crypto_free()`. `PSA_DONE` fails the test if the key store in memory is not empty. Note there must also be tests that call `mbedtls_psa_crypto_free` with keys still open, to verify that it does close all keys. -`PSA_DONE` is a macro defined in `psa_crypto_helpers.h` which uses `mbedtls_psa_get_stats()`. This feature is mostly but not exclusively useful for testing, and may be moved under `MBEDTLS_TEST_HOOKS`. +`PSA_DONE` is a macro defined in `psa_crypto_helpers.h` which uses `mbedtls_psa_get_stats()` to get information about the keystore content before calling `mbedtls_psa_crypto_free()`. This feature is mostly but not exclusively useful for testing, and may be moved under `MBEDTLS_TEST_HOOKS`. ### PSA storage From 688f6cc591f3fb4129a8d863c5b38a2d105d22aa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 May 2020 23:06:12 +0200 Subject: [PATCH 016/247] There are test programs, not just unit tests Signed-off-by: Gilles Peskine --- docs/architecture/testing/invasive-testing.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index a1488a31b..93e4e6e52 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -68,7 +68,7 @@ Sometimes the substitutable function is a `static inline` function that does not With `MBEDTLS_TEST_HOOKS` set, `mbedtls_foo` is a global variable of function pointer type. This global variable is initialized to the system function, or to a function that does nothing. The global variable is defined in a header in the `library` directory such as `psa_crypto_invasive.h`. -In test code that needs to modify the internal behavior: +In unit test code that needs to modify the internal behavior: * The test function (or the whole test file) must depend on `MBEDTLS_TEST_HOOKS`. * At the beginning of the function, set the global function pointers to the desired value. @@ -283,7 +283,7 @@ Goal: test the absence of memory leaks. Solution ([instrumentation](#runtime-instrumentation)): run tests with ASan. (We also use Valgrind, but it's slower than ASan, so we favor ASan.) -Since we run many test jobs with a memory leak detector, each test function must clean up after itself. Use the cleanup code (after the `exit` label) to free any memory that the function may have allocated. +Since we run many test jobs with a memory leak detector, each test function or test program must clean up after itself. Use the cleanup code (after the `exit` label in test functions) to free any memory that the function may have allocated. #### Robustness against memory allocation failure From 24ba42cef776324d82877e1fd1abec2c85153a26 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 May 2020 23:04:29 +0200 Subject: [PATCH 017/247] Fix explanation of rules for function substitution Signed-off-by: Gilles Peskine --- docs/architecture/testing/invasive-testing.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/architecture/testing/invasive-testing.md b/docs/architecture/testing/invasive-testing.md index 93e4e6e52..744f19401 100644 --- a/docs/architecture/testing/invasive-testing.md +++ b/docs/architecture/testing/invasive-testing.md @@ -62,17 +62,19 @@ If the most practical way to test something is to add code to the product that i #### Rules for function substitution -The code calls a function `mbedtls_foo()`. Usually this a macro defined to be a system function (like `mbedtls_calloc` or `mbedtls_fopen`), which we replace to mock or wrap it. This is useful to simulate I/O failure, for example. +This section explains how to replace a library function `mbedtls_foo()` by alternative code for test purposes. That is, library code calls `mbedtls_foo()`, and there is a mechanism to arrange for these calls to invoke different code. + +Often `mbedtls_foo` is a macro which is defined to be a system function (like `mbedtls_calloc` or `mbedtls_fopen`), which we replace to mock or wrap the system function. This is useful to simulate I/O failure, for example. Note that if the macro can be replaced at compile time to support alternative platforms, the test code should be compatible with this compile-time configuration so that it works on these alternative platforms as well. Sometimes the substitutable function is a `static inline` function that does nothing (not a macro, to avoid accidentally skipping side effects in its parameters), to provide a hook for test code; such functions should have a name that starts with the prefix `mbedtls_test_hook_`. In such cases, the function should generally not modify its parameters, so any pointer argument should be const. The function should return void. -With `MBEDTLS_TEST_HOOKS` set, `mbedtls_foo` is a global variable of function pointer type. This global variable is initialized to the system function, or to a function that does nothing. The global variable is defined in a header in the `library` directory such as `psa_crypto_invasive.h`. +With `MBEDTLS_TEST_HOOKS` set, `mbedtls_foo` is a global variable of function pointer type. This global variable is initialized to the system function, or to a function that does nothing. The global variable is defined in a header in the `library` directory such as `psa_crypto_invasive.h`. This is similar to the platform function configuration mechanism with `MBEDTLS_PLATFORM_xxx_ALT`. In unit test code that needs to modify the internal behavior: * The test function (or the whole test file) must depend on `MBEDTLS_TEST_HOOKS`. -* At the beginning of the function, set the global function pointers to the desired value. -* In the function's cleanup code, restore the global function pointers to their default value. +* At the beginning of the test function, set the global function pointers to the desired value. +* In the test function's cleanup code, restore the global function pointers to their default value. ## Requirements From 923d57936921721a4f9236a858784d36a021cd77 Mon Sep 17 00:00:00 2001 From: Jonas Date: Wed, 13 May 2020 14:22:45 +0900 Subject: [PATCH 018/247] Add test cases to check rng failure Signed-off-by: Jonas --- tests/suites/test_suite_ecp.data | 8 ++++++++ tests/suites/test_suite_ecp.function | 25 +++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data index 921917922..b84868c8d 100644 --- a/tests/suites/test_suite_ecp.data +++ b/tests/suites/test_suite_ecp.data @@ -446,6 +446,14 @@ ECP point multiplication Curve25519 (element of order 8) #5 depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_test_mul:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660":"B8495F16056286FDB1329CEB8D09DA6AC49FF1FAE35616AEB8413B7C7AEBE0":"00":"01":"00":"01":"00":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +ECP point multiplication rng fail secp256r1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_test_mul_rng:MBEDTLS_ECP_DP_SECP256R1:"814264145F2F56F2E96A8E337A1284993FAF432A5ABCE59E867B7291D507A3AF" + +ECP point multiplication rng fail Curve25519 +depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED +ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660" + ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate) depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE448:"eb7298a5c0d8c29a1dab27f1a6826300917389449741a974f5bac9d98dc298d46555bce8bae89eeed400584bb046cf75579f51d125498f98":"a01fc432e5807f17530d1288da125b0cd453d941726436c8bbd9c5222c3da7fa639ce03db8d23b274a0721a1aed5227de6e3b731ccf7089b":"ad997351b6106f36b0d1091b929c4c37213e0d2b97e85ebb20c127691d0dad8f1d8175b0723745e639a3cb7044290b99e0e2a0c27a6a301c":"0936f37bc6c1bd07ae3dec7ab5dc06a73ca13242fb343efc72b9d82730b445f3d4b0bd077162a46dcfec6f9b590bfcbcf520cdb029a8b73e":"9d874a5137509a449ad5853040241c5236395435c36424fd560b0cb62b281d285275a740ce32a22dd1740f4aa9161cec95ccc61a18f4ff07" diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 03c3e538b..6385e7767 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -724,6 +724,31 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void ecp_test_mul_rng( int id, data_t * d_hex) +{ + mbedtls_ecp_group grp; + mbedtls_mpi d; + mbedtls_ecp_point Q; + + mbedtls_ecp_group_init( &grp ); mbedtls_mpi_init( &d ); + mbedtls_ecp_point_init( &Q ); + + TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); + + TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &grp.G ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 ); + + TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &rnd_zero_rand, NULL ) + == MBEDTLS_ERR_ECP_RANDOM_FAILED ); + +exit: + mbedtls_ecp_group_free( &grp ); mbedtls_mpi_free( &d ); + mbedtls_ecp_point_free( &Q ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ecp_fast_mod( int id, char * N_str ) { From 4a67182962148e59f1bd26e9394901ade19ba71a Mon Sep 17 00:00:00 2001 From: Jonas Date: Wed, 13 May 2020 14:22:45 +0900 Subject: [PATCH 019/247] Add Changelog entry for #3318 Signed-off-by: Jonas --- ChangeLog.d/fix-ecp-mul-memory-leak.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/fix-ecp-mul-memory-leak.txt diff --git a/ChangeLog.d/fix-ecp-mul-memory-leak.txt b/ChangeLog.d/fix-ecp-mul-memory-leak.txt new file mode 100644 index 000000000..2ffd51caf --- /dev/null +++ b/ChangeLog.d/fix-ecp-mul-memory-leak.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() + when PRNG function fails. Contributed by Jonas Lejeune in #3317. From fcdea0ff69cab3fc1332ea0045f576f3f8d21cd6 Mon Sep 17 00:00:00 2001 From: irwir Date: Tue, 19 May 2020 19:48:27 +0300 Subject: [PATCH 020/247] Remove definitions and settings that are never used or duplicate MSVC defaults. Fixes #3297. Signed-off-by: irwir --- scripts/data_files/vs2010-app-template.vcxproj | 18 ++++-------------- .../data_files/vs2010-main-template.vcxproj | 14 +++----------- visualc/VS2010/aescrypt2.vcxproj | 18 ++++-------------- visualc/VS2010/benchmark.vcxproj | 18 ++++-------------- visualc/VS2010/cert_app.vcxproj | 18 ++++-------------- visualc/VS2010/cert_req.vcxproj | 18 ++++-------------- visualc/VS2010/cert_write.vcxproj | 18 ++++-------------- visualc/VS2010/crl_app.vcxproj | 18 ++++-------------- visualc/VS2010/crypt_and_hash.vcxproj | 18 ++++-------------- visualc/VS2010/crypto_examples.vcxproj | 18 ++++-------------- visualc/VS2010/dh_client.vcxproj | 18 ++++-------------- visualc/VS2010/dh_genprime.vcxproj | 18 ++++-------------- visualc/VS2010/dh_server.vcxproj | 18 ++++-------------- visualc/VS2010/dtls_client.vcxproj | 18 ++++-------------- visualc/VS2010/dtls_server.vcxproj | 18 ++++-------------- visualc/VS2010/ecdh_curve25519.vcxproj | 18 ++++-------------- visualc/VS2010/ecdsa.vcxproj | 18 ++++-------------- visualc/VS2010/gen_entropy.vcxproj | 18 ++++-------------- visualc/VS2010/gen_key.vcxproj | 18 ++++-------------- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 18 ++++-------------- visualc/VS2010/gen_random_havege.vcxproj | 18 ++++-------------- visualc/VS2010/generic_sum.vcxproj | 18 ++++-------------- visualc/VS2010/hello.vcxproj | 18 ++++-------------- visualc/VS2010/key_app.vcxproj | 18 ++++-------------- visualc/VS2010/key_app_writer.vcxproj | 18 ++++-------------- visualc/VS2010/key_ladder_demo.vcxproj | 18 ++++-------------- visualc/VS2010/mbedTLS.vcxproj | 14 +++----------- visualc/VS2010/mini_client.vcxproj | 18 ++++-------------- visualc/VS2010/mpi_demo.vcxproj | 18 ++++-------------- visualc/VS2010/pem2der.vcxproj | 18 ++++-------------- visualc/VS2010/pk_decrypt.vcxproj | 18 ++++-------------- visualc/VS2010/pk_encrypt.vcxproj | 18 ++++-------------- visualc/VS2010/pk_sign.vcxproj | 18 ++++-------------- visualc/VS2010/pk_verify.vcxproj | 18 ++++-------------- visualc/VS2010/psa_constant_names.vcxproj | 18 ++++-------------- .../VS2010/query_compile_time_config.vcxproj | 18 ++++-------------- visualc/VS2010/req_app.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_decrypt.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_encrypt.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_genkey.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_sign.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_sign_pss.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_verify.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_verify_pss.vcxproj | 18 ++++-------------- visualc/VS2010/selftest.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_client1.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_client2.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_context_info.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_fork_server.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_mail_client.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_server.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_server2.vcxproj | 18 ++++-------------- visualc/VS2010/strerror.vcxproj | 18 ++++-------------- visualc/VS2010/udp_proxy.vcxproj | 18 ++++-------------- visualc/VS2010/zeroize.vcxproj | 18 ++++-------------- 55 files changed, 218 insertions(+), 764 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index aae07b54e..039fd09a2 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -89,11 +89,9 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -101,7 +99,6 @@ INCLUDE_DIRECTORIES Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -111,11 +108,9 @@ INCLUDE_DIRECTORIES - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -123,7 +118,6 @@ INCLUDE_DIRECTORIES Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -134,12 +128,10 @@ INCLUDE_DIRECTORIES Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -156,12 +148,10 @@ INCLUDE_DIRECTORIES Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index c8f13c3cf..c0f3a3c1f 100644 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -80,11 +80,9 @@ - - Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -97,11 +95,9 @@ INCLUDE_DIRECTORIES - - Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -115,12 +111,10 @@ INCLUDE_DIRECTORIES Level3 - - MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -135,8 +129,6 @@ INCLUDE_DIRECTORIES Level3 - - MaxSpeed true true diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index 0fdd2997d..3ae59dcc3 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index 4bf7f6f54..2836f1477 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index 223353f74..84ec4b7a8 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index 396b6467b..c45125cb6 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index f5d171c1b..982e4121b 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index 082c1f13a..5a7c854dc 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index bec06ad14..0c955873f 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/crypto_examples.vcxproj b/visualc/VS2010/crypto_examples.vcxproj index 0581d02d9..65826bd29 100644 --- a/visualc/VS2010/crypto_examples.vcxproj +++ b/visualc/VS2010/crypto_examples.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index 14186b298..c778e8ada 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index ff1e85c2f..3b4fead52 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index bc256c1d4..bf930def6 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj index 05c967089..5bd7a8a94 100644 --- a/visualc/VS2010/dtls_client.vcxproj +++ b/visualc/VS2010/dtls_client.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj index 9f17eedd5..ce0c6da18 100644 --- a/visualc/VS2010/dtls_server.vcxproj +++ b/visualc/VS2010/dtls_server.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj index 7a1e86245..32eda340e 100644 --- a/visualc/VS2010/ecdh_curve25519.vcxproj +++ b/visualc/VS2010/ecdh_curve25519.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 84dc88386..49d54c6d8 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index 6b85f62ec..61942c995 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index e7b586a24..e6ce33ee8 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index 2cfdfaaf5..b7a7823db 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 48519d6f3..3c5eb67b5 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index 861486592..b04991643 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index 88112f519..ecdabf1e9 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index e90d9da01..aca1a0307 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index 002f9e87b..64f2e27a0 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/key_ladder_demo.vcxproj b/visualc/VS2010/key_ladder_demo.vcxproj index f157da7f4..a3b6b4a7a 100644 --- a/visualc/VS2010/key_ladder_demo.vcxproj +++ b/visualc/VS2010/key_ladder_demo.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 07e046a52..d14ef76d5 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -80,11 +80,9 @@ - - Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -96,11 +94,9 @@ - - Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -113,12 +109,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -132,8 +126,6 @@ Level3 - - MaxSpeed true true diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index 9f1751986..50f4b22b4 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index 42d526287..2fe56c5f1 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index e56adff45..4c854a655 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 17cce620f..360f2c361 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index 7c215b236..20d663a53 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index ca1b1c4ee..ad33afa1e 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index b32782a84..8856dc210 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/psa_constant_names.vcxproj b/visualc/VS2010/psa_constant_names.vcxproj index 4f484d8b5..418c8fb33 100644 --- a/visualc/VS2010/psa_constant_names.vcxproj +++ b/visualc/VS2010/psa_constant_names.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj index 0cc8a2820..de793db2c 100644 --- a/visualc/VS2010/query_compile_time_config.vcxproj +++ b/visualc/VS2010/query_compile_time_config.vcxproj @@ -90,18 +90,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -111,18 +108,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -133,12 +127,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -154,12 +146,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 99e98017c..925987195 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index 137d2bc2b..e7fe01b0f 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 1081579eb..6e1b96b10 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index d460a7fd1..1038db5da 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index 356df9fa5..b1bd170ac 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index b8a09eebc..500788199 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index 5ce841057..34097535c 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index 2cc576b88..47699586f 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 42fb32abd..3dcc8c812 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index f0d6af7f4..cdf9ec86b 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index 7db1a52ac..e9505509a 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -90,18 +90,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -111,18 +108,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -133,12 +127,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -154,12 +146,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_context_info.vcxproj b/visualc/VS2010/ssl_context_info.vcxproj index 1ab9e862c..ff1ba985e 100644 --- a/visualc/VS2010/ssl_context_info.vcxproj +++ b/visualc/VS2010/ssl_context_info.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index f67b1bef2..7a18c9903 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index 64629c6af..37dad2197 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index 9c6e2f561..f0038d7c1 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index 94ba22e18..b8788ef01 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -90,18 +90,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -111,18 +108,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -133,12 +127,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -154,12 +146,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index 497a4e25a..31e19bb9b 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj index 49f92403a..6b2ed3677 100644 --- a/visualc/VS2010/udp_proxy.vcxproj +++ b/visualc/VS2010/udp_proxy.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj index 932c802ba..4fa6bacc0 100644 --- a/visualc/VS2010/zeroize.vcxproj +++ b/visualc/VS2010/zeroize.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib From 05a51a8a7225a2e991206bebb6473f8ea6090cbb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 16:52:44 +0200 Subject: [PATCH 021/247] More accurate variable name Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index e8abd751e..594e0225e 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -23,13 +23,13 @@ class FileIssueTracker: To implement a checker that processes a file as a whole, inherit from this class and implement `check_file_for_issue` and define ``heading``. - ``files_exemptions``: files whose name ends with a string in this set + ``suffix_exemptions``: files whose name ends with a string in this set will not be checked. ``heading``: human-readable description of the issue """ - files_exemptions = frozenset() + suffix_exemptions = frozenset() # heading must be defined in derived classes. # pylint: disable=no-member @@ -39,10 +39,10 @@ class FileIssueTracker: def should_check_file(self, filepath): """Whether the given file name should be checked. - Files whose name ends with a string listed in ``self.files_exemptions`` - will not be checked. + Files whose name ends with a string listed in ``self.suffix_exemptions`` + or whose path matches ``self.path_exemptions`` will not be checked. """ - for files_exemption in self.files_exemptions: + for files_exemption in self.suffix_exemptions: if filepath.endswith(files_exemption): return False return True @@ -138,7 +138,7 @@ class Utf8BomIssueTracker(FileIssueTracker): heading = "UTF-8 BOM present:" - files_exemptions = frozenset([".vcxproj", ".sln"]) + suffix_exemptions = frozenset([".vcxproj", ".sln"]) def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: @@ -174,7 +174,7 @@ class TrailingWhitespaceIssueTracker(LineIssueTracker): """Track lines with trailing whitespace.""" heading = "Trailing whitespace:" - files_exemptions = frozenset([".dsp", ".md"]) + suffix_exemptions = frozenset([".dsp", ".md"]) def issue_with_line(self, line, _filepath): return line.rstrip(b"\r\n") != line.rstrip() @@ -184,7 +184,7 @@ class TabIssueTracker(LineIssueTracker): """Track lines with tabs.""" heading = "Tabs present:" - files_exemptions = frozenset([ + suffix_exemptions = frozenset([ ".sln", "/Makefile", "/Makefile.inc", From c1d1b669dbf09cdfb33121a4f86de486a2423f14 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 16:54:10 +0200 Subject: [PATCH 022/247] Check all files by default Have an explicit list of exemptions for specific checks rather than whitelisting files to check. Some checks, such as permissions, should apply to all files. Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 594e0225e..6bb61e6cd 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -223,24 +223,6 @@ class IntegrityChecker: self.check_repo_path() self.logger = None self.setup_logger(log_file) - self.extensions_to_check = ( - ".bat", - ".c", - ".data", - ".dsp", - ".function", - ".h", - ".md", - ".pl", - ".py", - ".sh", - ".sln", - ".vcxproj", - "/CMakeLists.txt", - "/ChangeLog", - "/Makefile", - "/Makefile.inc", - ) self.excluded_directories = [ '.git', 'mbed-os', @@ -287,8 +269,6 @@ class IntegrityChecker: dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d)) for filename in sorted(files): filepath = os.path.join(root, filename) - if not filepath.endswith(self.extensions_to_check): - continue for issue_to_check in self.issues_to_check: if issue_to_check.should_check_file(filepath): issue_to_check.check_file_for_issue(filepath) From 0598db84c319002fb8d49ae587e41292ab35d9de Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 16:57:16 +0200 Subject: [PATCH 023/247] Regex mechanism for check-specific exemptions Suffixes are convenient but not always sufficient. Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 6bb61e6cd..4438cf18d 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -14,6 +14,7 @@ import os import argparse import logging import codecs +import re import sys @@ -26,16 +27,31 @@ class FileIssueTracker: ``suffix_exemptions``: files whose name ends with a string in this set will not be checked. + ``path_exemptions``: files whose path (relative to the root of the source + tree) matches this regular expression will not be checked. This can be + ``None`` to match no path. Paths are normalized and converted to ``/`` + separators before matching. + ``heading``: human-readable description of the issue """ suffix_exemptions = frozenset() + path_exemptions = None # heading must be defined in derived classes. # pylint: disable=no-member def __init__(self): self.files_with_issues = {} + @staticmethod + def normalize_path(filepath): + """Normalize ``filepath`` """ + filepath = os.path.normpath(filepath) + seps = os.path.sep + if os.path.altsep is not None: + seps += os.path.altsep + return '/'.join(filepath.split(seps)) + def should_check_file(self, filepath): """Whether the given file name should be checked. @@ -45,6 +61,9 @@ class FileIssueTracker: for files_exemption in self.suffix_exemptions: if filepath.endswith(files_exemption): return False + if self.path_exemptions and \ + re.match(self.path_exemptions, self.normalize_path(filepath)): + return False return True def check_file_for_issue(self, filepath): @@ -152,6 +171,8 @@ class UnixLineEndingIssueTracker(LineIssueTracker): heading = "Non-Unix line endings:" def should_check_file(self, filepath): + if not super().should_check_file(filepath): + return False return not is_windows_file(filepath) def issue_with_line(self, line, _filepath): @@ -164,6 +185,8 @@ class WindowsLineEndingIssueTracker(LineIssueTracker): heading = "Non-Windows line endings:" def should_check_file(self, filepath): + if not super().should_check_file(filepath): + return False return is_windows_file(filepath) def issue_with_line(self, line, _filepath): From d4a853dbd7ccbf10646519c9aabf62a2ea9d06c4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 16:57:59 +0200 Subject: [PATCH 024/247] Exclude binary files from text checks Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 4438cf18d..797670592 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -92,6 +92,17 @@ class FileIssueTracker: logger.info(filename) logger.info("") +BINARY_FILE_PATH_RE_LIST = [ + r'docs/.*\.pdf\Z', + r'programs/fuzz/corpuses/[^.]+\Z', + r'tests/data_files/[^.]+\Z', + r'tests/data_files/.*\.(crt|csr|db|der|key|pubkey)\Z', + r'tests/data_files/.*\.req\.[^/]+\Z', + r'tests/data_files/.*malformed[^/]+\Z', + r'tests/data_files/format_pkcs12\.fmt\Z', +] +BINARY_FILE_PATH_RE = re.compile('|'.join(BINARY_FILE_PATH_RE_LIST)) + class LineIssueTracker(FileIssueTracker): """Base class for line-by-line issue tracking. @@ -99,6 +110,9 @@ class LineIssueTracker(FileIssueTracker): this class and implement `line_with_issue`. """ + # Exclude binary files. + path_exemptions = BINARY_FILE_PATH_RE + def issue_with_line(self, line, filepath): """Check the specified line for the issue that this class is for. @@ -145,6 +159,8 @@ class EndOfFileNewlineIssueTracker(FileIssueTracker): heading = "Missing newline at end of file:" + path_exemptions = BINARY_FILE_PATH_RE + def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: if not f.read().endswith(b"\n"): @@ -158,6 +174,7 @@ class Utf8BomIssueTracker(FileIssueTracker): heading = "UTF-8 BOM present:" suffix_exemptions = frozenset([".vcxproj", ".sln"]) + path_exemptions = BINARY_FILE_PATH_RE def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: From 3e2ee3cedc559031a227e5c12375e5a20cf5c96d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 17:18:06 +0200 Subject: [PATCH 025/247] Check only files checked into Git We're only interested in files that are committed and pushed to be included in Mbed TLS, not in any other files that may be lying around. So ask git for the list of file names. This script is primarily intended to run on the CI, and there it runs on a fresh Git checkout plus potentially some other checkouts or leftovers from a previous part of the CI job. It should also run reasonably well on developer machines, where there may be various additional files. In both cases, git is available. Ad hoc directory exclusions are no longer needed. Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 36 +++++++++++++++--------------------- 1 file changed, 15 insertions(+), 21 deletions(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 797670592..751b32bdd 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -15,6 +15,7 @@ import argparse import logging import codecs import re +import subprocess import sys @@ -263,14 +264,6 @@ class IntegrityChecker: self.check_repo_path() self.logger = None self.setup_logger(log_file) - self.excluded_directories = [ - '.git', - 'mbed-os', - ] - self.excluded_paths = list(map(os.path.normpath, [ - 'cov-int', - 'examples', - ])) self.issues_to_check = [ PermissionIssueTracker(), EndOfFileNewlineIssueTracker(), @@ -297,21 +290,22 @@ class IntegrityChecker: console = logging.StreamHandler() self.logger.addHandler(console) - def prune_branch(self, root, d): - if d in self.excluded_directories: - return True - if os.path.normpath(os.path.join(root, d)) in self.excluded_paths: - return True - return False + @staticmethod + def collect_files(): + bytes_output = subprocess.check_output(['git', 'ls-files', '-z']) + bytes_filepaths = bytes_output.split(b'\0')[:-1] + ascii_filepaths = map(lambda fp: fp.decode('ascii'), bytes_filepaths) + # Prepend './' to files in the top-level directory so that + # something like `'/Makefile' in fp` matches in the top-level + # directory as well as in subdirectories. + return [fp if os.path.dirname(fp) else os.path.join(os.curdir, fp) + for fp in ascii_filepaths] def check_files(self): - for root, dirs, files in os.walk("."): - dirs[:] = sorted(d for d in dirs if not self.prune_branch(root, d)) - for filename in sorted(files): - filepath = os.path.join(root, filename) - for issue_to_check in self.issues_to_check: - if issue_to_check.should_check_file(filepath): - issue_to_check.check_file_for_issue(filepath) + for issue_to_check in self.issues_to_check: + for filepath in self.collect_files(): + if issue_to_check.should_check_file(filepath): + issue_to_check.check_file_for_issue(filepath) def output_issues(self): integrity_return_code = 0 From ee40e76943fea073ced094d12fd1b246bacea338 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 17:25:39 +0200 Subject: [PATCH 026/247] Normalize line endings Convert all text files to Unix line endings unless they're Windows stuff. Make sure that all text files have a trailing newline. Remove whitespace at the end of lines. Signed-off-by: Gilles Peskine --- ChangeLog.d/bugfix.txt | 2 +- ChangeLog.d/bugfix_PR2855.txt | 2 +- ...fix-null-ptr-deref-in-mbedtls_ssl_free.txt | 2 +- ...n-ascii-string-in-mbedtls_x509_dn_gets.txt | 2 +- programs/pkey/rsa_priv.txt | 16 +-- programs/pkey/rsa_pub.txt | 4 +- tests/data_files/base64/cli_ciphersuite.txt | 2 +- tests/data_files/base64/cli_def.txt | 2 +- tests/data_files/base64/cli_min_cfg.txt | 2 +- tests/data_files/base64/cli_no_keep_cert.txt | 2 +- tests/data_files/base64/cli_no_mfl.txt | 2 +- tests/data_files/base64/cli_no_packing.txt | 2 +- tests/data_files/base64/mfl_1024.txt | 2 +- tests/data_files/base64/mtu_10000.txt | 2 +- tests/data_files/base64/srv_ciphersuite.txt | 2 +- tests/data_files/base64/srv_min_cfg.txt | 2 +- tests/data_files/base64/srv_no_alpn.txt | 2 +- tests/data_files/base64/srv_no_mfl.txt | 2 +- tests/data_files/base64/v2.19.1.txt | 4 +- tests/data_files/bitstring-in-dn.pem | 102 +++++++++--------- tests/data_files/test-ca.server1.opensslconf | 2 +- 21 files changed, 80 insertions(+), 80 deletions(-) diff --git a/ChangeLog.d/bugfix.txt b/ChangeLog.d/bugfix.txt index 499fd40f2..922bd318b 100644 --- a/ChangeLog.d/bugfix.txt +++ b/ChangeLog.d/bugfix.txt @@ -1,4 +1,4 @@ Bugfix * Fix the Visual Studio Release x64 build configuration for mbedtls itself. Completes a previous fix in Mbed TLS 2.19 that only fixed the build for - the example programs. Reported in #1430 and fix contributed by irwir. \ No newline at end of file + the example programs. Reported in #1430 and fix contributed by irwir. diff --git a/ChangeLog.d/bugfix_PR2855.txt b/ChangeLog.d/bugfix_PR2855.txt index a09732181..6e29710ec 100644 --- a/ChangeLog.d/bugfix_PR2855.txt +++ b/ChangeLog.d/bugfix_PR2855.txt @@ -1,2 +1,2 @@ Bugfix - * Remove dead code in X.509 certificate parsing. Contributed by irwir in #2855. \ No newline at end of file + * Remove dead code in X.509 certificate parsing. Contributed by irwir in #2855. diff --git a/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt b/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt index 9554aa03c..e631f4d02 100644 --- a/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt +++ b/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt @@ -1,3 +1,3 @@ Bugfix * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a - NULL pointer argument. Contributed by Sander Visser in #3312. \ No newline at end of file + NULL pointer argument. Contributed by Sander Visser in #3312. diff --git a/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt b/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt index 320b0b844..6be1e5b54 100644 --- a/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt +++ b/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt @@ -1,3 +1,3 @@ Changes - * Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?". + * Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?". Contributed by Koh M. Nakagawa in #3326. diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt index 22c37fe61..254fcf852 100644 --- a/programs/pkey/rsa_priv.txt +++ b/programs/pkey/rsa_priv.txt @@ -1,8 +1,8 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 -D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401 -P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1 -Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261 -DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1 -DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081 -QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1 +N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 +E = 010001 +D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401 +P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1 +Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261 +DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1 +DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081 +QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1 diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt index 2c6d313af..1e7ae0c9c 100644 --- a/programs/pkey/rsa_pub.txt +++ b/programs/pkey/rsa_pub.txt @@ -1,2 +1,2 @@ -N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 -E = 010001 +N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211 +E = 010001 diff --git a/tests/data_files/base64/cli_ciphersuite.txt b/tests/data_files/base64/cli_ciphersuite.txt index 432978d19..bf3647085 100644 --- a/tests/data_files/base64/cli_ciphersuite.txt +++ b/tests/data_files/base64/cli_ciphersuite.txt @@ -1,2 +1,2 @@ // TLS-RSA-WITH-AES-256-CCM-8 -AhUAAH8AAA4AAAQ8AAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQBiQTa148x1XQyGt9vU2JxAHIZ9HxLR87PewpTaslP0qJ4FK6cibG/U4ACVriGQMpNkJo6xRRn5dGyKE5L5iqcLQZ4zwcJT50NYlVQqzlXPArOaAzjVAX4k+TwL/VmNepmn3wvregAADeiGsvvbaAw2P9fhCgwX6Bm0YNzkWQsNwWENa6GoZLzvMM51G44611fFnKoAAFRgAAAAF6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== \ No newline at end of file +AhUAAH8AAA4AAAQ8AAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJQBiQTa148x1XQyGt9vU2JxAHIZ9HxLR87PewpTaslP0qJ4FK6cibG/U4ACVriGQMpNkJo6xRRn5dGyKE5L5iqcLQZ4zwcJT50NYlVQqzlXPArOaAzjVAX4k+TwL/VmNepmn3wvregAADeiGsvvbaAw2P9fhCgwX6Bm0YNzkWQsNwWENa6GoZLzvMM51G44611fFnKoAAFRgAAAAF6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== diff --git a/tests/data_files/base64/cli_def.txt b/tests/data_files/base64/cli_def.txt index ee47905f1..793da2b5b 100644 --- a/tests/data_files/base64/cli_def.txt +++ b/tests/data_files/base64/cli_def.txt @@ -1,2 +1,2 @@ // Client context with default MbedTLS configuration -AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== \ No newline at end of file +AhUAAH8AAA4AAAQ8AAAAAF6HQx3MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACG2QbHbUj8eGpdx5KVIebiwk0jvRj9/3m6BOSzpA7qBXeEunhqr3D11NE7ciGjeHMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJTfQC2Ek91INP5ihHNzImPOAHJCk+YTO/pQuEnNWwXbdmKAi+IRp671iAwtpkjSxCBXVzKX925F1A66caCOQptlw+9zFukDQgblM2JyAJLG0j6B4RtBTDWJ8ZTMUPHUoLJoEpm8APZgRi//DMRyCKP9pbBLGlDzgUvl0w11LzBAlJHkWau5NoqQBlG7w4HFrKweovskAAFRgAAAAF6HQx248L77RH0Z973tSYNQ8zBsz861CZG5/T09TJz3XodDHe/iJ+cgXb5An3zTdnTBtw3EWAb68T+gCE33GN8AAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== diff --git a/tests/data_files/base64/cli_min_cfg.txt b/tests/data_files/base64/cli_min_cfg.txt index 8c1ef88d8..152b47410 100644 --- a/tests/data_files/base64/cli_min_cfg.txt +++ b/tests/data_files/base64/cli_min_cfg.txt @@ -1,2 +1,2 @@ // Minimal configuration -AhUAAAMAAAAAAAOeAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLdei2ZSQwLppTqzs7kieOYQR6DjJItmQ0N/RS3+zTr9wF6LZlL6SQpLewmyja7jXyOWuUqJ6zJQ5b7FfA4PxthlAAABAAAAAAACAAA= \ No newline at end of file +AhUAAAMAAAAAAAOeAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLdei2ZSQwLppTqzs7kieOYQR6DjJItmQ0N/RS3+zTr9wF6LZlL6SQpLewmyja7jXyOWuUqJ6zJQ5b7FfA4PxthlAAABAAAAAAACAAA= diff --git a/tests/data_files/base64/cli_no_keep_cert.txt b/tests/data_files/base64/cli_no_keep_cert.txt index 5272a7cca..76d0c3c3d 100644 --- a/tests/data_files/base64/cli_no_keep_cert.txt +++ b/tests/data_files/base64/cli_no_keep_cert.txt @@ -1,2 +1,2 @@ // Without MBEDTLS_SSL_KEEP_PEER_CERTIFICATE -AhUAAAMAAAAAAACCAAAAAF6MKhTMqAAgSKCqXrcrmjqOBpxsGO3itQB09YgsSJwXmZB12QlB+wwhiof0mzAN0hupkLxu4Yyc9SgyFoEDPKJk8TiRo8bO2rkEfPItB5lUFkJwzdeuGVMAAAAABiCAy8MWqlj4vnIv0mswJvB35hyCOYWZ+fcZ6t5LzZgXPl6MKhRs69b+psiGUAo8OK3fU4HKOHNdi36tk22+ScctXowqFEyvzGcvbtI0VfWLKlOlDv+SwC08ZdCNa+RBZ/AAAAEAAAAAAAIAAA== \ No newline at end of file +AhUAAAMAAAAAAACCAAAAAF6MKhTMqAAgSKCqXrcrmjqOBpxsGO3itQB09YgsSJwXmZB12QlB+wwhiof0mzAN0hupkLxu4Yyc9SgyFoEDPKJk8TiRo8bO2rkEfPItB5lUFkJwzdeuGVMAAAAABiCAy8MWqlj4vnIv0mswJvB35hyCOYWZ+fcZ6t5LzZgXPl6MKhRs69b+psiGUAo8OK3fU4HKOHNdi36tk22+ScctXowqFEyvzGcvbtI0VfWLKlOlDv+SwC08ZdCNa+RBZ/AAAAEAAAAAAAIAAA== diff --git a/tests/data_files/base64/cli_no_mfl.txt b/tests/data_files/base64/cli_no_mfl.txt index 5c1dfd9ff..0d06891c0 100644 --- a/tests/data_files/base64/cli_no_mfl.txt +++ b/tests/data_files/base64/cli_no_mfl.txt @@ -1,2 +1,2 @@ // Without MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -AhUAAHcAAA4AAAQ6AAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJMiPbE45oAjg9Rx0iVnQDg2AHHKrrmSMTfVijgZbdL/ZFWYvFMioa7uqW0NmA0bSTxcsieRarndOq5fIdEIzmAgGkdaxJaGNDT105gwwIzUnLRapgP6H6IImSMFPXVp3Zks0zFfrq7aQnQMgc8o5kPqWq1/eYfdq8lysTO8Rgliv96lA/pe1SQmPL1mdChAwCa/4XEAAVGAAABeiwyzXGz4yPwEgvq/TWq0dZXvD6mzEbAty1oZJIvRpl6LDLOyQ94MIvSKw7OH4mg+DNL+ZW0xzQbKQalloUG6AAAAAAAAAAAAAAABAAAAAAAAAAMAAAEAAAAAAAIAAAA= \ No newline at end of file +AhUAAHcAAA4AAAQ6AAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJMiPbE45oAjg9Rx0iVnQDg2AHHKrrmSMTfVijgZbdL/ZFWYvFMioa7uqW0NmA0bSTxcsieRarndOq5fIdEIzmAgGkdaxJaGNDT105gwwIzUnLRapgP6H6IImSMFPXVp3Zks0zFfrq7aQnQMgc8o5kPqWq1/eYfdq8lysTO8Rgliv96lA/pe1SQmPL1mdChAwCa/4XEAAVGAAABeiwyzXGz4yPwEgvq/TWq0dZXvD6mzEbAty1oZJIvRpl6LDLOyQ94MIvSKw7OH4mg+DNL+ZW0xzQbKQalloUG6AAAAAAAAAAAAAAABAAAAAAAAAAMAAAEAAAAAAAIAAAA= diff --git a/tests/data_files/base64/cli_no_packing.txt b/tests/data_files/base64/cli_no_packing.txt index 068276b47..112b1b6e2 100644 --- a/tests/data_files/base64/cli_no_packing.txt +++ b/tests/data_files/base64/cli_no_packing.txt @@ -1,2 +1,2 @@ // Without DTLS packing -AhUAAH8AAA4AAAQ8AAAAAF6LCM/MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfl0tXNmshIQEqiEflQGnVUKkIFl1on/Mu0pjWes3XwQgdwmy9xMzpVyYU5gBOsOEAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRTvlE7NmNNLDESUBoGC+K2AHIKA+/lhdRVF4YcMvvqCBYFB5tj0oyCikftfjNbvjl9YPGqcRXk664YieWv/pz8U1FOENipbjXF9lFhgedG2Xanh/2FwHX5txYiHIJxJeLEKCXp5Sjt9XBvQsrryxLyX9l+zkLKm7bCAcrfk4h/YoqxecAI63isG9vnrS7o07iD/3mOAAFRgAAAAF6LCM+1uRpyaoyfzuNGBJK9DgBWIWtrPpu7KM8qsC/FXosIz/YIPhveZ8Z4IR0g/McAMQwzQoK5tScSE0DD3BwAAAAAAAAAAAAAAAEAAAAAAAAAAwEAAQAAAAAAAgAAAA== \ No newline at end of file +AhUAAH8AAA4AAAQ8AAAAAF6LCM/MqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfl0tXNmshIQEqiEflQGnVUKkIFl1on/Mu0pjWes3XwQgdwmy9xMzpVyYU5gBOsOEAAAAAAAM7MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAC465FJhPqel7zJngHIHJrqj/wVAxGAFOTF396XKATGAp+HRCqJ81Ry60CNK1jDzk8dv6M6UHoS7RIFiM/9rXQCbJfiPD5xMTejZp5n5UYHAmxsxDaazfA5FuBhkfokKK6jD4Eq91C94xGKb6X4/VkaPF7cqoBBw/bHxawXc0UEPjqayiBpCYU/rJoVZgLqFVP7Px3sva1nOrNx8rPPI1hJ+ZOg8maiPTxHZnBVLakSSLQy/sWeWyazO1RnrbxjrbgQtYKz0e3nwGpu1w13vfckFmUSBhHXH7AAS/HpKC4IH7G2GAk3+n8iSSN71sZzpxonQwVbopMZqLmbBm/7WPLcAAJRTvlE7NmNNLDESUBoGC+K2AHIKA+/lhdRVF4YcMvvqCBYFB5tj0oyCikftfjNbvjl9YPGqcRXk664YieWv/pz8U1FOENipbjXF9lFhgedG2Xanh/2FwHX5txYiHIJxJeLEKCXp5Sjt9XBvQsrryxLyX9l+zkLKm7bCAcrfk4h/YoqxecAI63isG9vnrS7o07iD/3mOAAFRgAAAAF6LCM+1uRpyaoyfzuNGBJK9DgBWIWtrPpu7KM8qsC/FXosIz/YIPhveZ8Z4IR0g/McAMQwzQoK5tScSE0DD3BwAAAAAAAAAAAAAAAEAAAAAAAAAAwEAAQAAAAAAAgAAAA== diff --git a/tests/data_files/base64/mfl_1024.txt b/tests/data_files/base64/mfl_1024.txt index 58dbe5f28..b56044a4e 100644 --- a/tests/data_files/base64/mfl_1024.txt +++ b/tests/data_files/base64/mfl_1024.txt @@ -1,2 +1,2 @@ // MFL=1024 -AhUAAH8AAA4AAABtAAAAAF6K+GLMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHeeQKPVt9RpB8nLTB6C2AhxRzB0r/OBbXbMPm6jb1rkR+qrXZAUFRvGfGxlqqGWwAAACAAAAAAAAAAAAAAAIAAV6K+GJIXNnpKTr9HZQW6WEH7YSYhhRRqOO6xvf8QL6/Xor4YhOxOJYk23w3AwDvVAofeWnVAfJnExe5ipdSxnAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA=== \ No newline at end of file +AhUAAH8AAA4AAABtAAAAAF6K+GLMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACHeeQKPVt9RpB8nLTB6C2AhxRzB0r/OBbXbMPm6jb1rkR+qrXZAUFRvGfGxlqqGWwAAACAAAAAAAAAAAAAAAIAAV6K+GJIXNnpKTr9HZQW6WEH7YSYhhRRqOO6xvf8QL6/Xor4YhOxOJYk23w3AwDvVAofeWnVAfJnExe5ipdSxnAAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA=== diff --git a/tests/data_files/base64/mtu_10000.txt b/tests/data_files/base64/mtu_10000.txt index dc7c97533..676453907 100644 --- a/tests/data_files/base64/mtu_10000.txt +++ b/tests/data_files/base64/mtu_10000.txt @@ -1,2 +1,2 @@ // MTU=10000 -AhUAAH8AAA4AAABtAAAAAF6LDkzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABx06kxYooMLGPyUMoB46EF2zTJzmZEM4le5aKihcHpFEfgrX/eWQZFWa7cak79ihwAAACAAAAAAAAAAAAAAAAAAV6LDkz9bigMk9q0WiDmgYhX8ppbfgbtMCfruvVQNiFWXosOTJ3R2+J+TaSChmjtS8sD+y1Zruhe/SJE7y9D+5YAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAicQAA== \ No newline at end of file +AhUAAH8AAA4AAABtAAAAAF6LDkzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABx06kxYooMLGPyUMoB46EF2zTJzmZEM4le5aKihcHpFEfgrX/eWQZFWa7cak79ihwAAACAAAAAAAAAAAAAAAAAAV6LDkz9bigMk9q0WiDmgYhX8ppbfgbtMCfruvVQNiFWXosOTJ3R2+J+TaSChmjtS8sD+y1Zruhe/SJE7y9D+5YAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAicQAA== diff --git a/tests/data_files/base64/srv_ciphersuite.txt b/tests/data_files/base64/srv_ciphersuite.txt index 5ddca630d..7e939062f 100644 --- a/tests/data_files/base64/srv_ciphersuite.txt +++ b/tests/data_files/base64/srv_ciphersuite.txt @@ -1,2 +1,2 @@ // TLS-RSA-WITH-AES-256-CCM-8 -AhUAAH8AAA4AAABtAAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAACAAAAAAAAAAAAAAAAAAV6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== \ No newline at end of file +AhUAAH8AAA4AAABtAAAAAF6K4ynAoQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADLBIQUrrPh7jxYz9e55cJvfpOkuBf2ZiVovlYa1Dkwbimp5q/CoWIn48C0x3Yj6N0AAACAAAAAAAAAAAAAAAAAAV6K4yksMvMV19qRq+eNokGn0j9Q5tjE88EK8jfM7gksXorjKR6zhXhttFGIFkNNAmmKuuDQGVmX1yCoHiJFonUAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAAAA== diff --git a/tests/data_files/base64/srv_min_cfg.txt b/tests/data_files/base64/srv_min_cfg.txt index 8be02882a..77272f52a 100644 --- a/tests/data_files/base64/srv_min_cfg.txt +++ b/tests/data_files/base64/srv_min_cfg.txt @@ -1,2 +1,2 @@ // Minimal configuration -AhUAAAMAAAAAAABjAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAACAAAAAXotmUkMC6aU6s7O5InjmEEeg4ySLZkNDf0Ut/s06/cBei2ZS+kkKS3sJso2u418jlrlKiesyUOW+xXwOD8bYZQAAAQAAAAAAAgAA \ No newline at end of file +AhUAAAMAAAAAAABjAAAAAF6LZlLMqAAgUGktPmpSPbzRPipeCpYJtp5SNIIjTr3R121WF9AeWN4tmKbRhhv+yPMjY0yWPrHLy7lLLhwNFBwCD6eQ0ULZZ15Fi2Rhae/4ZkAR0BN2iCMAAACAAAAAXotmUkMC6aU6s7O5InjmEEeg4ySLZkNDf0Ut/s06/cBei2ZS+kkKS3sJso2u418jlrlKiesyUOW+xXwOD8bYZQAAAQAAAAAAAgAA diff --git a/tests/data_files/base64/srv_no_alpn.txt b/tests/data_files/base64/srv_no_alpn.txt index afc51f9fd..10ddd0c2a 100644 --- a/tests/data_files/base64/srv_no_alpn.txt +++ b/tests/data_files/base64/srv_no_alpn.txt @@ -1,2 +1,2 @@ // Without MBEDTLS_SSL_ALPN -AhUAAH8AAAYAAABtAAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAACAAAAAAAAAAAAAAAAAAV6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA \ No newline at end of file +AhUAAH8AAAYAAABtAAAAAF6LDSzMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB1lCUO8B/805UzCOLZzWDAEA8anfLpbuWTrnFSR2puZktvEiR8nXdATN0yKS94oSAAAACAAAAAAAAAAAAAAAAAAV6LDSwWt0QWgmNg4Zv2yYhf4Pdexpi/QTIqWyD2AQVjXosNLLK1vz/upFHrJlizjH5uSBUJCpQZJczrBgxBmGoAAAAAAAAAAAAAAAEAAAAAAAAAAwAAAQAAAAAAAgAA diff --git a/tests/data_files/base64/srv_no_mfl.txt b/tests/data_files/base64/srv_no_mfl.txt index c684ec74b..e254403aa 100644 --- a/tests/data_files/base64/srv_no_mfl.txt +++ b/tests/data_files/base64/srv_no_mfl.txt @@ -1,2 +1,2 @@ // Without MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -AhUAAHcAAA4AAABsAAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAACAAAAAAAAAAAAAAAABXosMs1xs+Mj8BIL6v01qtHWV7w+psxGwLctaGSSL0aZeiwyzskPeDCL0isOzh+JoPgzS/mVtMc0GykGpZaFBugAAAAAAAAAAAAAAAQAAAAAAAAADAAABAAAAAAACAAAA \ No newline at end of file +AhUAAHcAAA4AAABsAAAAAF6LDLPMqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0fzGzO1ysljMgZr4gduigvRXr2AK5X8j8c6vHTOpc2ncFS3UN2ojwD2tOaM3+/XIAAACAAAAAAAAAAAAAAAABXosMs1xs+Mj8BIL6v01qtHWV7w+psxGwLctaGSSL0aZeiwyzskPeDCL0isOzh+JoPgzS/mVtMc0GykGpZaFBugAAAAAAAAAAAAAAAQAAAAAAAAADAAABAAAAAAACAAAA diff --git a/tests/data_files/base64/v2.19.1.txt b/tests/data_files/base64/v2.19.1.txt index b910e333f..c07bd9d96 100644 --- a/tests/data_files/base64/v2.19.1.txt +++ b/tests/data_files/base64/v2.19.1.txt @@ -1,2 +1,2 @@ -// Context creaded by MbedTLS v.2.19.1 -AhMBAH8AAA8AAAGjAAAAAF5iHYLArgAgkQE4V2NJsjbOuO52ws/u75f6Cg126zWeI7a+kaxTqKLbdWWZmW3PP+SflLxBA7Trpb0qZ5MP8+m0leylnLcDt2TtIWR49MOuiJuvVuMJmtwAAAAAAAE2MIIBMjCB2qADAgECAgYBcK9AtOYwCgYIKoZIzj0EAwIwDTELMAkGA1UEAwwCY2EwIBcNMjAwMzA2MDk1MDE4WhgPMjA1NjAyMjYwOTUwMThaMDMxDzANBgNVBAcTBjE2MDAwMTENMAsGA1UECxMEYWNjMTERMA8GA1UEAxMIZGV2aWNlMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARn0TtinN6/runzIuF2f2uTH1f0mQOFXu3uRPtQji2ObccSsw6Cn9z7XWK9fRgeoOKA0WZC+O9L9IEWieS13ajFMAoGCCqGSM49BAMCA0cAMEQCIFoavpekQjIqubJ09jkMR+iiUpkGdFRla1R7onnc5iEOAiBAvYr8j9QqjpM2jColTS1cI0z29PBbuasq4HI6YCj0wgAAAAAAAAAAAAFeYh2Ct3LnESwmdWzU+xs7vV2Q0T5HJ8y4ckhpO7wOoF5iHYJ38gKFI3Qdc3BR48GV7nuBUKZeI1YJExQchj1WCAY6dEyghLpHAAAAAAAAAAAAAAAAAQAAAAAAAAADAAABAAAAAAACAAAA \ No newline at end of file +// Context creaded by MbedTLS v.2.19.1 +AhMBAH8AAA8AAAGjAAAAAF5iHYLArgAgkQE4V2NJsjbOuO52ws/u75f6Cg126zWeI7a+kaxTqKLbdWWZmW3PP+SflLxBA7Trpb0qZ5MP8+m0leylnLcDt2TtIWR49MOuiJuvVuMJmtwAAAAAAAE2MIIBMjCB2qADAgECAgYBcK9AtOYwCgYIKoZIzj0EAwIwDTELMAkGA1UEAwwCY2EwIBcNMjAwMzA2MDk1MDE4WhgPMjA1NjAyMjYwOTUwMThaMDMxDzANBgNVBAcTBjE2MDAwMTENMAsGA1UECxMEYWNjMTERMA8GA1UEAxMIZGV2aWNlMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARn0TtinN6/runzIuF2f2uTH1f0mQOFXu3uRPtQji2ObccSsw6Cn9z7XWK9fRgeoOKA0WZC+O9L9IEWieS13ajFMAoGCCqGSM49BAMCA0cAMEQCIFoavpekQjIqubJ09jkMR+iiUpkGdFRla1R7onnc5iEOAiBAvYr8j9QqjpM2jColTS1cI0z29PBbuasq4HI6YCj0wgAAAAAAAAAAAAFeYh2Ct3LnESwmdWzU+xs7vV2Q0T5HJ8y4ckhpO7wOoF5iHYJ38gKFI3Qdc3BR48GV7nuBUKZeI1YJExQchj1WCAY6dEyghLpHAAAAAAAAAAAAAAAAAQAAAAAAAAADAAABAAAAAAACAAAA diff --git a/tests/data_files/bitstring-in-dn.pem b/tests/data_files/bitstring-in-dn.pem index 1a98aa3ac..c50bd6684 100644 --- a/tests/data_files/bitstring-in-dn.pem +++ b/tests/data_files/bitstring-in-dn.pem @@ -1,51 +1,51 @@ ------BEGIN CERTIFICATE----- -MIIEATCCAumgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBxMRMwEQYDVQQDDApUZXN0 -IENBIDAxMREwDwYDVQQIDAhFY25pdm9ycDELMAkGA1UEBhMCWFgxHjAcBgkqhkiG -9w0BCQEWD3RjYUBleGFtcGxlLmNvbTEaMBgGA1UECgwRVGVzdCBDQSBBdXRob3Jp -dHkwHhcNMTUwMzExMTIwNjUxWhcNMjUwMzA4MTIwNjUxWjCBmzELMAkGA1UEBhMC -WFgxDDAKBgNVBAoMA3RjYTERMA8GA1UECAwIRWNuaXZvcnAxDDAKBgNVBAsMA1RD -QTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRAZXhhbXBs -ZS5jb20xEzARBgNVBAUTCjcxMDEwMTIyNTUxFDASBgNVBC0DCwA3MTAxMDEyMjU1 -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQS0JLb8Dqy8V2mszkWk -V8c/NPQcG3ivueXZHqOT9JTiPqrigGcLHtlmlaJ0aUUxix7q60aOds041TFyeknT -SUFYY4ppOhiP+fOpWKPv4ZMwhSI2XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhb -EGf0ihibbwZXPUwBlm10GaB4K93PNY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSe -J2axxyY4hPXR30jzEyZvy4kv4nzAu5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYt -tQaJEEpNOo0ZPpTtG6F8/tGh5r8jFx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcd -iQIDAQABo3kwdzAJBgNVHRMEAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9j -cmwuZXhhbXBsZS5jb20vdGVzdF9jYV8wMS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH -AwIwHQYDVR0RBBYwFIESY2xpZW50QGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUA -A4IBAQBySELCnU8/PtGIG3dwhJENOSU5R7w8jpRXxHCuSBR+W6nuUCISz+z+EdF/ -A7AOJDASuS+4gkrSSmQhGFpf7E5VbF8trVZhLAZrXqKMcUreKH6v0I8MAUXmIs3G -tqiBGf7pSYJN9DvVOOgANjdy6THuUzYv5qSvBZ4pNYEfHSlMNrV7niynd8dgPOML -pA7GUfv5k2mMkMbSD15pTMgcavrBKYgyqcvF1C3qghfoL5+i38H8sKzF8hy7wHtE -ESHtBq20RYA3m0UcA0e64GcanO2Ps/AQVBc7qMeHbqnqj3uUhtTkQcMUWnMgy1NR -5RbzoLMOxq7hoOCyIaQeM/wgxeGE ------END CERTIFICATE----- ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAnQS0JLb8Dqy8V2mszkWkV8c/NPQcG3ivueXZHqOT9JTiPqri -gGcLHtlmlaJ0aUUxix7q60aOds041TFyeknTSUFYY4ppOhiP+fOpWKPv4ZMwhSI2 -XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhbEGf0ihibbwZXPUwBlm10GaB4K93P -NY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSeJ2axxyY4hPXR30jzEyZvy4kv4nzA -u5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYttQaJEEpNOo0ZPpTtG6F8/tGh5r8j -Fx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcdiQIDAQABAoIBAF7i3MnjGmbz080v -OxJb23iAG54wdlvTjr3UPGTbjSmcXyxnsADQRFQcJHYAekCzY8EiqewL80OvuMx8 -2SU1P81hA70Dg5tsBHWT3Z6HUwsKG6QYjKr1cUhTwLyazhyAVgogSN6v7GzO9M3I -DOBw8Xb0mz5oqGVre4S7TapN8n8ZG5oWm0XKGACXy0KbzY0KvWdkUzumFQ8X/ARE -FsWyu+O69EbMqZRUKu45SrcubsdVGjOwseZHkmp5V6pc6Q/OrTHZqXJtDva5UIRq -+Lof5scy9jiwwRnM/klvh23mz0ySU4YA3645m5KqyWR4YJCR1MnMANmXUSeYWfYz -19+R1gECgYEAzm83lI7eIhTH38H0/jFpf3R7vNjPX3TR5waa4EXsCxhTOpoL89mR -iNmzH0aOC4OR8rz/9PCnwmtH1lyQ4r/RokBmCp3pBxeWSlenFfV3rLCeEDo0Q/OL -SX5DL4IbZD0VmNDt606WS7AEv93GhpN03Anw6kgHQUm1l030PR9DYZECgYEAwrgO -/RyB/Ehw7smlysZb2sn1lvd6z8fg+pcu8ZNRKODaYCCOb8p1lnHrnIQdEmjhlmVp -HAEuJ5jxCb+lyruV+dlx+0W/p6lHtKr0iBHG8EFkHnjN6Y+59Qu0HfSm0pZw7Ftr -QcUDPuDJkTVUAvrZqciWlwzTWCC9KYXtasT+AHkCgYEAnP80dAUbpyvKvr/RxShr -JYW/PWZegChmIp+BViOXWvDLC3xwrqm+5yc59QVBrjwH2WYn+26zB0dzwPFxNyHP -GuiDMnvZ54zmve9foXGn7Gv+KjU53pvwSJqAGjeHAXr7W9c5uoVwBGv/kLPn8h1e -+KGO2X6iFeMq+cFNiNan9iECgYBj+oGnsKWFVeS2ls8LyMGNGzmAZF2opiZ8RHgU -DeIULS+zP8Qi3j92GdQyLxuGQlfiEvvfJzP9nOfWa5LC/4JIIUAHFo8LlT1+JHEe -FJKi9dBkXP7NN8DxcyruXpnxctFUarQttuytslmMt2cFiKuOI7I+qJUzoMu/sEZx -FeidcQKBgQCuralmtbl4nxjn3aR/ZgFTAKCL9WaJPh5hFJ9q4UuWxJdBX5z3Ey3/ -70ehLKYPumjmZtXynzz4BTWj1W9X+tgj/499uzV6LdQERGjT6WVy8xR9RELWW0an -N9N1IAc4qTSjbI4EIMwMBSAoFfCux/jfDkG4g+RDnpV92sqxz2CtKg== ------END RSA PRIVATE KEY----- \ No newline at end of file +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBxMRMwEQYDVQQDDApUZXN0 +IENBIDAxMREwDwYDVQQIDAhFY25pdm9ycDELMAkGA1UEBhMCWFgxHjAcBgkqhkiG +9w0BCQEWD3RjYUBleGFtcGxlLmNvbTEaMBgGA1UECgwRVGVzdCBDQSBBdXRob3Jp +dHkwHhcNMTUwMzExMTIwNjUxWhcNMjUwMzA4MTIwNjUxWjCBmzELMAkGA1UEBhMC +WFgxDDAKBgNVBAoMA3RjYTERMA8GA1UECAwIRWNuaXZvcnAxDDAKBgNVBAsMA1RD +QTEPMA0GA1UEAwwGQ2xpZW50MSEwHwYJKoZIhvcNAQkBFhJjbGllbnRAZXhhbXBs +ZS5jb20xEzARBgNVBAUTCjcxMDEwMTIyNTUxFDASBgNVBC0DCwA3MTAxMDEyMjU1 +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQS0JLb8Dqy8V2mszkWk +V8c/NPQcG3ivueXZHqOT9JTiPqrigGcLHtlmlaJ0aUUxix7q60aOds041TFyeknT +SUFYY4ppOhiP+fOpWKPv4ZMwhSI2XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhb +EGf0ihibbwZXPUwBlm10GaB4K93PNY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSe +J2axxyY4hPXR30jzEyZvy4kv4nzAu5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYt +tQaJEEpNOo0ZPpTtG6F8/tGh5r8jFx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcd +iQIDAQABo3kwdzAJBgNVHRMEAjAAMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9j +cmwuZXhhbXBsZS5jb20vdGVzdF9jYV8wMS5jcmwwEwYDVR0lBAwwCgYIKwYBBQUH +AwIwHQYDVR0RBBYwFIESY2xpZW50QGV4YW1wbGUuY29tMA0GCSqGSIb3DQEBBQUA +A4IBAQBySELCnU8/PtGIG3dwhJENOSU5R7w8jpRXxHCuSBR+W6nuUCISz+z+EdF/ +A7AOJDASuS+4gkrSSmQhGFpf7E5VbF8trVZhLAZrXqKMcUreKH6v0I8MAUXmIs3G +tqiBGf7pSYJN9DvVOOgANjdy6THuUzYv5qSvBZ4pNYEfHSlMNrV7niynd8dgPOML +pA7GUfv5k2mMkMbSD15pTMgcavrBKYgyqcvF1C3qghfoL5+i38H8sKzF8hy7wHtE +ESHtBq20RYA3m0UcA0e64GcanO2Ps/AQVBc7qMeHbqnqj3uUhtTkQcMUWnMgy1NR +5RbzoLMOxq7hoOCyIaQeM/wgxeGE +-----END CERTIFICATE----- +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAnQS0JLb8Dqy8V2mszkWkV8c/NPQcG3ivueXZHqOT9JTiPqri +gGcLHtlmlaJ0aUUxix7q60aOds041TFyeknTSUFYY4ppOhiP+fOpWKPv4ZMwhSI2 +XzcgYhQSNHV0lIG1we9RAAfumomDMq7oMJhbEGf0ihibbwZXPUwBlm10GaB4K93P +NY8Bz4ekBxzQ1WJkQ5LGsQnVZSuLnvp5dWSeJ2axxyY4hPXR30jzEyZvy4kv4nzA +u5lqZ5XKLrRO4TKwZrtr+CCPVkPJRE36rWYttQaJEEpNOo0ZPpTtG6F8/tGh5r8j +Fx/f6wG+nyANJJ98kEP8i6TPjRrg+697mLcdiQIDAQABAoIBAF7i3MnjGmbz080v +OxJb23iAG54wdlvTjr3UPGTbjSmcXyxnsADQRFQcJHYAekCzY8EiqewL80OvuMx8 +2SU1P81hA70Dg5tsBHWT3Z6HUwsKG6QYjKr1cUhTwLyazhyAVgogSN6v7GzO9M3I +DOBw8Xb0mz5oqGVre4S7TapN8n8ZG5oWm0XKGACXy0KbzY0KvWdkUzumFQ8X/ARE +FsWyu+O69EbMqZRUKu45SrcubsdVGjOwseZHkmp5V6pc6Q/OrTHZqXJtDva5UIRq ++Lof5scy9jiwwRnM/klvh23mz0ySU4YA3645m5KqyWR4YJCR1MnMANmXUSeYWfYz +19+R1gECgYEAzm83lI7eIhTH38H0/jFpf3R7vNjPX3TR5waa4EXsCxhTOpoL89mR +iNmzH0aOC4OR8rz/9PCnwmtH1lyQ4r/RokBmCp3pBxeWSlenFfV3rLCeEDo0Q/OL +SX5DL4IbZD0VmNDt606WS7AEv93GhpN03Anw6kgHQUm1l030PR9DYZECgYEAwrgO +/RyB/Ehw7smlysZb2sn1lvd6z8fg+pcu8ZNRKODaYCCOb8p1lnHrnIQdEmjhlmVp +HAEuJ5jxCb+lyruV+dlx+0W/p6lHtKr0iBHG8EFkHnjN6Y+59Qu0HfSm0pZw7Ftr +QcUDPuDJkTVUAvrZqciWlwzTWCC9KYXtasT+AHkCgYEAnP80dAUbpyvKvr/RxShr +JYW/PWZegChmIp+BViOXWvDLC3xwrqm+5yc59QVBrjwH2WYn+26zB0dzwPFxNyHP +GuiDMnvZ54zmve9foXGn7Gv+KjU53pvwSJqAGjeHAXr7W9c5uoVwBGv/kLPn8h1e ++KGO2X6iFeMq+cFNiNan9iECgYBj+oGnsKWFVeS2ls8LyMGNGzmAZF2opiZ8RHgU +DeIULS+zP8Qi3j92GdQyLxuGQlfiEvvfJzP9nOfWa5LC/4JIIUAHFo8LlT1+JHEe +FJKi9dBkXP7NN8DxcyruXpnxctFUarQttuytslmMt2cFiKuOI7I+qJUzoMu/sEZx +FeidcQKBgQCuralmtbl4nxjn3aR/ZgFTAKCL9WaJPh5hFJ9q4UuWxJdBX5z3Ey3/ +70ehLKYPumjmZtXynzz4BTWj1W9X+tgj/499uzV6LdQERGjT6WVy8xR9RELWW0an +N9N1IAc4qTSjbI4EIMwMBSAoFfCux/jfDkG4g+RDnpV92sqxz2CtKg== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/test-ca.server1.opensslconf b/tests/data_files/test-ca.server1.opensslconf index 4a5072eae..209b0fffa 100644 --- a/tests/data_files/test-ca.server1.opensslconf +++ b/tests/data_files/test-ca.server1.opensslconf @@ -1,6 +1,6 @@ [ ca ] default_ca = test-ca - + [ test-ca ] certificate = test-ca.crt private_key = test-ca.key From 12b180a0b9da0f869257f17f69fb71b6f3a3e3f7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 17:36:42 +0200 Subject: [PATCH 027/247] Permit empty files Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 751b32bdd..de4d24527 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -164,7 +164,14 @@ class EndOfFileNewlineIssueTracker(FileIssueTracker): def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: - if not f.read().endswith(b"\n"): + try: + f.seek(-1, 2) + except OSError: + # This script only works on regular files. If we can't seek + # 1 before the end, it means that this position is before + # the beginning of the file, i.e. that the file is empty. + return + if f.read(1) != b"\n": self.files_with_issues[filepath] = None From d2df86f00536ffdc5209a48c4fd86a8ce8bfe119 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 17:36:51 +0200 Subject: [PATCH 028/247] .dsw files are Visual Studio stuff Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index de4d24527..5bec6dbf1 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -137,7 +137,7 @@ class LineIssueTracker(FileIssueTracker): def is_windows_file(filepath): _root, ext = os.path.splitext(filepath) - return ext in ('.bat', '.dsp', '.sln', '.vcxproj') + return ext in ('.bat', '.dsp', '.dsw', '.sln', '.vcxproj') class PermissionIssueTracker(FileIssueTracker): From 344da1cbd35128a5a69eaaf0f19acd8ca189164c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 17:37:02 +0200 Subject: [PATCH 029/247] Some .pem files are openssl output and have tabs and that's ok Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 5bec6dbf1..b6fa98926 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -233,6 +233,7 @@ class TabIssueTracker(LineIssueTracker): heading = "Tabs present:" suffix_exemptions = frozenset([ + ".pem", # some openssl dumps have tabs ".sln", "/Makefile", "/Makefile.inc", From ba968a723b4886d983fcc71e9684268afdcbd0a9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 17:40:31 +0200 Subject: [PATCH 030/247] Wrap line to 79 columns Signed-off-by: Gilles Peskine --- ChangeLog.d/fix-gcc-format-signedness-warnings.txt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog.d/fix-gcc-format-signedness-warnings.txt b/ChangeLog.d/fix-gcc-format-signedness-warnings.txt index 023d15c8e..2d22b942d 100644 --- a/ChangeLog.d/fix-gcc-format-signedness-warnings.txt +++ b/ChangeLog.d/fix-gcc-format-signedness-warnings.txt @@ -1,3 +1,4 @@ Changes * Fix warnings about signedness issues in format strings. The build is now - clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen in #3153. + clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen + in #3153. From 30e0bb4a24b8afab54027573d38c1beaa7bdad1c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 May 2020 17:40:49 +0200 Subject: [PATCH 031/247] Run assemble_changelog.py in all.sh Avoid nasty surprises where it would fail when we want to make a release. Signed-off-by: Gilles Peskine --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5ea1c35d1..0a9d8063f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -625,6 +625,18 @@ component_check_files () { record_status tests/scripts/check-files.py } +component_check_changelog () { + msg "Check: changelog entries" # < 1s + rm -f ChangeLog.new + record_status scripts/assemble_changelog.py -o ChangeLog.new + if [ -e ChangeLog.new ]; then + # Show the diff for information. It isn't an error if the diff is + # non-empty. + diff -u ChangeLog ChangeLog.new || true + rm ChangeLog.new + fi +} + component_check_names () { msg "Check: declared and exported names (builds the library)" # < 3s record_status tests/scripts/check-names.sh -v From 9fc15ea4cc726ebfaf3a572cea42750e87961b4c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 4 May 2020 12:00:47 +0100 Subject: [PATCH 032/247] Introduce config option for experimental TLS 1.3 specific features Signed-off-by: Hanno Becker --- include/mbedtls/config.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 901e26d89..da8b6b31e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1706,6 +1706,22 @@ */ #define MBEDTLS_SSL_PROTO_TLS1_2 +/** + * \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + * + * This is an experimental macro used to selectively enable parts + * of the code that solely contribute to the ongoing development of + * a prototype implementation for TLS 1.3 and DTLS 1.3 but aren't + * used otherwise. + * + * \warning Features under the control of this macro are experimental + * and don't come with any stability guarantees. + * + * Uncomment this macro to enable experimental and partial + * functionality specific to TLS 1.3. + */ +#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + /** * \def MBEDTLS_SSL_PROTO_DTLS * From a711f6e27798db931636ac8ced1666ac1bd5576a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 4 May 2020 12:03:51 +0100 Subject: [PATCH 033/247] Add 'build+unit test' test for experimental TLS 1.3 code to all.sh Signed-off-by: Hanno Becker --- tests/scripts/all.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5ea1c35d1..8761c284b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1701,6 +1701,15 @@ component_test_allow_sha1 () { if_build_succeeded tests/ssl-opt.sh -f SHA-1 } +component_test_tls13_experimental () { + msg "build: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" + scripts/config.pl set MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + msg "test: default config with MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL enabled" + make test +} + component_build_mingw () { msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs From 2ab47dc5cdc22f9800b00243d157937fbc960137 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 4 May 2020 12:19:12 +0100 Subject: [PATCH 034/247] Add internal version identifier for TLS 1.3 Signed-off-by: Hanno Becker --- include/mbedtls/ssl.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7fec65e1d..5869e1560 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -138,6 +138,7 @@ #define MBEDTLS_SSL_MINOR_VERSION_1 1 /*!< TLS v1.0 */ #define MBEDTLS_SSL_MINOR_VERSION_2 2 /*!< TLS v1.1 */ #define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */ +#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */ #define MBEDTLS_SSL_TRANSPORT_STREAM 0 /*!< TLS */ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ From 581bc1b90895e658774ff2640bb258803cc767ff Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 4 May 2020 12:20:03 +0100 Subject: [PATCH 035/247] Remove ref to CID from inner plaintext parsing/building functions The internal functions `ssl_cid_{build/parse}_inner_plaintext()` implement the TLSInnerPlaintext mechanism used by DTLS 1.2 + CID in order to allow for flexible length padding and to protect the true content type of a record. This feature is also present in TLS 1.3 support for which is under development. As a preparatory step towards sharing the code between the case of DTLS 1.2 + CID and TLS 1.3, this commit renames `ssl_cid_{build/parse}_inner_plaintext()` to `ssl_{build/parse}_inner_plaintext()`. Signed-off-by: Hanno Becker --- library/ssl_msg.c | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 976fc7b00..e5331a746 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -342,14 +342,16 @@ static void ssl_read_memory( unsigned char *p, size_t len ) */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -/* This functions transforms a DTLS plaintext fragment and a record content - * type into an instance of the DTLSInnerPlaintext structure: +/* This functions transforms a (D)TLS plaintext fragment and a record content + * type into an instance of the (D)TLSInnerPlaintext structure. This is used + * in DTLS 1.2 + CID and within TLS 1.3 to allow flexible padding and to protect + * a record's content type. * * struct { * opaque content[DTLSPlaintext.length]; * ContentType real_type; * uint8 zeros[length_of_padding]; - * } DTLSInnerPlaintext; + * } (D)TLSInnerPlaintext; * * Input: * - `content`: The beginning of the buffer holding the @@ -360,18 +362,18 @@ static void ssl_read_memory( unsigned char *p, size_t len ) * - `rec_type`: The desired record content type. * * Output: - * - `content`: The beginning of the resulting DTLSInnerPlaintext structure. - * - `*content_size`: The length of the resulting DTLSInnerPlaintext structure. + * - `content`: The beginning of the resulting (D)TLSInnerPlaintext structure. + * - `*content_size`: The length of the resulting (D)TLSInnerPlaintext structure. * * Returns: * - `0` on success. * - A negative error code if `max_len` didn't offer enough space * for the expansion. */ -static int ssl_cid_build_inner_plaintext( unsigned char *content, - size_t *content_size, - size_t remaining, - uint8_t rec_type ) +static int ssl_build_inner_plaintext( unsigned char *content, + size_t *content_size, + size_t remaining, + uint8_t rec_type ) { size_t len = *content_size; size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY - @@ -395,9 +397,9 @@ static int ssl_cid_build_inner_plaintext( unsigned char *content, return( 0 ); } -/* This function parses a DTLSInnerPlaintext structure. - * See ssl_cid_build_inner_plaintext() for details. */ -static int ssl_cid_parse_inner_plaintext( unsigned char const *content, +/* This function parses a (D)TLSInnerPlaintext structure. + * See ssl_build_inner_plaintext() for details. */ +static int ssl_parse_inner_plaintext( unsigned char const *content, size_t *content_size, uint8_t *rec_type ) { @@ -586,12 +588,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, { /* * Wrap plaintext into DTLSInnerPlaintext structure. - * See ssl_cid_build_inner_plaintext() for more information. + * See ssl_build_inner_plaintext() for more information. * * Note that this changes `rec->data_len`, and hence * `post_avail` needs to be recalculated afterwards. */ - if( ssl_cid_build_inner_plaintext( data, + if( ssl_build_inner_plaintext( data, &rec->data_len, post_avail, rec->type ) != 0 ) @@ -1552,8 +1554,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( rec->cid_len != 0 ) { - ret = ssl_cid_parse_inner_plaintext( data, &rec->data_len, - &rec->type ); + ret = ssl_parse_inner_plaintext( data, &rec->data_len, + &rec->type ); if( ret != 0 ) return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } From 7d343ecf06c45d8d99d3fd8bd7368a5b4f737e14 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 4 May 2020 12:29:05 +0100 Subject: [PATCH 036/247] Add note on inner plaintext parsing to ssl_transform documentation Signed-off-by: Hanno Becker --- include/mbedtls/ssl_internal.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index e92381c33..cd881eb02 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -554,6 +554,10 @@ typedef struct mbedtls_ssl_hs_buffer mbedtls_ssl_hs_buffer; * time with the 8-byte record sequence number, without prepending the * latter to the encrypted record. * + * Additionally, DTLS 1.2 + CID as well as TLS 1.3 use an inner plaintext + * which allows to add flexible length padding and to hide a record's true + * content type. + * * In addition to type and version, the following parameters are relevant: * - The symmetric cipher algorithm to be used. * - The (static) encryption/decryption keys for the cipher. From ccc13d03c3b0f8c73031d4036075466c426f5eee Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 4 May 2020 12:30:04 +0100 Subject: [PATCH 037/247] TLS 1.3: Implement TLSInnerPlaintext parsing/building Signed-off-by: Hanno Becker --- library/ssl_msg.c | 40 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index e5331a746..e739e2fb6 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -341,7 +341,8 @@ static void ssl_read_memory( unsigned char *p, size_t len ) * Encryption/decryption functions */ -#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || \ + defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) /* This functions transforms a (D)TLS plaintext fragment and a record content * type into an instance of the (D)TLSInnerPlaintext structure. This is used * in DTLS 1.2 + CID and within TLS 1.3 to allow flexible padding and to protect @@ -418,7 +419,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content, return( 0 ); } -#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID || + MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ /* `add_data` must have size 13 Bytes if the CID extension is disabled, * and 13 + 1 + CID-length Bytes if the CID extension is enabled. */ @@ -576,6 +578,28 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + { + /* + * Wrap plaintext into TLSInnerPlaintext structure. + * See ssl_build_inner_plaintext() for more information. + * + * Note that this changes `rec->data_len`, and hence + * `post_avail` needs to be recalculated afterwards. + */ + if( ssl_build_inner_plaintext( data, + &rec->data_len, + post_avail, + rec->type ) != 0 ) + { + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + + rec->type = MBEDTLS_SSL_MSG_APPLICATION_DATA; + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) /* * Add CID information @@ -1551,6 +1575,18 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + { + /* Remove inner padding and infer true content type. */ + ret = ssl_parse_inner_plaintext( data, &rec->data_len, + &rec->type ); + + if( ret != 0 ) + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( rec->cid_len != 0 ) { From 3169dad48bf0afa0694823c986c45735ca800904 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 May 2020 14:54:07 +0100 Subject: [PATCH 038/247] Add unit tests for TLS 1.3 record encryption Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 56 ++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 9af6a5ca0..e71a4cb87 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -4154,6 +4154,10 @@ Record crypt, AES-128-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, AES-128-GCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, AES-128-GCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -4178,6 +4182,10 @@ Record crypt, AES-192-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, AES-192-GCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, AES-192-GCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -4202,6 +4210,10 @@ Record crypt, AES-256-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, AES-192-GCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, AES-256-GCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -4298,6 +4310,10 @@ Record crypt, AES-128-CCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, AES-128-CCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, AES-128-CCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -4322,6 +4338,10 @@ Record crypt, AES-192-CCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, AES-192-CCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, AES-192-CCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -4346,6 +4366,10 @@ Record crypt, AES-256-CCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, AES-256-CCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C +ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, AES-256-CCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -5018,10 +5042,18 @@ Record crypt, ChachaPoly depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, ChachaPoly, 1.3 +depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_crypt_record:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, little space, ChachaPoly depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, little space, ChachaPoly, 1.3 +depends_on:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, little space, ChachaPoly, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_CHACHAPOLY_C:MBEDTLS_SSL_PROTO_TLS1_2 ssl_crypt_record_small:MBEDTLS_CIPHER_CHACHA20_POLY1305:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -8554,6 +8586,10 @@ Record crypt, little space, AES-128-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, little space, AES-128-GCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, little space, AES-128-GCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -8578,6 +8614,10 @@ Record crypt, little space, AES-192-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, little space, AES-192-GCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, little space, AES-192-GCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -8602,6 +8642,10 @@ Record crypt, little space, AES-256-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, little space, AES-256-GCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, little space, AES-256-GCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -8698,6 +8742,10 @@ Record crypt, little space, AES-128-CCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, little space, AES-128-CCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, little space, AES-128-CCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_128_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -8722,6 +8770,10 @@ Record crypt, little space, AES-192-CCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, little space, AES-192-CCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, little space, AES-192-CCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_192_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 @@ -8746,6 +8798,10 @@ Record crypt, little space, AES-256-CCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 +Record crypt, little space, AES-256-CCM, 1.3 +depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_CCM_C +ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 + Record crypt, little space, AES-256-CCM, 1.2, CID 4+4 depends_on:MBEDTLS_SSL_DTLS_CONNECTION_ID:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CCM_C ssl_crypt_record_small:MBEDTLS_CIPHER_AES_256_CCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:4:4 From b2713abb8f4af13a1eaead65ef025fca9d756da6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 May 2020 14:54:22 +0100 Subject: [PATCH 039/247] Enhance record encryption unit tests by checking hidden content type TLS 1.3 and DTLS 1.2 + CID hide the real content type of a record within the record's inner plaintext, while always using the same content type for the protected record: - TLS 1.3 always uses ApplicationData - DTLS 1.2 + CID always uses a special CID content type. This commit enhances the record encryption unit test to check that the record content type is indeed correctly hidden. Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.function | 40 ++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e59a1677c..d902abd2b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3178,6 +3178,26 @@ void ssl_crypt_record( int cipher_type, int hash_id, continue; } +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + if( rec.cid_len != 0 ) + { + /* DTLS 1.2 + CID hides the real content type and + * uses a special CID content type in the protected + * record. Double-check this. */ + TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID ); + } +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + { + /* TLS 1.3 hides the real content type and + * always uses Application Data as the content type + * for protected records. Double-check this. */ + TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* Decrypt record with t_dec */ ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ); TEST_ASSERT( ret == 0 ); @@ -3321,6 +3341,26 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, if( ret != 0 ) continue; +#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) + if( rec.cid_len != 0 ) + { + /* DTLS 1.2 + CID hides the real content type and + * uses a special CID content type in the protected + * record. Double-check this. */ + TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_CID ); + } +#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( t_enc->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + { + /* TLS 1.3 hides the real content type and + * always uses Application Data as the content type + * for protected records. Double-check this. */ + TEST_ASSERT( rec.type == MBEDTLS_SSL_MSG_APPLICATION_DATA ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + /* Decrypt record with t_dec */ TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 ); From e41606001bb53aa15564bda2ccf256d4802bed05 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 May 2020 15:11:45 +0100 Subject: [PATCH 040/247] Disable experimental TLS 1.3 features in default config Signed-off-by: Hanno Becker --- include/mbedtls/config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index da8b6b31e..5474bbd5f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1720,7 +1720,7 @@ * Uncomment this macro to enable experimental and partial * functionality specific to TLS 1.3. */ -#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +//#define MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL /** * \def MBEDTLS_SSL_PROTO_DTLS From 3c358d4e12bd48f1fae13d891b8d5f2f168ec7a2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 20 May 2020 13:54:41 +0100 Subject: [PATCH 041/247] Improve documentation of MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL Signed-off-by: Hanno Becker --- include/mbedtls/config.h | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 5474bbd5f..e1de6f82e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1709,13 +1709,16 @@ /** * \def MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL * - * This is an experimental macro used to selectively enable parts - * of the code that solely contribute to the ongoing development of - * a prototype implementation for TLS 1.3 and DTLS 1.3 but aren't - * used otherwise. + * This macro is used to selectively enable experimental parts + * of the code that contribute to the ongoing development of + * the prototype TLS 1.3 and DTLS 1.3 implementation, and provide + * no other purpose. * - * \warning Features under the control of this macro are experimental - * and don't come with any stability guarantees. + * \warning TLS 1.3 and DTLS 1.3 aren't yet supported in Mbed TLS, + * and no feature exposed through this macro is part of the + * public API. In particular, features under the control + * of this macro are experimental and don't come with any + * stability guarantees. * * Uncomment this macro to enable experimental and partial * functionality specific to TLS 1.3. From 9231340d7176e5f10db6b92b810d66394301b56e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 20 May 2020 13:58:58 +0100 Subject: [PATCH 042/247] Improve documentation of (D)TLSInnerPlaintext handling Signed-off-by: Hanno Becker --- library/ssl_msg.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index e739e2fb6..6151cbd80 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -578,16 +578,21 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } + /* The following two code paths implement the (D)TLSInnerPlaintext + * structure present in TLS 1.3 and DTLS 1.2 + CID. + * + * See ssl_build_inner_plaintext() for more information. + * + * Note that this changes `rec->data_len`, and hence + * `post_avail` needs to be recalculated afterwards. + * + * Note also that the two code paths cannot occur simultaneously + * since they apply to different versions of the protocol. There + * is hence no risk of double-addition of the inner plaintext. + */ #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) { - /* - * Wrap plaintext into TLSInnerPlaintext structure. - * See ssl_build_inner_plaintext() for more information. - * - * Note that this changes `rec->data_len`, and hence - * `post_avail` needs to be recalculated afterwards. - */ if( ssl_build_inner_plaintext( data, &rec->data_len, post_avail, From 81f3662ae8270a8ca55a299982fe609ea5e5473d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 20 May 2020 14:00:29 +0100 Subject: [PATCH 043/247] Update query_config.c Signed-off-by: Hanno Becker --- programs/test/query_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/test/query_config.c b/programs/test/query_config.c index bd3f638a7..7389605b6 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1426,6 +1426,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( strcmp( "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + #if defined(MBEDTLS_SSL_PROTO_DTLS) if( strcmp( "MBEDTLS_SSL_PROTO_DTLS", config ) == 0 ) { From 1cb6c2a69d72f26ead7657f4d05433cf4b787989 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 21 May 2020 15:25:21 +0100 Subject: [PATCH 044/247] TLS record protection: Rewrite AAD setup and add case of TLS 1.3 Signed-off-by: Hanno Becker --- library/ssl_msg.c | 69 ++++++++++++++++++++++++++++++++++------------- 1 file changed, 51 insertions(+), 18 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 6151cbd80..958071c2a 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -426,7 +426,8 @@ static int ssl_parse_inner_plaintext( unsigned char const *content, * and 13 + 1 + CID-length Bytes if the CID extension is enabled. */ static void ssl_extract_add_data_from_record( unsigned char* add_data, size_t *add_data_len, - mbedtls_record *rec ) + mbedtls_record *rec, + unsigned minor_ver ) { /* Quoting RFC 5246 (TLS 1.2): * @@ -442,28 +443,50 @@ static void ssl_extract_add_data_from_record( unsigned char* add_data, * cid + * cid_length + * length_of_DTLSInnerPlaintext; + * + * For TLS 1.3, the record sequence number is dropped from the AAD + * and encoded within the nonce of the AEAD operation instead. */ - memcpy( add_data, rec->ctr, sizeof( rec->ctr ) ); - add_data[8] = rec->type; - memcpy( add_data + 9, rec->ver, sizeof( rec->ver ) ); + unsigned char *cur = add_data; + +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( minor_ver != MBEDTLS_SSL_MINOR_VERSION_4 ) +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + { + ((void) minor_ver); + memcpy( cur, rec->ctr, sizeof( rec->ctr ) ); + cur += sizeof( rec->ctr ); + } + + *cur = rec->type; + cur++; + + memcpy( cur, rec->ver, sizeof( rec->ver ) ); + cur += sizeof( rec->ver ); #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) if( rec->cid_len != 0 ) { - memcpy( add_data + 11, rec->cid, rec->cid_len ); - add_data[11 + rec->cid_len + 0] = rec->cid_len; - add_data[11 + rec->cid_len + 1] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + rec->cid_len + 2] = ( rec->data_len >> 0 ) & 0xFF; - *add_data_len = 13 + 1 + rec->cid_len; + memcpy( cur, rec->cid, rec->cid_len ); + cur += rec->cid_len; + + *cur = rec->cid_len; + cur++; + + cur[0] = ( rec->data_len >> 8 ) & 0xFF; + cur[1] = ( rec->data_len >> 0 ) & 0xFF; + cur += 2; } else #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ { - add_data[11 + 0] = ( rec->data_len >> 8 ) & 0xFF; - add_data[11 + 1] = ( rec->data_len >> 0 ) & 0xFF; - *add_data_len = 13; + cur[0] = ( rec->data_len >> 8 ) & 0xFF; + cur[1] = ( rec->data_len >> 0 ) & 0xFF; + cur += 2; } + + *add_data_len = cur - add_data; } #if defined(MBEDTLS_SSL_PROTO_SSL3) @@ -669,7 +692,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, { unsigned char mac[MBEDTLS_SSL_MAC_ADD]; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec ); + ssl_extract_add_data_from_record( add_data, &add_data_len, rec, + transform->minor_ver ); mbedtls_md_hmac_update( &transform->md_ctx_enc, add_data, add_data_len ); @@ -775,7 +799,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } - ssl_extract_add_data_from_record( add_data, &add_data_len, rec ); + /* + * Build additional data for AEAD encryption. + * This depends on the TLS version. + */ + ssl_extract_add_data_from_record( add_data, &add_data_len, rec, + transform->minor_ver ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", iv, transform->ivlen ); @@ -929,7 +958,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } - ssl_extract_add_data_from_record( add_data, &add_data_len, rec ); + ssl_extract_add_data_from_record( add_data, &add_data_len, + rec, transform->minor_ver ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "using encrypt then mac" ) ); MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, @@ -1097,7 +1127,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, rec->data_offset += explicit_iv_len; rec->data_len -= explicit_iv_len + transform->taglen; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec ); + ssl_extract_add_data_from_record( add_data, &add_data_len, rec, + transform->minor_ver ); MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", add_data, add_data_len ); @@ -1209,7 +1240,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * * Further, we still know that data_len > minlen */ rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec ); + ssl_extract_add_data_from_record( add_data, &add_data_len, rec, + transform->minor_ver ); /* Calculate expected MAC. */ MBEDTLS_SSL_DEBUG_BUF( 4, "MAC'd meta-data", add_data, @@ -1428,7 +1460,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * hence data_len >= maclen in any case. */ rec->data_len -= transform->maclen; - ssl_extract_add_data_from_record( add_data, &add_data_len, rec ); + ssl_extract_add_data_from_record( add_data, &add_data_len, rec, + transform->minor_ver ); #if defined(MBEDTLS_SSL_PROTO_SSL3) if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) From bd5ed1d11bd7a124f65fa6430d757a6f0438968b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 21 May 2020 15:26:39 +0100 Subject: [PATCH 045/247] TLS record protection: Add explicit IV after record protection. The previous record protection code added the explicit part of the record nonce prior to encrypting the record. This temporarily leaves the record structure in the undesireable state that the data outsie of the interval `rec->data_offset, .., rec->data_offset + rec->data_len` has already been written. This commit moves the addition of the explicit IV past record encryption. Signed-off-by: Hanno Becker --- library/ssl_msg.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 958071c2a..57b39c74c 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -761,10 +761,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, unsigned char iv[12]; size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen; - /* Check that there's space for both the authentication tag - * and the explicit IV before and after the record content. */ - if( post_avail < transform->taglen || - rec->data_offset < explicit_iv_len ) + /* Check that there's space for the authentication tag. */ + if( post_avail < transform->taglen ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); @@ -779,8 +777,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, memcpy( iv, transform->iv_enc, transform->fixed_ivlen ); memcpy( iv + transform->fixed_ivlen, rec->ctr, explicit_iv_len ); - /* Prefix record content with explicit IV. */ - memcpy( data - explicit_iv_len, rec->ctr, explicit_iv_len ); } else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 ) { @@ -831,9 +827,20 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, return( ret ); } + /* + * Prefix record content with explicit IV. + */ + if( rec->data_offset < explicit_iv_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + memcpy( data - explicit_iv_len, rec->ctr, explicit_iv_len ); + MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", data + rec->data_len, transform->taglen ); + /* Account for tag and explicit IV. */ rec->data_len += transform->taglen + explicit_iv_len; rec->data_offset -= explicit_iv_len; post_avail -= transform->taglen; From df8be226bacf81b2827dea6624339d95f6b02368 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 21 May 2020 15:30:57 +0100 Subject: [PATCH 046/247] TLS record protection: Add helper function for nonce derivation The computation of the per-record nonce for AEAD record protection varies with the AEAD algorithm and the TLS version in use. This commit introduces a helper function for the nonce computation to ease readability of the quite monolithic record encrytion routine. Signed-off-by: Hanno Becker --- library/ssl_msg.c | 255 ++++++++++++++++++++++++++++++---------------- 1 file changed, 169 insertions(+), 86 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 57b39c74c..420e539c7 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -536,6 +536,78 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ +#define SSL_RECORD_AEAD_NONCE_UNKNOWN 0u +#define SSL_RECORD_AEAD_NONCE_CONCAT 1u +#define SSL_RECORD_AEAD_NONCE_XOR 2u + +static int ssl_transform_get_nonce_mode( mbedtls_ssl_transform const *transform ) +{ +#if defined(MBEDTLS_CHACHAPOLY_C) + if( transform->ivlen == 12 && transform->fixed_ivlen == 12 ) + { + return( SSL_RECORD_AEAD_NONCE_XOR ); + } +#endif /* MBEDTLS_CHACHAPOLY_C */ + +#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) + if( transform->ivlen == 12 && transform->fixed_ivlen == 4 ) + { + return( SSL_RECORD_AEAD_NONCE_CONCAT ); + } +#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ + + return( SSL_RECORD_AEAD_NONCE_UNKNOWN ); +} + +/* Preconditions: + * - If mode == SSL_RECORD_AEAD_NONCE_CONCAT, then + * dst_nonce_len == fixed_iv_len + dynamic_iv_len + * - If mode == SSL_RECORD_AEAD_NONCE_XOR, then + * dst_nonce_len == fixed_iv_len && + * dynamic_iv_len < dst_nonce + */ +static int ssl_build_record_nonce( unsigned char *dst_nonce, + size_t dst_nonce_len, + unsigned char const *fixed_iv, + size_t fixed_iv_len, + unsigned char const *dynamic_iv, + size_t dynamic_iv_len, + unsigned mode ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + + ((void) dst_nonce_len); + + /* Start with Fixed IV || 0 */ + memcpy( dst_nonce, fixed_iv, fixed_iv_len ); + dst_nonce += fixed_iv_len; + + if( mode == SSL_RECORD_AEAD_NONCE_CONCAT ) + { + /* Nonce := Fixed IV || Dynamic IV */ + memcpy( dst_nonce, dynamic_iv, dynamic_iv_len ); + ret = 0; + } + else if( mode == SSL_RECORD_AEAD_NONCE_XOR ) + { + /* Nonce := Fixed IV XOR ( 0 || Dynamic IV ) */ + unsigned char i; + + /* This is safe by the second precondition above. */ + dst_nonce -= dynamic_iv_len; + for( i = 0; i < dynamic_iv_len; i++ ) + dst_nonce[i] ^= dynamic_iv[i]; + + ret = 0; + } + else + { + ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; + } + + return( ret ); +} + int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, mbedtls_record *rec, @@ -759,7 +831,13 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char iv[12]; - size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen; + unsigned char *dynamic_iv; + size_t dynamic_iv_len; + + unsigned const nonce_mode + = ssl_transform_get_nonce_mode( transform ); + unsigned const dynamic_iv_is_explicit + = nonce_mode == SSL_RECORD_AEAD_NONCE_CONCAT; /* Check that there's space for the authentication tag. */ if( post_avail < transform->taglen ) @@ -769,31 +847,28 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } /* - * Generate IV + * Build nonce for AEAD encryption. + * + * Note: In the case of CCM and GCM in TLS 1.2, the dynamic + * part of the IV is prepended to the ciphertext and + * can be chosen freely - in particular, it need not + * agree with the record sequence number. + * However, since ChaChaPoly as well as all AEAD modes + * in TLS 1.3 use the record sequence number as the + * dynamic part of the nonce, we uniformly use the + * record sequence number here in all cases. */ - if( transform->ivlen == 12 && transform->fixed_ivlen == 4 ) - { - /* GCM and CCM: fixed || explicit (=seqnum) */ - memcpy( iv, transform->iv_enc, transform->fixed_ivlen ); - memcpy( iv + transform->fixed_ivlen, rec->ctr, - explicit_iv_len ); - } - else if( transform->ivlen == 12 && transform->fixed_ivlen == 12 ) - { - /* ChachaPoly: fixed XOR sequence number */ - unsigned char i; + dynamic_iv = rec->ctr; + dynamic_iv_len = sizeof( rec->ctr ); - memcpy( iv, transform->iv_enc, transform->fixed_ivlen ); - - for( i = 0; i < 8; i++ ) - iv[i+4] ^= rec->ctr[i]; - } - else - { - /* Reminder if we ever add an AEAD mode with a different size */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } + ret = ssl_build_record_nonce( iv, sizeof( iv ), + transform->iv_enc, + transform->fixed_ivlen, + dynamic_iv, + dynamic_iv_len, + nonce_mode ); + if( ret != 0 ) + return( ret ); /* * Build additional data for AEAD encryption. @@ -805,7 +880,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", iv, transform->ivlen ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)", - data - explicit_iv_len, explicit_iv_len ); + data - dynamic_iv_len * dynamic_iv_is_explicit, + dynamic_iv_len * dynamic_iv_is_explicit ); MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", add_data, add_data_len ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " @@ -826,24 +902,28 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_cipher_auth_encrypt", ret ); return( ret ); } - - /* - * Prefix record content with explicit IV. - */ - if( rec->data_offset < explicit_iv_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - } - memcpy( data - explicit_iv_len, rec->ctr, explicit_iv_len ); - MBEDTLS_SSL_DEBUG_BUF( 4, "after encrypt: tag", data + rec->data_len, transform->taglen ); - - /* Account for tag and explicit IV. */ - rec->data_len += transform->taglen + explicit_iv_len; - rec->data_offset -= explicit_iv_len; + /* Account for authentication tag. */ + rec->data_len += transform->taglen; post_avail -= transform->taglen; + + /* + * Prefix record content with dynamic IV in case it is explicit. + */ + if( dynamic_iv_is_explicit == 1 ) + { + if( rec->data_offset < dynamic_iv_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Buffer provided for encrypted record not large enough" ) ); + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + } + + memcpy( data - dynamic_iv_len, dynamic_iv, dynamic_iv_len ); + rec->data_offset -= dynamic_iv_len; + rec->data_len += dynamic_iv_len; + } + auth_done++; } else @@ -1080,60 +1160,63 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, mode == MBEDTLS_MODE_CHACHAPOLY ) { unsigned char iv[12]; - size_t explicit_iv_len = transform->ivlen - transform->fixed_ivlen; + unsigned const nonce_mode = ssl_transform_get_nonce_mode( transform ); + unsigned char *dynamic_iv; + size_t dynamic_iv_len; /* - * Prepare IV from explicit and implicit data. + * Extract dynamic part of nonce for AEAD decryption. + * + * Note: In the case of CCM and GCM in TLS 1.2, the dynamic + * part of the IV is prepended to the ciphertext and + * can be chosen freely - in particular, it need not + * agree with the record sequence number. */ - - /* Check that there's enough space for the explicit IV - * (at the beginning of the record) and the MAC (at the - * end of the record). */ - if( rec->data_len < explicit_iv_len + transform->taglen ) + dynamic_iv_len = sizeof( rec->ctr ); + if( nonce_mode == SSL_RECORD_AEAD_NONCE_XOR ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) " - "+ taglen (%d)", rec->data_len, - explicit_iv_len, transform->taglen ) ); + dynamic_iv = rec->ctr; + } + else + { + if( rec->data_len < dynamic_iv_len ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < explicit_iv_len (%d) ", + rec->data_len, + dynamic_iv_len ) ); + return( MBEDTLS_ERR_SSL_INVALID_MAC ); + } + dynamic_iv = data; + + data += dynamic_iv_len; + rec->data_offset += dynamic_iv_len; + rec->data_len -= dynamic_iv_len; + } + + /* Check that there's space for the authentication tag. */ + if( rec->data_len < transform->taglen ) + { + MBEDTLS_SSL_DEBUG_MSG( 1, ( "msglen (%d) < taglen (%d) " ) ); return( MBEDTLS_ERR_SSL_INVALID_MAC ); } + rec->data_len -= transform->taglen; -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) - if( transform->ivlen == 12 && transform->fixed_ivlen == 4 ) - { - /* GCM and CCM: fixed || explicit */ - - /* Fixed */ - memcpy( iv, transform->iv_dec, transform->fixed_ivlen ); - /* Explicit */ - memcpy( iv + transform->fixed_ivlen, data, 8 ); - } - else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ -#if defined(MBEDTLS_CHACHAPOLY_C) - if( transform->ivlen == 12 && transform->fixed_ivlen == 12 ) - { - /* ChachaPoly: fixed XOR sequence number */ - unsigned char i; - - memcpy( iv, transform->iv_dec, transform->fixed_ivlen ); - - for( i = 0; i < 8; i++ ) - iv[i+4] ^= rec->ctr[i]; - } - else -#endif /* MBEDTLS_CHACHAPOLY_C */ - { - /* Reminder if we ever add an AEAD mode with a different size */ - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); - } - - /* Group changes to data, data_len, and add_data, because - * add_data depends on data_len. */ - data += explicit_iv_len; - rec->data_offset += explicit_iv_len; - rec->data_len -= explicit_iv_len + transform->taglen; + /* + * Prepare nonce from dynamic and static parts. + */ + ret = ssl_build_record_nonce( iv, sizeof( iv ), + transform->iv_dec, + transform->fixed_ivlen, + dynamic_iv, + dynamic_iv_len, + nonce_mode ); + if( ret != 0 ) + return( ret ); + /* + * Build additional data for AEAD encryption. + * This depends on the TLS version. + */ ssl_extract_add_data_from_record( add_data, &add_data_len, rec, transform->minor_ver ); MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", From 17263803aa034122603ef864a536751f018a2fbd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 07:05:48 +0100 Subject: [PATCH 047/247] Simplify AEAD nonce derivation This commit simplifies nonce derivation for AEAD based record protection routines in the following way. So far, code distinguished between the cases of GCM+CCM and ChachaPoly: - In the case of GCM+CCM, the AEAD nonce is the concatentation of a 4-byte Fixed IV and a dynamically chosen 8-byte IV which is prepended to the record. In Mbed TLS, this is always chosen to be the record sequence number, but it need not to. - In the case of ChaChaPoly, the AEAD nonce is derived as `( 12-byte Fixed IV ) XOR ( 0 || 8-byte dynamic IV == record seq nr )` and the dynamically chosen IV is no longer prepended to the record. This commit removes this distinction by always computing the record nonce via the formula `IV == ( Fixed IV || 0 ) XOR ( 0 || Dynamic IV )` The ChaChaPoly case is recovered in case `Len(Fixed IV) == Len(IV)`, and GCM+CCM is recovered when `Len(IV) == Len(Fixed IV) + Len(Dynamic IV)`. Moreover, a getter stub `ssl_transform_aead_dynamic_iv_is_explicit()` is introduced which infers from a transform whether the dynamically chosen part of the IV is explicit, which in the current implementation of `mbedtls_ssl_transform` can be derived from the helper field `mbedtls_ssl_transform::fixed_ivlen`. Signed-off-by: Hanno Becker --- library/ssl_msg.c | 135 +++++++++++++++------------------------------- 1 file changed, 44 insertions(+), 91 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 420e539c7..1c56e538f 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -536,76 +536,39 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ -#define SSL_RECORD_AEAD_NONCE_UNKNOWN 0u -#define SSL_RECORD_AEAD_NONCE_CONCAT 1u -#define SSL_RECORD_AEAD_NONCE_XOR 2u - -static int ssl_transform_get_nonce_mode( mbedtls_ssl_transform const *transform ) +static int ssl_transform_aead_dynamic_iv_is_explicit( + mbedtls_ssl_transform const *transform ) { -#if defined(MBEDTLS_CHACHAPOLY_C) - if( transform->ivlen == 12 && transform->fixed_ivlen == 12 ) - { - return( SSL_RECORD_AEAD_NONCE_XOR ); - } -#endif /* MBEDTLS_CHACHAPOLY_C */ - -#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) - if( transform->ivlen == 12 && transform->fixed_ivlen == 4 ) - { - return( SSL_RECORD_AEAD_NONCE_CONCAT ); - } -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ - - return( SSL_RECORD_AEAD_NONCE_UNKNOWN ); + return( transform->ivlen != transform->fixed_ivlen ); } -/* Preconditions: - * - If mode == SSL_RECORD_AEAD_NONCE_CONCAT, then - * dst_nonce_len == fixed_iv_len + dynamic_iv_len - * - If mode == SSL_RECORD_AEAD_NONCE_XOR, then - * dst_nonce_len == fixed_iv_len && - * dynamic_iv_len < dst_nonce - */ -static int ssl_build_record_nonce( unsigned char *dst_nonce, - size_t dst_nonce_len, - unsigned char const *fixed_iv, - size_t fixed_iv_len, - unsigned char const *dynamic_iv, - size_t dynamic_iv_len, - unsigned mode ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - ((void) dst_nonce_len); +/* Compute IV := ( fixed_iv || 0 ) XOR ( 0 || dynamic_IV ) + * + * Concretely, this occurs in two variants: + * + * a) Fixed and dynamic IV lengths add up to total IV length, giving + * IV = fixed_iv || dynamic_iv + * + * b) Fixed IV lengths matches total IV length, giving + * IV = fixed_iv XOR ( 0 || dynamic_iv ) + */ +static void ssl_build_record_nonce( unsigned char *dst_iv, + size_t dst_iv_len, + unsigned char const *fixed_iv, + size_t fixed_iv_len, + unsigned char const *dynamic_iv, + size_t dynamic_iv_len ) +{ + size_t i; /* Start with Fixed IV || 0 */ - memcpy( dst_nonce, fixed_iv, fixed_iv_len ); - dst_nonce += fixed_iv_len; + memset( dst_iv, 0, dst_iv_len ); + memcpy( dst_iv, fixed_iv, fixed_iv_len ); - if( mode == SSL_RECORD_AEAD_NONCE_CONCAT ) - { - /* Nonce := Fixed IV || Dynamic IV */ - memcpy( dst_nonce, dynamic_iv, dynamic_iv_len ); - ret = 0; - } - else if( mode == SSL_RECORD_AEAD_NONCE_XOR ) - { - /* Nonce := Fixed IV XOR ( 0 || Dynamic IV ) */ - unsigned char i; - - /* This is safe by the second precondition above. */ - dst_nonce -= dynamic_iv_len; - for( i = 0; i < dynamic_iv_len; i++ ) - dst_nonce[i] ^= dynamic_iv[i]; - - ret = 0; - } - else - { - ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; - } - - return( ret ); + dst_iv += dst_iv_len - dynamic_iv_len; + for( i = 0; i < dynamic_iv_len; i++ ) + dst_iv[i] ^= dynamic_iv[i]; } int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, @@ -833,11 +796,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, unsigned char iv[12]; unsigned char *dynamic_iv; size_t dynamic_iv_len; - - unsigned const nonce_mode - = ssl_transform_get_nonce_mode( transform ); - unsigned const dynamic_iv_is_explicit - = nonce_mode == SSL_RECORD_AEAD_NONCE_CONCAT; + int dynamic_iv_is_explicit = + ssl_transform_aead_dynamic_iv_is_explicit( transform ); /* Check that there's space for the authentication tag. */ if( post_avail < transform->taglen ) @@ -861,14 +821,11 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, dynamic_iv = rec->ctr; dynamic_iv_len = sizeof( rec->ctr ); - ret = ssl_build_record_nonce( iv, sizeof( iv ), - transform->iv_enc, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len, - nonce_mode ); - if( ret != 0 ) - return( ret ); + ssl_build_record_nonce( iv, sizeof( iv ), + transform->iv_enc, + transform->fixed_ivlen, + dynamic_iv, + dynamic_iv_len ); /* * Build additional data for AEAD encryption. @@ -911,7 +868,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, /* * Prefix record content with dynamic IV in case it is explicit. */ - if( dynamic_iv_is_explicit == 1 ) + if( dynamic_iv_is_explicit ) { if( rec->data_offset < dynamic_iv_len ) { @@ -1160,7 +1117,6 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, mode == MBEDTLS_MODE_CHACHAPOLY ) { unsigned char iv[12]; - unsigned const nonce_mode = ssl_transform_get_nonce_mode( transform ); unsigned char *dynamic_iv; size_t dynamic_iv_len; @@ -1173,11 +1129,7 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * agree with the record sequence number. */ dynamic_iv_len = sizeof( rec->ctr ); - if( nonce_mode == SSL_RECORD_AEAD_NONCE_XOR ) - { - dynamic_iv = rec->ctr; - } - else + if( ssl_transform_aead_dynamic_iv_is_explicit( transform ) == 1 ) { if( rec->data_len < dynamic_iv_len ) { @@ -1192,6 +1144,10 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, rec->data_offset += dynamic_iv_len; rec->data_len -= dynamic_iv_len; } + else + { + dynamic_iv = rec->ctr; + } /* Check that there's space for the authentication tag. */ if( rec->data_len < transform->taglen ) @@ -1204,14 +1160,11 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, /* * Prepare nonce from dynamic and static parts. */ - ret = ssl_build_record_nonce( iv, sizeof( iv ), - transform->iv_dec, - transform->fixed_ivlen, - dynamic_iv, - dynamic_iv_len, - nonce_mode ); - if( ret != 0 ) - return( ret ); + ssl_build_record_nonce( iv, sizeof( iv ), + transform->iv_dec, + transform->fixed_ivlen, + dynamic_iv, + dynamic_iv_len ); /* * Build additional data for AEAD encryption. From c0eefa8b921f2e08f0357b6bc2ef446c5aac3095 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 07:17:36 +0100 Subject: [PATCH 048/247] Introduce helper function to retrieve explicit IV len for transform The structure `mbedtls_ssl_transform` representing record protection transformations should ideally be used through a function-based interface only, as this will ease change of implementation as well as the addition of new record protection routines in the future. This commit makes a step in that direction by introducing the helper function `ssl_transform_get_explicit_iv_len()` which returns the size of the pre-expansion during record encryption due to the potential addition of an explicit IV. Signed-off-by: Hanno Becker --- library/ssl_msg.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 1c56e538f..669a33d4b 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -4985,6 +4985,15 @@ int mbedtls_ssl_parse_change_cipher_spec( mbedtls_ssl_context *ssl ) * and the caller has to make sure there's space for this. */ +static size_t ssl_transform_get_explicit_iv_len( + mbedtls_ssl_transform const *transform ) +{ + if( transform->minor_ver < MBEDTLS_SSL_MINOR_VERSION_2 ) + return( 0 ); + + return( transform->ivlen - transform->fixed_ivlen ); +} + void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform ) { @@ -5013,14 +5022,10 @@ void mbedtls_ssl_update_out_pointers( mbedtls_ssl_context *ssl, ssl->out_iv = ssl->out_hdr + 5; } + ssl->out_msg = ssl->out_iv; /* Adjust out_msg to make space for explicit IV, if used. */ - if( transform != NULL && - ssl->minor_ver >= MBEDTLS_SSL_MINOR_VERSION_2 ) - { - ssl->out_msg = ssl->out_iv + transform->ivlen - transform->fixed_ivlen; - } - else - ssl->out_msg = ssl->out_iv; + if( transform != NULL ) + ssl->out_msg += ssl_transform_get_explicit_iv_len( transform ); } /* Once ssl->in_hdr as the address of the beginning of the From 447558df12ba054818569cf8b35869ea8bb136de Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 07:36:33 +0100 Subject: [PATCH 049/247] Improve documentation of ssl_populate_transform() Signed-off-by: Hanno Becker --- library/ssl_tls.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index fd0c8a7ab..116d2a26c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -973,9 +973,12 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, transform->taglen = ciphersuite_info->flags & MBEDTLS_CIPHERSUITE_SHORT_TAG ? 8 : 16; - /* All modes haves 96-bit IVs; - * GCM and CCM has 4 implicit and 8 explicit bytes - * ChachaPoly has all 12 bytes implicit + /* All modes haves 96-bit IVs, but the length of the static parts vary + * with mode and version: + * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes + * (to be concatenated with a dynamically chosen IV of 8 Bytes) + * - For ChaChaPoly in TLS 1.2, there's a static IV of 12 Bytes + * (to be XOR'ed with the 8 Byte record sequence number). */ transform->ivlen = 12; if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) From f93c2d7ca551661a851b503122222b38cc2b5189 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 07:39:43 +0100 Subject: [PATCH 050/247] Add support for TLS 1.3 record protection to ssl_populate_transform() Signed-off-by: Hanno Becker --- library/ssl_tls.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 116d2a26c..30c917bb1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -977,14 +977,24 @@ static int ssl_populate_transform( mbedtls_ssl_transform *transform, * with mode and version: * - For GCM and CCM in TLS 1.2, there's a static IV of 4 Bytes * (to be concatenated with a dynamically chosen IV of 8 Bytes) - * - For ChaChaPoly in TLS 1.2, there's a static IV of 12 Bytes - * (to be XOR'ed with the 8 Byte record sequence number). + * - For ChaChaPoly in TLS 1.2, and all modes in TLS 1.3, there's + * a static IV of 12 Bytes (to be XOR'ed with the 8 Byte record + * sequence number). */ transform->ivlen = 12; - if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + { transform->fixed_ivlen = 12; + } else - transform->fixed_ivlen = 4; +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + { + if( cipher_info->mode == MBEDTLS_MODE_CHACHAPOLY ) + transform->fixed_ivlen = 12; + else + transform->fixed_ivlen = 4; + } /* Minimum length of encrypted record */ explicit_ivlen = transform->ivlen - transform->fixed_ivlen; From e683287710779c7487f3aab607d13c5cfef82f10 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 08:29:58 +0100 Subject: [PATCH 051/247] Adapt SSL record protection unit test to setup TLS 1.3 transforms Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.function | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index d902abd2b..205abc60e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1306,8 +1306,18 @@ static int build_transforms( mbedtls_ssl_transform *t_in, { case MBEDTLS_MODE_GCM: case MBEDTLS_MODE_CCM: - t_out->fixed_ivlen = 4; - t_in->fixed_ivlen = 4; +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + if( ver == MBEDTLS_SSL_MINOR_VERSION_4 ) + { + t_out->fixed_ivlen = 12; + t_in->fixed_ivlen = 12; + } + else +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ + { + t_out->fixed_ivlen = 4; + t_in->fixed_ivlen = 4; + } t_out->maclen = 0; t_in->maclen = 0; switch( tag_mode ) From a0c65d84daa965f729936284d2fbfc66d57db8cb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 08:59:39 +0100 Subject: [PATCH 052/247] Update version_features.c Signed-off-by: Hanno Becker --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index d16ad1bac..f5ea7989e 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -519,6 +519,9 @@ static const char * const features[] = { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) "MBEDTLS_SSL_PROTO_TLS1_2", #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL", +#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */ #if defined(MBEDTLS_SSL_PROTO_DTLS) "MBEDTLS_SSL_PROTO_DTLS", #endif /* MBEDTLS_SSL_PROTO_DTLS */ From b246214ade8cbfa52c5168c836bd73996d0e17a6 Mon Sep 17 00:00:00 2001 From: Jonas Date: Thu, 28 May 2020 20:00:43 +0900 Subject: [PATCH 053/247] Fix Changelag PR number and uniformize code when prng fails Signed-off-by: Jonas --- ChangeLog.d/fix-ecp-mul-memory-leak.txt | 2 +- library/ecp.c | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog.d/fix-ecp-mul-memory-leak.txt b/ChangeLog.d/fix-ecp-mul-memory-leak.txt index 2ffd51caf..e82cadc2d 100644 --- a/ChangeLog.d/fix-ecp-mul-memory-leak.txt +++ b/ChangeLog.d/fix-ecp-mul-memory-leak.txt @@ -1,3 +1,3 @@ Bugfix * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() - when PRNG function fails. Contributed by Jonas Lejeune in #3317. + when PRNG function fails. Contributed by Jonas Lejeune in #3318. diff --git a/library/ecp.c b/library/ecp.c index 3c4a91aab..9522edf77 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2862,7 +2862,10 @@ int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp, * such as secp224k1 are actually very close to the worst case. */ if( ++count > 30 ) - return( MBEDTLS_ERR_ECP_RANDOM_FAILED ); + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } ret = mbedtls_mpi_lt_mpi_ct( d, &grp->N, &cmp ); if( ret != 0 ) From b54094bd7c083fbf555ad839f445573a4e8df045 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 15:41:44 +0100 Subject: [PATCH 054/247] Fix copy-pasta in TLS 1.3 record protection unit test names Signed-off-by: Hanno Becker --- tests/suites/test_suite_ssl.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index e71a4cb87..aa314dd32 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -4210,7 +4210,7 @@ Record crypt, AES-256-GCM, 1.2 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_3:0:0 -Record crypt, AES-192-GCM, 1.3 +Record crypt, AES-256-GCM, 1.3 depends_on:MBEDTLS_AES_C:MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL:MBEDTLS_GCM_C ssl_crypt_record:MBEDTLS_CIPHER_AES_256_GCM:MBEDTLS_MD_MD5:0:0:MBEDTLS_SSL_MINOR_VERSION_4:0:0 From 6e24980cc6c3bc024ddc114921e593495165a9c4 Mon Sep 17 00:00:00 2001 From: ndilieto <49833066+ndilieto@users.noreply.github.com> Date: Thu, 28 May 2020 06:17:38 +0000 Subject: [PATCH 055/247] Minor style and documentation improvements Co-authored-by: Gilles Peskine Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 32 ++++++++++++++++---------------- library/x509_crt.c | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 19de1e968..13687b5f0 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -310,14 +310,15 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * mbedtls_x509_crt_parse_der_ext() routine when it encounters * an unsupported extension. * - * \param crt Pointer to the certificate being parsed - * \param oid Extension's OID - * \param critical If the extension is critical (per the RFC's definition) - * \param p On entry \c *p points to the start of the extension ASN.1 - * data. On successful completion \c *p must point to the - * first byte after it. - * On error, the value of \c *p is undefined. - * \param end End of extension data. + * \param crt The certificate being parsed. + * \param oid The OID of the extension. + * \param critical Whether the extension is critical. + * \param p On entry, \c *p points to the start of the extension value + * (the content of the OCTET STRING). + * On successful completion, \c *p must point to the + * first byte after the extension value. + * On error, the value of \c *p is not undefined. + * \param end End of extension value. * * \note The callback must fail and return a negative error code if * it can not parse or does not support the extension. @@ -326,10 +327,10 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \return A negative error code on failure. */ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, - mbedtls_x509_buf const *oid, - int critical, - unsigned char **p, - const unsigned char *end ); + mbedtls_x509_buf const *oid, + int critical, + unsigned char **p, + const unsigned char *end ); /** * \brief Parse a single DER formatted certificate and add it @@ -354,10 +355,9 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, * \return A negative error code on failure. */ int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - mbedtls_x509_crt_ext_cb_t cb - ); + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb ); /** * \brief Parse a single DER formatted certificate and add it diff --git a/library/x509_crt.c b/library/x509_crt.c index 9076b321b..a0d35ae3a 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -957,7 +957,7 @@ static int x509_get_crt_ext( unsigned char **p, if( ret != 0 ) { /* Give the callback (if any) a chance to handle the extension */ - if (cb && cb(crt, &extn_oid, is_critical, p, end_ext_octet) == 0) + if( cb != NULL && cb( crt, &extn_oid, is_critical, p, end_ext_octet ) == 0 ) continue; /* No parser found, skip extension */ From fde98f7773b15175d8f88fe28ac5b3e42f386077 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 08:34:33 +0200 Subject: [PATCH 056/247] Rename mbedtls_x509_crt_parse_der_ext new name: mbedtls_x509_crt_parse_der_with_ext_cb Co-authored-by: Gilles Peskine Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 12 ++++++------ library/x509_crt.c | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 13687b5f0..96129be36 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -307,8 +307,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \brief The type of certificate extension callbacks. * * Callbacks of this type are passed to and used by the - * mbedtls_x509_crt_parse_der_ext() routine when it encounters - * an unsupported extension. + * mbedtls_x509_crt_parse_der_with_ext_cb() routine when + * it encounters an unsupported extension. * * \param crt The certificate being parsed. * \param oid The OID of the extension. @@ -354,10 +354,10 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - mbedtls_x509_crt_ext_cb_t cb ); +int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb ); /** * \brief Parse a single DER formatted certificate and add it diff --git a/library/x509_crt.c b/library/x509_crt.c index a0d35ae3a..bf06872d4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1384,10 +1384,10 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL ) ); } -int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - mbedtls_x509_crt_ext_cb_t cb ) +int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb ) { return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, cb ) ); } From fae25a13d931fa6c5c6afac59787ce4ba39b71d9 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 08:55:08 +0200 Subject: [PATCH 057/247] mbedtls_x509_crt_ext_cb_t definition changed As suggested in https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431238005 Co-authored-by: Gilles Peskine Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 7 ++----- library/x509_crt.c | 7 ++++++- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 96129be36..28dfa515c 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -313,11 +313,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \param crt The certificate being parsed. * \param oid The OID of the extension. * \param critical Whether the extension is critical. - * \param p On entry, \c *p points to the start of the extension value + * \param p Pointer to the start of the extension value * (the content of the OCTET STRING). - * On successful completion, \c *p must point to the - * first byte after the extension value. - * On error, the value of \c *p is not undefined. * \param end End of extension value. * * \note The callback must fail and return a negative error code if @@ -329,7 +326,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, - unsigned char **p, + const unsigned char *p, const unsigned char *end ); /** diff --git a/library/x509_crt.c b/library/x509_crt.c index bf06872d4..6fdee955b 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -957,8 +957,13 @@ static int x509_get_crt_ext( unsigned char **p, if( ret != 0 ) { /* Give the callback (if any) a chance to handle the extension */ - if( cb != NULL && cb( crt, &extn_oid, is_critical, p, end_ext_octet ) == 0 ) + if( cb != NULL ) { + ret = cb( crt, &extn_oid, is_critical, *p, end_ext_octet ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + *p = end_ext_octet; continue; + } /* No parser found, skip extension */ *p = end_ext_octet; From 4dbe5676af58ce7203b75a6d471d6c01fc5b3061 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 09:18:42 +0200 Subject: [PATCH 058/247] mbedtls_x509_crt_parse_der_with_ext_cb enhancement added make_copy parameter as suggested in https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431233555 Co-authored-by: Gilles Peskine Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 43 +++++++++++++++++++++++--------------- library/x509_crt.c | 3 ++- 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 28dfa515c..fb91af289 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -330,30 +330,39 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, const unsigned char *end ); /** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. + * \brief Parse a single DER formatted certificate and add it + * to the end of the provided chained list. * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The buffer holding the DER encoded certificate. - * \param buflen The size in Bytes of \p buf. - * \param cb A callback invoked for every unsupported certificate - * extension. + * \param chain The pointer to the start of the CRT chain to attach to. + * When parsing the first CRT in a chain, this should point + * to an instance of ::mbedtls_x509_crt initialized through + * mbedtls_x509_crt_init(). + * \param buf The buffer holding the DER encoded certificate. + * \param buflen The size in Bytes of \p buf. + * \param make_copy When not zero this function makes an internal copy of the + * CRT buffer \p buf. In particular, \p buf may be destroyed + * or reused after this call returns. + * When zero this function avoids duplicating the CRT buffer + * by taking temporary ownership thereof until the CRT + * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) + * \param cb A callback invoked for every unsupported certificate + * extension. * - * \note This call is functionally equivalent to - * mbedtls_x509_crt_parse_der(), but it calls the callback - * with every unsupported certificate extension. - * The callback must return a negative error code if it - * does not know how to handle such an extension. + * \note This call is functionally equivalent to + * mbedtls_x509_crt_parse_der(), and/or + * mbedtls_x509_crt_parse_der_nocopy() + * but it calls the callback with every unsupported + * certificate extension. + * The callback must return a negative error code if it + * does not know how to handle such an extension. * - * \return \c 0 if successful. - * \return A negative error code on failure. + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, + int no_copy, mbedtls_x509_crt_ext_cb_t cb ); /** diff --git a/library/x509_crt.c b/library/x509_crt.c index 6fdee955b..2e2fb24d5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1392,9 +1392,10 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, + int make_copy, mbedtls_x509_crt_ext_cb_t cb ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, cb ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb ) ); } int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, From 235c72d3cb63fb8f6021867dc2baeb3c6e2ebaa3 Mon Sep 17 00:00:00 2001 From: Hugues de Valon Date: Thu, 28 May 2020 08:42:01 +0100 Subject: [PATCH 059/247] Generate PSA constant names in CMake build dir This commit modifies the generate_psa_constants.py script to take as input argument the location of where to write the psa_constant_names_generated.c file. For make-based build system, this commit does not change anything. For CMake build system, this commit modifies the generation location of that file to be inside the build directory and include it from there in psa_constant_names.c Fix #3365 Signed-off-by: Hugues de Valon --- programs/psa/CMakeLists.txt | 3 ++- scripts/generate_psa_constants.py | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index c80043bc4..201f987c7 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -5,11 +5,12 @@ add_executable(key_ladder_demo key_ladder_demo.c) target_link_libraries(key_ladder_demo mbedtls) add_executable(psa_constant_names psa_constant_names.c) +target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) target_link_libraries(psa_constant_names mbedtls) add_custom_target( psa_constant_names_generated - COMMAND ${PYTHON_EXECUTABLE} scripts/generate_psa_constants.py + COMMAND ${PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR} WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../ ) add_dependencies(psa_constant_names psa_constant_names_generated) diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index c6bd9b6a0..c441b4e15 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -8,6 +8,7 @@ of that program. import os import re +import sys OUTPUT_TEMPLATE = '''\ /* Automatically generated by generate_psa_constant.py. DO NOT EDIT. */ @@ -395,6 +396,8 @@ def generate_psa_constants(header_file_names, output_file_name): if __name__ == '__main__': if not os.path.isdir('programs') and os.path.isdir('../programs'): os.chdir('..') + # Allow to change the directory where psa_constant_names_generated.c is written to. + OUTPUT_FILE_DIR = sys.argv[1] if len(sys.argv) == 2 else "programs/psa" generate_psa_constants(['include/psa/crypto_values.h', 'include/psa/crypto_extra.h'], - 'programs/psa/psa_constant_names_generated.c') + OUTPUT_FILE_DIR + '/psa_constant_names_generated.c') From eca95db763ac9a32c20da19d1b177319c008ce23 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 28 May 2020 18:19:20 +0200 Subject: [PATCH 060/247] Finish the documentation of normalize_path Signed-off-by: Gilles Peskine --- tests/scripts/check-files.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index b6fa98926..62b526ab9 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -46,8 +46,10 @@ class FileIssueTracker: @staticmethod def normalize_path(filepath): - """Normalize ``filepath`` """ + """Normalize ``filepath`` with / as the directory separator.""" filepath = os.path.normpath(filepath) + # On Windows, we may have backslashes to separate directories. + # We need slashes to match exemption lists. seps = os.path.sep if os.path.altsep is not None: seps += os.path.altsep From a8b26c2ae46c1651214baf1f3894ed901eed4d13 Mon Sep 17 00:00:00 2001 From: Dan Handley Date: Thu, 28 May 2020 16:20:31 +0100 Subject: [PATCH 061/247] Enable branch coverage in basic_build_test.sh Enable branch coverage output in basic_build_test.sh. This includes enabling branch coverage output to the lcov make target, which is disabled by default. Signed-off-by: Dan Handley --- Makefile | 8 ++++---- tests/scripts/basic-build-test.sh | 15 ++++++++++----- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index e0eb7a58c..5ac5a53f6 100644 --- a/Makefile +++ b/Makefile @@ -107,11 +107,11 @@ covtest: lcov: rm -rf Coverage lcov --capture --initial --directory library -o files.info - lcov --capture --directory library -o tests.info - lcov --add-tracefile files.info --add-tracefile tests.info -o all.info - lcov --remove all.info -o final.info '*.h' + lcov --rc lcov_branch_coverage=1 --capture --directory library -o tests.info + lcov --rc lcov_branch_coverage=1 --add-tracefile files.info --add-tracefile tests.info -o all.info + lcov --rc lcov_branch_coverage=1 --remove all.info -o final.info '*.h' gendesc tests/Descriptions.txt -o descriptions - genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info + genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --branch-coverage -o Coverage final.info rm -f files.info tests.info all.info final.info descriptions apidoc: diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 08c141052..0be870587 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -218,10 +218,12 @@ echo # Step 4e - Coverage echo "Coverage" -LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') -LINES_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p') -FUNCS_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') -FUNCS_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p') +LINES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') +LINES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p') +FUNCS_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') +FUNCS_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p') +BRANCHES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* branches)$/\1/p') +BRANCHES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) branches)$/\1/p') LINES_PERCENT=$((1000*$LINES_TESTED/$LINES_TOTAL)) LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))" @@ -229,11 +231,14 @@ LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10)) FUNCS_PERCENT=$((1000*$FUNCS_TESTED/$FUNCS_TOTAL)) FUNCS_PERCENT="$(($FUNCS_PERCENT/10)).$(($FUNCS_PERCENT-($FUNCS_PERCENT/10)*10))" +BRANCHES_PERCENT=$((1000*$BRANCHES_TESTED/$BRANCHES_TOTAL)) +BRANCHES_PERCENT="$(($BRANCHES_PERCENT/10)).$(($BRANCHES_PERCENT-($BRANCHES_PERCENT/10)*10))" + echo "Lines Tested : $LINES_TESTED of $LINES_TOTAL $LINES_PERCENT%" echo "Functions Tested : $FUNCS_TESTED of $FUNCS_TOTAL $FUNCS_PERCENT%" +echo "Branches Tested : $BRANCHES_TESTED of $BRANCHES_TOTAL $BRANCHES_PERCENT%" echo - rm unit-test-$TEST_OUTPUT rm sys-test-$TEST_OUTPUT rm compat-test-$TEST_OUTPUT From 2c3a91739365305299f49da201552d35095a860f Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 17:20:42 +0200 Subject: [PATCH 062/247] Minor style improvement Co-authored-by: Hanno Becker Signed-off-by: Nicola Di Lieto --- library/x509_crt.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 2e2fb24d5..554352291 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -957,10 +957,11 @@ static int x509_get_crt_ext( unsigned char **p, if( ret != 0 ) { /* Give the callback (if any) a chance to handle the extension */ - if( cb != NULL ) { + if( cb != NULL ) + { ret = cb( crt, &extn_oid, is_critical, *p, end_ext_octet ); - if ( ret != 0 ) - return ( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if( ret != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); *p = end_ext_octet; continue; } From 5f6ebdebdbc2b86272e5a79ad485cfae00a7fc71 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 19:00:47 +0200 Subject: [PATCH 063/247] Fix wrong parameter name in comment Detected by Travis https://travis-ci.org/github/ARMmbed/mbedtls/jobs/692213150 /home/travis/build/ARMmbed/mbedtls/include/mbedtls/x509_crt.h:333: warning: argument 'make_copy' of command @param is not found in the argument list of mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int no_copy, mbedtls_x509_crt_ext_cb_t cb) Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index fb91af289..cdcc65157 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -362,7 +362,7 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, - int no_copy, + int make_copy, mbedtls_x509_crt_ext_cb_t cb ); /** From 17bb60c0f1e5647c9fca8663e0f0a260f04d2164 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 23:04:15 +0200 Subject: [PATCH 064/247] Tests for mbedtls_x509_crt_parse_der_with_ext_cb Signed-off-by: Nicola Di Lieto --- tests/suites/test_suite_x509parse.data | 8 +++ tests/suites/test_suite_x509parse.function | 82 ++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 7012e8e36..f5345e293 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1988,6 +1988,14 @@ X509 CRT ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +X509 CRT ASN1 (Unsupported critical extension) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRT ASN1 (Unsupported critical extension with callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f3e83d69e..c52af76f5 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -301,6 +301,17 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, return( 0 ); } + +int parse_crt_ext_cb( mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, + const unsigned char *p, const unsigned char *end ) +{ + ( void ) crt; + ( void ) p; + ( void ) end; + if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKIX "\x01\x1F", oid ) != 0 && critical != 0 ) + return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( 0 ); +} #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* END_HEADER */ @@ -771,6 +782,77 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } + mbedtls_x509_crt_free( &crt ); + mbedtls_x509_crt_init( &crt ); + memset( output, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL ) == ( result ) ); + if( ( result ) == 0 ) + { + res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); + + TEST_ASSERT( res != -1 ); + TEST_ASSERT( res != -2 ); + + TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + } + + mbedtls_x509_crt_free( &crt ); + mbedtls_x509_crt_init( &crt ); + memset( output, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL ) == ( result ) ); + if( ( result ) == 0 ) + { + res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); + + TEST_ASSERT( res != -1 ); + TEST_ASSERT( res != -2 ); + + TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + } + +exit: + mbedtls_x509_crt_free( &crt ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ +void x509parse_crt_cb( data_t * buf, char * result_str, int result ) +{ + mbedtls_x509_crt crt; + unsigned char output[2000]; + int res; + + mbedtls_x509_crt_init( &crt ); + memset( output, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb ) == ( result ) ); + if( ( result ) == 0 ) + { + res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); + + TEST_ASSERT( res != -1 ); + TEST_ASSERT( res != -2 ); + + TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + } + + mbedtls_x509_crt_free( &crt ); + mbedtls_x509_crt_init( &crt ); + memset( output, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb ) == ( result ) ); + if( ( result ) == 0 ) + { + res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); + + TEST_ASSERT( res != -1 ); + TEST_ASSERT( res != -2 ); + + TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + } + exit: mbedtls_x509_crt_free( &crt ); } From 5659e7e8896186fcae67af773708059894e60772 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 23:41:38 +0200 Subject: [PATCH 065/247] Add opaque context to mbedtls_x509_crt_ext_cb_t Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 8 ++++++-- library/x509_crt.c | 24 +++++++++++++--------- tests/suites/test_suite_x509parse.function | 13 ++++++------ 3 files changed, 27 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index cdcc65157..296b472a7 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -310,6 +310,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * mbedtls_x509_crt_parse_der_with_ext_cb() routine when * it encounters an unsupported extension. * + * \param p_ctx An opaque context passed to the callback. * \param crt The certificate being parsed. * \param oid The OID of the extension. * \param critical Whether the extension is critical. @@ -323,7 +324,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \return \c 0 on success. * \return A negative error code on failure. */ -typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, +typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, + mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, @@ -347,6 +349,7 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) * \param cb A callback invoked for every unsupported certificate * extension. + * \param p_ctx An opaque context passed to the callback. * * \note This call is functionally equivalent to * mbedtls_x509_crt_parse_der(), and/or @@ -363,7 +366,8 @@ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, - mbedtls_x509_crt_ext_cb_t cb ); + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ); /** * \brief Parse a single DER formatted certificate and add it diff --git a/library/x509_crt.c b/library/x509_crt.c index 554352291..99d3be200 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -893,7 +893,8 @@ static int x509_get_certificate_policies( unsigned char **p, static int x509_get_crt_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_crt *crt, - mbedtls_x509_crt_ext_cb_t cb ) + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -959,7 +960,7 @@ static int x509_get_crt_ext( unsigned char **p, /* Give the callback (if any) a chance to handle the extension */ if( cb != NULL ) { - ret = cb( crt, &extn_oid, is_critical, *p, end_ext_octet ); + ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet ); if( ret != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); *p = end_ext_octet; @@ -1073,7 +1074,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf, size_t buflen, int make_copy, - mbedtls_x509_crt_ext_cb_t cb ) + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -1272,7 +1274,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, if( crt->version == 3 ) #endif { - ret = x509_get_crt_ext( &p, end, crt, cb ); + ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx ); if( ret != 0 ) { mbedtls_x509_crt_free( crt ); @@ -1336,7 +1338,8 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, - mbedtls_x509_crt_ext_cb_t cb ) + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *crt = chain, *prev = NULL; @@ -1368,7 +1371,7 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, crt = crt->next; } - ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb ); + ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb, p_ctx ); if( ret != 0 ) { if( prev ) @@ -1387,23 +1390,24 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL, NULL ) ); } int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, - mbedtls_x509_crt_ext_cb_t cb ) + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb, p_ctx ) ); } int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL, NULL ) ); } /* diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c52af76f5..0e2719d8e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -302,9 +302,10 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, return( 0 ); } -int parse_crt_ext_cb( mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, - const unsigned char *p, const unsigned char *end ) +int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, + int critical, const unsigned char *p, const unsigned char *end ) { + ( void ) p_ctx; ( void ) crt; ( void ) p; ( void ) end; @@ -786,7 +787,7 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL, NULL ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -801,7 +802,7 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL, NULL ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -827,7 +828,7 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, NULL ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -842,7 +843,7 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, NULL ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); From d12402ffc0a0c84a0285e91c98c76bcb3ce75659 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 20 May 2020 10:34:25 +0200 Subject: [PATCH 066/247] Fix undeclared deps on MBEDTLS_CTR_DRBG in tests MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While at it, declare deps on ENTROPY as well. A non-regression test will be added in a follow-up commit. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_rsa.function | 2 +- tests/suites/test_suite_ssl.function | 40 +++++++++++++++------------- 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d4acc2de2..9a3b5837c 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1506,7 +1506,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void mbedtls_rsa_validate_params( int radix_N, char *input_N, int radix_P, char *input_P, int radix_Q, char *input_Q, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index e59a1677c..230d16a0c 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -701,7 +701,9 @@ int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len ) return msg_len; } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) /* * Structure with endpoint's certificates for SSL communication tests. @@ -1007,7 +1009,7 @@ int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl, return ( max_steps >= 0 ) ? ret : -1; } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ /* * Write application data. Increase write counter if necessary. @@ -1637,7 +1639,9 @@ int exchange_data( mbedtls_ssl_context *ssl_1, ssl_2, 256, 1 ); } -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) void perform_handshake( handshake_test_options* options ) { /* forced_ciphersuite needs to last until the end of the handshake */ @@ -1974,7 +1978,7 @@ exit: mbedtls_free( context_buf ); #endif } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ /* END_HEADER */ @@ -3671,7 +3675,7 @@ void ssl_session_serialize_version_check( int corrupt_major, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void mbedtls_endpoint_sanity( int endpoint_type ) { enum { BUFFSIZE = 1024 }; @@ -3694,7 +3698,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15 */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void move_handshake_to_state(int endpoint_type, int state, int need_pass) { enum { BUFFSIZE = 1024 }; @@ -3736,7 +3740,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void handshake_version( int version, int dtls ) { handshake_test_options options; @@ -3759,7 +3763,7 @@ void handshake_version( int version, int dtls ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls ) { handshake_test_options options; @@ -3777,7 +3781,7 @@ void handshake_psk_cipher( char* cipher, int pk_alg, data_t *psk_str, int dtls ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2 */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void handshake_cipher( char* cipher, int pk_alg, int dtls ) { test_handshake_psk_cipher( cipher, pk_alg, NULL, dtls ); @@ -3787,7 +3791,7 @@ void handshake_cipher( char* cipher, int pk_alg, int dtls ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void app_data( int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments, int dtls ) @@ -3808,7 +3812,7 @@ void app_data( int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments ) @@ -3820,7 +3824,7 @@ void app_data_tls( int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len, int expected_cli_fragments, int expected_srv_fragments ) @@ -3832,7 +3836,7 @@ void app_data_dtls( int mfl, int cli_msg_len, int srv_msg_len, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void handshake_serialization( ) { handshake_test_options options; @@ -3846,7 +3850,7 @@ void handshake_serialization( ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int expected_cli_hs_fragmentation) { handshake_test_options options; @@ -3882,7 +3886,7 @@ void handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, int ex } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void renegotiation( int legacy_renegotiation ) { handshake_test_options options; @@ -3898,7 +3902,7 @@ void renegotiation( int legacy_renegotiation ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation, int serialize, int dtls, char *cipher ) { @@ -3919,7 +3923,7 @@ void resize_buffers( int mfl, int renegotiation, int legacy_renegotiation, } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void resize_buffers_serialize_mfl( int mfl ) { test_resize_buffers( mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1, @@ -3930,7 +3934,7 @@ void resize_buffers_serialize_mfl( int mfl ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation, char *cipher ) { From a89040c7f5d53a357dbcc0ab8a85c7c715d943ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 20 May 2020 10:35:01 +0200 Subject: [PATCH 067/247] Fix undeclared deps on CTR_DRBG in programs/fuzz MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While at it, fix a few other obvious ones such as ENTROPY and TIMING_C when applicable. A non-regression test for CTR_DRBG will be added in a follow-up commit. Signed-off-by: Manuel Pégourié-Gonnard --- programs/fuzz/common.c | 5 +++++ programs/fuzz/fuzz_client.c | 12 ++++++++---- programs/fuzz/fuzz_dtlsclient.c | 13 ++++++++++--- programs/fuzz/fuzz_dtlsserver.c | 13 ++++++++++--- programs/fuzz/fuzz_server.c | 12 ++++++++---- 5 files changed, 41 insertions(+), 14 deletions(-) diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c index 5e6c84c26..ac39ee22f 100644 --- a/programs/fuzz/common.c +++ b/programs/fuzz/common.c @@ -58,8 +58,13 @@ int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) int ret; size_t i; +#if defined(MBEDTLS_CTR_DRBG_C) //use mbedtls_ctr_drbg_random to find bugs in it ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); +#else + (void) p_rng; + ret = 0; +#endif for (i=0; i -#ifdef MBEDTLS_SSL_CLI_C +#if defined(MBEDTLS_SSL_CLI_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) static int initialized = 0; #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) static mbedtls_x509_crt cacert; @@ -25,11 +27,13 @@ const char psk_id[] = "Client_identity"; #endif const char *pers = "fuzz_client"; -#endif //MBEDTLS_SSL_CLI_C +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#ifdef MBEDTLS_SSL_CLI_C +#if defined(MBEDTLS_SSL_CLI_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) int ret; size_t len; mbedtls_ssl_context ssl; @@ -167,7 +171,7 @@ exit: #else (void) Data; (void) Size; -#endif //MBEDTLS_SSL_CLI_C +#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ return 0; } diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 8197a6484..ff258bcc7 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -10,20 +10,27 @@ #include "mbedtls/timing.h" -#ifdef MBEDTLS_SSL_CLI_C +#if defined(MBEDTLS_SSL_CLI_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_TIMING_C) static int initialized = 0; #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) static mbedtls_x509_crt cacert; #endif const char *pers = "fuzz_dtlsclient"; -#endif // MBEDTLS_SSL_CLI_C +#endif #endif // MBEDTLS_SSL_PROTO_DTLS int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_CLI_C) +#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ + defined(MBEDTLS_SSL_CLI_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_TIMING_C) int ret; size_t len; mbedtls_ssl_context ssl; diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 9e9fe8ebd..4cde1fe6c 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -11,7 +11,10 @@ #include "mbedtls/ssl_cookie.h" -#ifdef MBEDTLS_SSL_SRV_C +#if defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_TIMING_C) const char *pers = "fuzz_dtlsserver"; const unsigned char client_ip[4] = {0x7F, 0, 0, 1}; static int initialized = 0; @@ -19,11 +22,15 @@ static int initialized = 0; static mbedtls_x509_crt srvcert; static mbedtls_pk_context pkey; #endif -#endif // MBEDTLS_SSL_SRV_C +#endif #endif // MBEDTLS_SSL_PROTO_DTLS int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C) +#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ + defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) && \ + defined(MBEDTLS_TIMING_C) int ret; size_t len; mbedtls_ssl_context ssl; diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 006239c69..014f386ef 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -9,7 +9,9 @@ #include -#ifdef MBEDTLS_SSL_SRV_C +#if defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) const char *pers = "fuzz_server"; static int initialized = 0; #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) @@ -25,11 +27,13 @@ const unsigned char psk[] = { }; const char psk_id[] = "Client_identity"; #endif -#endif // MBEDTLS_SSL_SRV_C +#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#ifdef MBEDTLS_SSL_SRV_C +#if defined(MBEDTLS_SSL_SRV_C) && \ + defined(MBEDTLS_ENTROPY_C) && \ + defined(MBEDTLS_CTR_DRBG_C) int ret; size_t len; mbedtls_ssl_context ssl; @@ -179,7 +183,7 @@ exit: #else (void) Data; (void) Size; -#endif //MBEDTLS_SSL_SRV_C +#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ return 0; } From 600cf9d142ebe8520020d9d49bb8f314a37cf459 Mon Sep 17 00:00:00 2001 From: Hugues de Valon Date: Fri, 29 May 2020 10:29:49 +0100 Subject: [PATCH 068/247] Add usage info of generate_psa_constants script Signed-off-by: Hugues de Valon --- scripts/generate_psa_constants.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index c441b4e15..175cd9ffc 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -1,9 +1,14 @@ #!/usr/bin/env python3 -"""Generate programs/psa/psa_constant_names_generated.c +"""Generate psa_constant_names_generated.c which is included by programs/psa/psa_constant_names.c. The code generated by this module is only meant to be used in the context of that program. + +An argument passed to this script will modify the output directory where the +file is written: +* by default (no arguments passed): writes to programs/psa/ +* OUTPUT_FILE_DIR passed: writes to OUTPUT_FILE_DIR/ """ import os From 817e368dfd6897fcf21959f35e100205713e78a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 28 May 2020 12:55:10 +0200 Subject: [PATCH 069/247] Add test for building without CTR_DRBG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit People who prefer to rely on HMAC_DRBG (for example because they use it for deterministic ECDSA and don't want a second DRBG for code size reasons) should be able to build and run the tests suites without CTR_DRBG. Ideally we should make sure the level of testing (SSL) is the same regardless of which DRBG modules is enabled, but that's a more significant piece of work. For now, just ensure everything builds and `make test` passes. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5ea1c35d1..cbafe1d05 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -819,6 +819,24 @@ component_test_rsa_no_crt () { if_build_succeeded tests/context-info.sh } +component_test_no_ctr_drbg () { + msg "build: Full minus CTR_DRBG" + scripts/config.py full + scripts/config.py unset MBEDTLS_CTR_DRBG_C + scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto + scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C # requires PSA Crypto + scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO # requires PSA Crypto + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: no CTR_DRBG" + make test + + # no SSL tests as they all depend on CTR_DRBG so far +} + component_test_new_ecdh_context () { msg "build: new ECDH context (ASan build)" # ~ 6 min scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT From 261602cb343ebb77740733663b6bd5ff0722d1ae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Apr 2017 14:54:42 +0100 Subject: [PATCH 070/247] Uniformize bounds checks using new macro This commit uses the previously defined macro to uniformize bounds checks in several places. It also adds bounds checks to the ClientHello writing function that were previously missing. Also, the functions adding extensions to the ClientHello message can now fail if the buffer is too small or a different error condition occurs, and moreover they take an additional buffer end parameter to free them from the assumption that one is writing to the default output buffer. Signed-off-by: Ronald Cron --- ChangeLog.d/uniformize_bounds_checks.txt | 9 + library/ssl_cli.c | 433 ++++++++++++++--------- library/ssl_cookie.c | 6 +- library/ssl_ticket.c | 4 +- 4 files changed, 271 insertions(+), 181 deletions(-) create mode 100644 ChangeLog.d/uniformize_bounds_checks.txt diff --git a/ChangeLog.d/uniformize_bounds_checks.txt b/ChangeLog.d/uniformize_bounds_checks.txt new file mode 100644 index 000000000..210ab1051 --- /dev/null +++ b/ChangeLog.d/uniformize_bounds_checks.txt @@ -0,0 +1,9 @@ +Bugfix + * Add additional bounds checks in ssl_write_client_hello() preventing + output buffer overflow if the configuration declared a buffer that was + too small. +Changes + * Abort the ClientHello writing function as soon as some extension doesn't + fit into the record buffer. Previously, such extensions were silently + dropped. As a consequence, the TLS handshake now fails when the output + buffer is not large enough to hold the ClientHello. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 13acf5a8b..e12ef00d4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -95,18 +95,18 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t hostname_len; *olen = 0; if( ssl->hostname == NULL ) - return; + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s", @@ -114,11 +114,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, hostname_len = strlen( ssl->hostname ); - if( end < p || (size_t)( end - p ) < hostname_len + 9 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 ); /* * Sect. 3, RFC 6066 (TLS Extensions Definitions) @@ -162,16 +158,18 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->hostname, hostname_len ); *olen = hostname_len + 9; + + return( 0 ); } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) -static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; @@ -179,16 +177,12 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, * initial ClientHello, in which case also adding the renegotiation * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - return; + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); - if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len ); /* * Secure renegotiation @@ -205,6 +199,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); *olen = 5 + ssl->verify_data_len; + + return( 0 ); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -213,14 +209,15 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t sig_alg_len = 0; const int *md; + #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) unsigned char *sig_alg_list = buf + 6; #endif @@ -228,7 +225,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, *olen = 0; if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - return; + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); @@ -243,11 +240,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, #endif } - if( end < p || (size_t)( end - p ) < sig_alg_len + 6 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 ); /* * Prepare signature_algorithms extension (TLS 1.2) @@ -293,18 +286,20 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); *olen = 6 + sig_alg_len; + + return( 0 ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const mbedtls_ecp_curve_info *info; @@ -324,17 +319,15 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); - return; + return( 0 ); } - elliptic_curve_len += 2; } - if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + if( elliptic_curve_len == 0 ) + return( 0 ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); elliptic_curve_len = 0; @@ -347,9 +340,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } - if( elliptic_curve_len == 0 ) - return; - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) @@ -362,25 +352,23 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); *olen = 6 + elliptic_curve_len; + + return( 0 ); } -static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + (void) ssl; /* ssl used for debugging only */ *olen = 0; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) ); - - if( end < p || (size_t)( end - p ) < 6 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); @@ -394,34 +382,32 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; *olen = 6; + + return( 0 ); } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t kkpp_len; *olen = 0; /* Skip costly extension if we can't use EC J-PAKE anyway */ if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - return; + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) ); - if( end - p < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); @@ -437,20 +423,20 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng ); + p + 2, end - p - 2, &kkpp_len, + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); - return; + return( ret ); } ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len ); if( ssl->handshake->ecjpake_cache == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) ); - return; + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len ); @@ -461,12 +447,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) ); kkpp_len = ssl->handshake->ecjpake_cache_len; - - if( (size_t)( end - p - 2 ) < kkpp_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len ); memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); } @@ -475,17 +456,19 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); *olen = kkpp_len + 4; + + return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; size_t ext_len; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; /* * Quoting draft-ietf-tls-dtls-connection-id-05 @@ -500,17 +483,13 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) { - return; + return( 0 ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) ); /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX * which is at most 255, so the increment cannot overflow. */ - if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) ); /* Add extension ID + size */ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); @@ -523,31 +502,28 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->own_cid, ssl->own_cid_len ); *olen = ssl->own_cid_len + 5; + + return( 0 ); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; - if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) { - return; - } + if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); - if( end < p || (size_t)( end - p ) < 5 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); @@ -560,31 +536,28 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, *p++ = ssl->conf->mfl_code; *olen = 5; + + return( 0 ); } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) ); - if( end < p || (size_t)( end - p ) < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); @@ -593,32 +566,29 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, *p++ = 0x00; *olen = 4; + + return( 0 ); } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac extension" ) ); - if( end < p || (size_t)( end - p ) < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); @@ -627,32 +597,29 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, *p++ = 0x00; *olen = 4; + + return( 0 ); } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret extension" ) ); - if( end < p || (size_t)( end - p ) < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); @@ -663,32 +630,30 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, *p++ = 0x00; *olen = 4; + + return( 0 ); } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t tlen = ssl->session_negotiate->ticket_len; *olen = 0; if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); - if( end < p || (size_t)( end - p ) < 4 + tlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + /* The addition is safe here since the ticket length is 16 bit. */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); @@ -699,9 +664,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, *olen = 4; if( ssl->session_negotiate->ticket == NULL || tlen == 0 ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) ); @@ -709,35 +672,32 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->session_negotiate->ticket, tlen ); *olen += tlen; + + return( 0 ); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) -static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t alpnlen = 0; const char **cur; *olen = 0; if( ssl->conf->alpn_list == NULL ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1; - if( end < p || (size_t)( end - p ) < 6 + alpnlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); @@ -769,6 +729,8 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + + return( 0 ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -872,8 +834,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, olen, ext_len = 0; + unsigned char *buf; unsigned char *p, *q; + const unsigned char *end; + unsigned char offer_compress; const int *ciphersuites; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -905,16 +870,33 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } + buf = ssl->out_msg; + end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN; + /* - * 0 . 0 handshake type - * 1 . 3 handshake length + * Check if there's enough space for the first part of the ClientHello + * consisting of the 38 bytes described below, the session identifier (at + * most 32 bytes) and its length (1 byte). + * + * Use static upper bounds instead of the actual values + * to allow the compiler to optimize this away. + */ + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 ); + + /* + * The 38 first bytes of the ClientHello: + * 0 . 0 handshake type (written later) + * 1 . 3 handshake length (written later) * 4 . 5 highest version supported * 6 . 9 current UNIX time * 10 . 37 random bytes + * + * The current UNIX time (4 bytes) and following 28 random bytes are written + * by ssl_generate_random() into ssl->handshake->randbytes buffer and then + * copied from there into the output buffer. */ - buf = ssl->out_msg; - p = buf + 4; + p = buf + 4; mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, ssl->conf->transport, p ); @@ -937,7 +919,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * 38 . 38 session id length * 39 . 39+n session id * 39+n . 39+n DTLS only: cookie length (1 byte) - * 40+n . .. DTSL only: cookie + * 40+n . .. DTLS only: cookie * .. . .. ciphersuitelist length (2 bytes) * .. . .. ciphersuitelist * .. . .. compression methods length (1 byte) @@ -979,6 +961,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ + /* + * The first check of the output buffer size above ( + * MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );) + * has checked that there is enough space in the output buffer for the + * session identifier length byte and the session identifier (n <= 32). + */ *p++ = (unsigned char) n; for( i = 0; i < n; i++ ) @@ -987,12 +975,27 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); + /* + * With 'n' being the length of the session identifier + * + * 39+n . 39+n DTLS only: cookie length (1 byte) + * 40+n . .. DTLS only: cookie + * .. . .. ciphersuitelist length (2 bytes) + * .. . .. ciphersuitelist + * .. . .. compression methods length (1 byte) + * .. . .. compression methods + * .. . .. extensions length (2 bytes) + * .. . .. extensions + */ + /* * DTLS cookie */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 ); + if( ssl->handshake->verify_cookie == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) ); @@ -1005,6 +1008,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->handshake->verify_cookie_len ); *p++ = ssl->handshake->verify_cookie_len; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, + ssl->handshake->verify_cookie_len ); memcpy( p, ssl->handshake->verify_cookie, ssl->handshake->verify_cookie_len ); p += ssl->handshake->verify_cookie_len; @@ -1020,6 +1026,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* Skip writing ciphersuite length for now */ n = 0; q = p; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); p += 2; for( i = 0; ciphersuites[i] != 0; i++ ) @@ -1039,6 +1047,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info ); #endif + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + n++; *p++ = (unsigned char)( ciphersuites[i] >> 8 ); *p++ = (unsigned char)( ciphersuites[i] ); @@ -1055,6 +1065,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #endif { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; @@ -1065,6 +1076,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); n++; @@ -1098,6 +1111,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); *p++ = 2; *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE; *p++ = MBEDTLS_SSL_COMPRESS_NULL; @@ -1108,27 +1122,45 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", MBEDTLS_SSL_COMPRESS_NULL ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); *p++ = 1; *p++ = MBEDTLS_SSL_COMPRESS_NULL; } - // First write extensions, then the total length - // + /* First write extensions, then the total length */ + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret ); + return( ret ); + } ext_len += olen; #endif /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret ); + return( ret ); + } ext_len += olen; #endif @@ -1136,51 +1168,100 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( uses_ec ) { - ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret ); + return( ret ); + } ext_len += olen; - ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret ); + return( ret ); + } ext_len += olen; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret ); + return( ret ); + } ext_len += olen; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ALPN) - ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret ); + return( ret ); + } ext_len += olen; #endif @@ -1188,10 +1269,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ((void) olen); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d", - ext_len ) ); + ext_len ) ); if( ext_len > 0 ) { + /* No need to check for space here, because the extension + * writing functions already took care of that. */ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ext_len ) & 0xFF ); p += ext_len; diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 4bf9058af..323784c26 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -134,8 +134,7 @@ static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx, { unsigned char hmac_out[COOKIE_MD_OUTLEN]; - if( (size_t)( end - *p ) < COOKIE_HMAC_LEN ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN ); if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 || mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 || @@ -165,8 +164,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, if( ctx == NULL || cli_id == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( (size_t)( end - *p ) < COOKIE_LEN ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN ); #if defined(MBEDTLS_HAVE_TIME) t = (unsigned long) mbedtls_time( NULL ); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 8a76b42b6..6b50b55ec 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -35,6 +35,7 @@ #define mbedtls_free free #endif +#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_ticket.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" @@ -224,8 +225,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket, /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag, * in addition to session itself, that will be checked when writing it. */ - if( end - start < TICKET_MIN_LEN ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN ); #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) From b4c0b7556d4afddcbfe3696d648fac0b7a1b2c1d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Apr 2017 14:54:42 +0100 Subject: [PATCH 071/247] Add error condition for bad user configurations This commit adds an error condition for bad user configurations and updates the number of SSL module errors in error.h. Signed-off-by: Ronald Cron --- include/mbedtls/error.h | 2 +- include/mbedtls/ssl.h | 1 + library/error.c | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 2fb86c7eb..428800188 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -101,7 +101,7 @@ * ECP 4 10 (Started from top) * MD 5 5 * HKDF 5 1 (Started from top) - * SSL 5 1 (Started from 0x5F00) + * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) * SSL 7 32 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7fec65e1d..ce95cec62 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -129,6 +129,7 @@ #define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */ #define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /**< An operation failed due to an unexpected version or configuration. */ #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */ +#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 /**< Invalid value in SSL config */ /* * Various constants diff --git a/library/error.c b/library/error.c index 22c7b165c..7e7f78804 100644 --- a/library/error.c +++ b/library/error.c @@ -522,6 +522,8 @@ const char * mbedtls_high_level_strerr( int error_code ) return( "SSL - An operation failed due to an unexpected version or configuration" ); case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS): return( "SSL - A cryptographic operation is in progress. Try again later" ); + case -(MBEDTLS_ERR_SSL_BAD_CONFIG): + return( "SSL - Invalid value in SSL config" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) From e131bfec29565946cf1354449cc75b0fbe87378e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Apr 2017 14:54:42 +0100 Subject: [PATCH 072/247] Return error in case of bad user configurations This commits adds returns with the SSL_BAD_CONFIG error code in case of bad user configurations. Signed-off-by: Ronald Cron --- include/mbedtls/ssl_internal.h | 6 ++++++ library/ssl_cli.c | 36 ++++++++++++++++++++++++++++++---- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index d655813ab..1a3102a2c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -207,6 +207,12 @@ : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \ ) +/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */ +#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534 + +/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */ +#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535 + /* * Check that we obey the standard's message size bounds */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index e12ef00d4..118bc900c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -230,6 +230,9 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); + if( ssl->conf->sig_hashes == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) { #if defined(MBEDTLS_ECDSA_C) @@ -238,8 +241,18 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_RSA_C) sig_alg_len += 2; #endif + if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "length in bytes of sig-hash-alg extension too big" ) ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } } + /* Empty signature algorithms list, this is a configuration error. */ + if( sig_alg_len == 0 ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 ); /* @@ -310,6 +323,9 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); + if( ssl->conf->curve_list == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) @@ -319,13 +335,21 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); - return( 0 ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); } elliptic_curve_len += 2; + + if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "malformed supported_elliptic_curves extension in config" ) ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } } + /* Empty elliptic curve list, this is a configuration error. */ if( elliptic_curve_len == 0 ) - return( 0 ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); @@ -695,7 +719,7 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) - alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1; + alpnlen += strlen( *cur ) + 1; MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); @@ -715,7 +739,11 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) { - *p = (unsigned char)( strlen( *cur ) & 0xFF ); + /* + * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of + * protocol names is less than 255. + */ + *p = (unsigned char)strlen( *cur ); memcpy( p + 1, *cur, *p ); p += 1 + *p; } From 8216dd3f34cb1d48c88a6a15779b6727afc02425 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 Apr 2020 16:41:44 +0200 Subject: [PATCH 073/247] Use defines to check alpn ext list validity Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 3 +++ library/ssl_tls.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ce95cec62..462cf44bc 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -144,6 +144,9 @@ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ +#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */ + +#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */ /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c * NONE must be zero so that memset()ing structure to zero works */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ccfc4bdaa..57a6a5adf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4652,7 +4652,9 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot cur_len = strlen( *p ); tot_len += cur_len; - if( cur_len == 0 || cur_len > 255 || tot_len > 65535 ) + if( ( cur_len == 0 ) || + ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) || + ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } From 565b52bb727a81b82ad07a9bcca5ca033b554a24 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Fri, 29 May 2020 22:46:56 +0200 Subject: [PATCH 074/247] mbedtls_x509_crt_parse_der_with_ext_cb improvement Continue parsing when the callback fails to parse a non critical exception. Also document the behaviour more extensively and pass the callback error code to the caller unaltered. See https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630548 and https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630968 Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 16 +++++++++++++--- library/x509_crt.c | 4 ++-- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 296b472a7..9a9b397d9 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -317,9 +317,14 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \param p Pointer to the start of the extension value * (the content of the OCTET STRING). * \param end End of extension value. - * - * \note The callback must fail and return a negative error code if - * it can not parse or does not support the extension. + * + * \note The callback must fail and return a negative error code + * if it can not parse or does not support the extension. + * When the callback fails to parse a critical extension + * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. + * When the callback fails to parse a non critical extension + * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips + * the extension and continues parsing. * * \return \c 0 on success. * \return A negative error code on failure. @@ -358,6 +363,11 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, * certificate extension. * The callback must return a negative error code if it * does not know how to handle such an extension. + * When the callback fails to parse a critical extension + * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. + * When the callback fails to parse a non critical extension + * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips + * the extension and continues parsing. * * \return \c 0 if successful. * \return A negative error code on failure. diff --git a/library/x509_crt.c b/library/x509_crt.c index 99d3be200..490b52454 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -961,8 +961,8 @@ static int x509_get_crt_ext( unsigned char **p, if( cb != NULL ) { ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet ); - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if( ret != 0 && is_critical ) + return( ret ); *p = end_ext_octet; continue; } From e58b4638e594a0ac16a19e40d96da09508f0a7ff Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Fri, 29 May 2020 22:58:25 +0200 Subject: [PATCH 075/247] Unsupported extension tests in test_suite_x509parse All combinations of critical or not, recognized or not by the callback are now tested as requested in https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647880 In addition pass the OID of the unsupported extension to be parsed to the callback using the opaque pointer, which makes the tests fail if the library forwards the wrong pointer to the callback, as requested in https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647392 Signed-off-by: Nicola Di Lieto --- tests/suites/test_suite_x509parse.data | 14 +++++++++++++- tests/suites/test_suite_x509parse.function | 17 ++++++++++++----- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f5345e293..37e759feb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1992,10 +1992,22 @@ X509 CRT ASN1 (Unsupported critical extension) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -X509 CRT ASN1 (Unsupported critical extension with callback) +X509 CRT ASN1 (Unsupported critical extension recognized by callback) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 +X509 CRT ASN1 (Unsupported critical extension not recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRT ASN1 (Unsupported non critical extension recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 + +X509 CRT ASN1 (Unsupported non critical extension not recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 0e2719d8e..54e515673 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -305,12 +305,14 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end ) { - ( void ) p_ctx; ( void ) crt; ( void ) p; ( void ) end; - if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKIX "\x01\x1F", oid ) != 0 && critical != 0 ) - return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + ( void ) critical; + mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx; + if( new_oid == NULL || new_oid->tag != oid->tag || new_oid->len != oid->len || + memcmp(new_oid->p, oid->p, oid->len) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); return( 0 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -822,13 +824,18 @@ exit: void x509parse_crt_cb( data_t * buf, char * result_str, int result ) { mbedtls_x509_crt crt; + mbedtls_x509_buf oid; unsigned char output[2000]; int res; + oid.tag = MBEDTLS_ASN1_OID; + oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F"); + oid.p = (unsigned char *)MBEDTLS_OID_PKIX "\x01\x1F"; + mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, NULL ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, &oid ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -843,7 +850,7 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, NULL ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, &oid ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); From 110a794e93795ebaffb21a1de91de9c572fb29c7 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Fri, 29 May 2020 23:27:47 +0200 Subject: [PATCH 076/247] Add ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt Signed-off-by: Nicola Di Lieto --- .../new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt diff --git a/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt b/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt new file mode 100644 index 000000000..fdea746de --- /dev/null +++ b/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt @@ -0,0 +1,5 @@ +Features + * Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows + parsing unsupported certificate extensions via user provided callback. + Contributed by Nicola Di Lieto in #3243 as + a solution to #3241. From 13996927cbb10615b0db4df2c1d6494ab3f3b29b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 16:15:19 +0100 Subject: [PATCH 077/247] Introduce configuration option for TLS 1.3 padding granularity TLS 1.3 record protection allows the addition of an arbitrary amount of padding. This commit introduces a configuration option ``` MBEDTLS_SSL_TLS13_PADDING_GRANULARITY ``` The semantics of this option is that padding is chosen in a minimal way so that the padded plaintext has a length which is a multiple of MBEDTLS_SSL_TLS13_PADDING_GRANULARITY. For example, setting MBEDTLS_SSL_TLS13_PADDING_GRANULARITY to 1024 means that padded plaintexts will have length 1024, 2048, ..., while setting it to 1 means that no padding will be used. Signed-off-by: Hanno Becker --- include/mbedtls/config.h | 16 ++++++++++++++++ include/mbedtls/ssl.h | 4 ++++ library/ssl_msg.c | 29 +++++++++++++++++++++-------- 3 files changed, 41 insertions(+), 8 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index e1de6f82e..9d700df8e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3554,6 +3554,22 @@ */ //#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 +/** \def MBEDTLS_SSL_TLS13_PADDING_GRANULARITY + * + * This option controls the use of record plaintext padding + * in TLS 1.3. + * + * The padding will always be chosen so that the length of the + * padded plaintext is a multiple of the value of this option. + * + * Note: A value of \c 1 means that no padding will be used + * for outgoing records. + * + * Note: On systems lacking division instructions, + * a power of two should be preferred. + */ +//#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 16 + /** \def MBEDTLS_SSL_OUT_CONTENT_LEN * * Maximum length (in bytes) of outgoing plaintext fragments. diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 5869e1560..4a6ea6cab 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -277,6 +277,10 @@ #define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 #endif +#if !defined(MBEDTLS_SSL_TLS13_PADDING_GRANULARITY) +#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 16 +#endif + /* \} name SECTION: Module settings */ /* diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 669a33d4b..4ae1b8f08 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -343,6 +343,13 @@ static void ssl_read_memory( unsigned char *p, size_t len ) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) || \ defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) + +static size_t ssl_compute_padding_length( size_t len, + size_t granularity ) +{ + return( ( granularity - ( len + 1 ) % granularity ) % granularity ); +} + /* This functions transforms a (D)TLS plaintext fragment and a record content * type into an instance of the (D)TLSInnerPlaintext structure. This is used * in DTLS 1.2 + CID and within TLS 1.3 to allow flexible padding and to protect @@ -374,12 +381,10 @@ static void ssl_read_memory( unsigned char *p, size_t len ) static int ssl_build_inner_plaintext( unsigned char *content, size_t *content_size, size_t remaining, - uint8_t rec_type ) + uint8_t rec_type, + size_t pad ) { size_t len = *content_size; - size_t pad = ( MBEDTLS_SSL_CID_PADDING_GRANULARITY - - ( len + 1 ) % MBEDTLS_SSL_CID_PADDING_GRANULARITY ) % - MBEDTLS_SSL_CID_PADDING_GRANULARITY; /* Write real content type */ if( remaining == 0 ) @@ -651,10 +656,14 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) if( transform->minor_ver == MBEDTLS_SSL_MINOR_VERSION_4 ) { + size_t padding = + ssl_compute_padding_length( rec->data_len, + MBEDTLS_SSL_TLS13_PADDING_GRANULARITY ); if( ssl_build_inner_plaintext( data, - &rec->data_len, - post_avail, - rec->type ) != 0 ) + &rec->data_len, + post_avail, + rec->type, + padding ) != 0 ) { return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } @@ -673,6 +682,9 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( rec->cid_len != 0 ) { + size_t padding = + ssl_compute_padding_length( rec->data_len, + MBEDTLS_SSL_CID_PADDING_GRANULARITY ); /* * Wrap plaintext into DTLSInnerPlaintext structure. * See ssl_build_inner_plaintext() for more information. @@ -683,7 +695,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, if( ssl_build_inner_plaintext( data, &rec->data_len, post_avail, - rec->type ) != 0 ) + rec->type, + padding ) != 0 ) { return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } From 67a37db2d2a38664f9624c4e3fac08db23117870 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 16:27:07 +0100 Subject: [PATCH 078/247] Add missing configuration guards to SSL record protection helpers Signed-off-by: Hanno Becker --- library/ssl_msg.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 4ae1b8f08..5146605e2 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -541,13 +541,15 @@ static void ssl_mac( mbedtls_md_context_t *md_ctx, } #endif /* MBEDTLS_SSL_PROTO_SSL3 */ +#if defined(MBEDTLS_GCM_C) || \ + defined(MBEDTLS_CCM_C) || \ + defined(MBEDTLS_CHACHAPOLY_C) static int ssl_transform_aead_dynamic_iv_is_explicit( mbedtls_ssl_transform const *transform ) { return( transform->ivlen != transform->fixed_ivlen ); } - /* Compute IV := ( fixed_iv || 0 ) XOR ( 0 || dynamic_IV ) * * Concretely, this occurs in two variants: @@ -575,6 +577,7 @@ static void ssl_build_record_nonce( unsigned char *dst_iv, for( i = 0; i < dynamic_iv_len; i++ ) dst_iv[i] ^= dynamic_iv[i]; } +#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, mbedtls_ssl_transform *transform, From c3f7b0b16b98780708ccf03fe2b6d8bd573b11ae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 May 2020 16:27:16 +0100 Subject: [PATCH 079/247] Fix #endif indicator comment Signed-off-by: Hanno Becker --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 5146605e2..0d1619248 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -900,7 +900,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, auth_done++; } else -#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C */ +#endif /* MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C */ #if defined(MBEDTLS_CIPHER_MODE_CBC) && \ ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_CAMELLIA_C) || defined(MBEDTLS_ARIA_C) ) if( mode == MBEDTLS_MODE_CBC ) From 3427f1dad2559e03850b1098e1a20066477dd0eb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 May 2020 07:24:32 +0100 Subject: [PATCH 080/247] Update query_config.c Signed-off-by: Hanno Becker --- programs/test/query_config.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 7389605b6..7f9410cf7 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -2610,6 +2610,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CID_PADDING_GRANULARITY */ +#if defined(MBEDTLS_SSL_TLS13_PADDING_GRANULARITY) + if( strcmp( "MBEDTLS_SSL_TLS13_PADDING_GRANULARITY", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS13_PADDING_GRANULARITY ); + return( 0 ); + } +#endif /* MBEDTLS_SSL_TLS13_PADDING_GRANULARITY */ + #if defined(MBEDTLS_SSL_OUT_CONTENT_LEN) if( strcmp( "MBEDTLS_SSL_OUT_CONTENT_LEN", config ) == 0 ) { From 29e9895faa3852ec37fb6c9632088b23a61af138 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 31 May 2020 07:30:00 +0100 Subject: [PATCH 081/247] Change TLS 1.3 default padding to no padding Signed-off-by: Hanno Becker --- include/mbedtls/config.h | 2 +- include/mbedtls/ssl.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 9d700df8e..874cfb774 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3568,7 +3568,7 @@ * Note: On systems lacking division instructions, * a power of two should be preferred. */ -//#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 16 +//#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 1 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 4a6ea6cab..2e552b81c 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -278,7 +278,7 @@ #endif #if !defined(MBEDTLS_SSL_TLS13_PADDING_GRANULARITY) -#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 16 +#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 1 #endif /* \} name SECTION: Module settings */ From 9338f9f7187af0c12a9a7519bf29101f345af7a0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 31 May 2020 07:39:50 +0100 Subject: [PATCH 082/247] Add documentation on state of upstreaming of TLS 1.3 prototype Signed-off-by: Hanno Becker --- docs/architecture/tls13-experimental.md | 36 +++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 docs/architecture/tls13-experimental.md diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md new file mode 100644 index 000000000..ee8452be7 --- /dev/null +++ b/docs/architecture/tls13-experimental.md @@ -0,0 +1,36 @@ +Experimental TLS 1.3 develpoments +================================= + +Overview +-------- + +Mbed TLS doesn't support the TLS 1.3 protocol yet, but a prototype is in development. +Stable parts of this prototype that can be independently tested are being successively +upstreamed under the guard of the following macro: + +``` +MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL +``` + +This macro will likely be renamed to `MBEDTLS_SSL_PROTO_TLS1_3` once a minimal viable +implementation of the TLS 1.3 protocol is available. + +See the [documentation of `MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL`](../../include/mbedtls/config.h) +for more information. + +Status +------ + +The following lists which parts of the TLS 1.3 prototype have already been upstreamed +together with their level of testing: + +* TLS 1.3 record protection mechanisms + + The record protection routines `mbedtls_ssl_{encrypt|decrypt}_buf()` have been extended + to support the modified TLS 1.3 record protection mechanism, including modified computation + of AAD, IV, and the introduction of a flexible padding. + + Those record protection routines have unit tests in `test_suite_ssl` alongside the + tests for the other record protection routines. + + TODO: Add some test vectors from RFC 8448. From ceef848eb6e8975d452596f36342b793b1edb947 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 2 Jun 2020 06:16:00 +0100 Subject: [PATCH 083/247] Rename TLS 1.3 padding granularity macro This is to avoid confusion with the class of macros MBEDTLS_SSL_PROTO_TLS1_X which have an underscore between major and minor version number. Signed-off-by: Hanno Becker --- include/mbedtls/config.h | 4 ++-- include/mbedtls/ssl.h | 4 ++-- library/ssl_msg.c | 2 +- programs/test/query_config.c | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 874cfb774..9ba566e4f 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -3554,7 +3554,7 @@ */ //#define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 -/** \def MBEDTLS_SSL_TLS13_PADDING_GRANULARITY +/** \def MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY * * This option controls the use of record plaintext padding * in TLS 1.3. @@ -3568,7 +3568,7 @@ * Note: On systems lacking division instructions, * a power of two should be preferred. */ -//#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 1 +//#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1 /** \def MBEDTLS_SSL_OUT_CONTENT_LEN * diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 2e552b81c..65424d6d0 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -277,8 +277,8 @@ #define MBEDTLS_SSL_CID_PADDING_GRANULARITY 16 #endif -#if !defined(MBEDTLS_SSL_TLS13_PADDING_GRANULARITY) -#define MBEDTLS_SSL_TLS13_PADDING_GRANULARITY 1 +#if !defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) +#define MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY 1 #endif /* \} name SECTION: Module settings */ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0d1619248..2c296561d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -661,7 +661,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, { size_t padding = ssl_compute_padding_length( rec->data_len, - MBEDTLS_SSL_TLS13_PADDING_GRANULARITY ); + MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY ); if( ssl_build_inner_plaintext( data, &rec->data_len, post_avail, diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 7f9410cf7..58aa87527 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -2610,13 +2610,13 @@ int query_config( const char *config ) } #endif /* MBEDTLS_SSL_CID_PADDING_GRANULARITY */ -#if defined(MBEDTLS_SSL_TLS13_PADDING_GRANULARITY) - if( strcmp( "MBEDTLS_SSL_TLS13_PADDING_GRANULARITY", config ) == 0 ) +#if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) + if( strcmp( "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS13_PADDING_GRANULARITY ); + MACRO_EXPANSION_TO_STR( MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY ); return( 0 ); } -#endif /* MBEDTLS_SSL_TLS13_PADDING_GRANULARITY */ +#endif /* MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY */ #if defined(MBEDTLS_SSL_OUT_CONTENT_LEN) if( strcmp( "MBEDTLS_SSL_OUT_CONTENT_LEN", config ) == 0 ) From 6055a17d7d95c62c2bb4763a108646a4700cf265 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 2 Jun 2020 06:20:23 +0100 Subject: [PATCH 084/247] Add dependencies for experimental TLS 1.3 features in check_config.h Signed-off-by: Hanno Becker --- include/mbedtls/check_config.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index fa3caa7c4..4111b37f6 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -619,6 +619,11 @@ #error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" #endif +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && ( !defined(MBEDTLS_HKDF_C) \ + !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) ) +#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites" +#endif + #if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \ defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \ !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \ From 0c3bebfa1503c165efea47d3f0de5f9dca52e05b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 2 Jun 2020 06:32:43 +0100 Subject: [PATCH 085/247] Fix typo in header of TLS 1.3 experimental features document Signed-off-by: Hanno Becker --- docs/architecture/tls13-experimental.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md index ee8452be7..0e3c7cc9e 100644 --- a/docs/architecture/tls13-experimental.md +++ b/docs/architecture/tls13-experimental.md @@ -1,4 +1,4 @@ -Experimental TLS 1.3 develpoments +TLS 1.3 Experimental Developments ================================= Overview From 5a83d29114c0dad0cee8cfef3f56d1f4d5c791e4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 2 Jun 2020 06:33:00 +0100 Subject: [PATCH 086/247] Mention HKDF in TLS 1.3 feature document Signed-off-by: Hanno Becker --- docs/architecture/tls13-experimental.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/architecture/tls13-experimental.md b/docs/architecture/tls13-experimental.md index 0e3c7cc9e..bcf3e34f9 100644 --- a/docs/architecture/tls13-experimental.md +++ b/docs/architecture/tls13-experimental.md @@ -34,3 +34,7 @@ together with their level of testing: tests for the other record protection routines. TODO: Add some test vectors from RFC 8448. + +- The HKDF key derivation function on which the TLS 1.3 key schedule is based, + is already present as an independent module controlled by `MBEDTLS_HKDF_C` + independently of the development of the TLS 1.3 prototype. From afca47a6b9521ea49984bc2850233d420cb67ab5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 2 Jun 2020 07:51:26 +0100 Subject: [PATCH 087/247] Fix typo in check_config.h Signed-off-by: Hanno Becker --- include/mbedtls/check_config.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 4111b37f6..e2e45ac98 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -619,7 +619,7 @@ #error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites" #endif -#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && ( !defined(MBEDTLS_HKDF_C) \ +#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && ( !defined(MBEDTLS_HKDF_C) && \ !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) ) #error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites" #endif From bf7ae6fb25a4722886880f5d23de671bd4dbcecc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:19:09 +0200 Subject: [PATCH 088/247] Silence dd invocation in all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It brings no value and distracts us from the actual content. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0a9d8063f..06d9c5c35 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1886,7 +1886,7 @@ run_component () { # Unconditionally create a seedfile that's sufficiently long. # Do this before each component, because a previous component may # have messed it up or shortened it. - dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 + dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 >/dev/null 2>&1 # Run the component code. "$@" From 2b2bdaa793d42d58f7048d46859224041d4ea6a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:28:07 +0200 Subject: [PATCH 089/247] Add a --quiet option to all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 06d9c5c35..fb9e50f99 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -120,6 +120,7 @@ pre_initialize_variables () { append_outcome=0 MEMORY=0 FORCE=0 + QUIET=0 KEEP_GOING=0 : ${MBEDTLS_TEST_OUTCOME_FILE=} @@ -200,6 +201,7 @@ Special options: --list-components List components supported on this platform and exit. General options: + -q|--quiet Only output component names, and errors if any. -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. @@ -215,6 +217,7 @@ General options: --no-force Refuse to overwrite modified files (default). --no-keep-going Stop at the first error (default). --no-memory No additional memory tests (default). + --no-quiet Print full ouput from components. --out-of-source-dir= Directory used for CMake out-of-source build tests. --outcome-file= File where test outcomes are written (not done if empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). @@ -288,6 +291,11 @@ msg() else current_section="$1" fi + + if [ $QUIET -eq 1 ]; then + return + fi + echo "" echo "******************************************************************" echo "* $current_section " @@ -363,11 +371,13 @@ pre_parse_command_line () { --no-force) FORCE=0;; --no-keep-going) KEEP_GOING=0;; --no-memory) MEMORY=0;; + --no-quiet) QUIET=0;; --openssl) shift; OPENSSL="$1";; --openssl-legacy) shift; OPENSSL_LEGACY="$1";; --openssl-next) shift; OPENSSL_NEXT="$1";; --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --quiet|-q) QUIET=1;; --random-seed) unset SEED;; --release-test|-r) SEED=1;; --seed|-s) shift; SEED="$1";; @@ -449,7 +459,7 @@ pre_setup_keep_going () { failure_summary="$failure_summary $text" failure_count=$((failure_count + 1)) - echo "${start_red}^^^^$text^^^^${end_color}" + echo "${start_red}^^^^$text^^^^${end_color}" >&2 fi } make () { @@ -495,6 +505,18 @@ not() { ! "$@" } +pre_setup_quiet_redirect () { + if [ $QUIET -ne 1 ]; then + redirect_out () { + "$@" + } + else + redirect_out () { + "$@" >/dev/null + } + fi +} + pre_prepare_outcome_file () { case "$MBEDTLS_TEST_OUTCOME_FILE" in [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; @@ -505,6 +527,10 @@ pre_prepare_outcome_file () { } pre_print_configuration () { + if [ $QUIET -eq 1 ]; then + return + fi + msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" @@ -579,6 +605,11 @@ pre_check_tools () { "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; esac + # past this point, no call to check_tool, only printing output + if [ $QUIET -eq 1 ]; then + return + fi + msg "info: output_env.sh" case $RUN_COMPONENTS in *_armcc*) @@ -1889,10 +1920,15 @@ run_component () { dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 >/dev/null 2>&1 # Run the component code. - "$@" + if [ $QUIET -eq 1 ]; then + # msg() is silenced, so just print the component name here + echo "${current_component#component_}" + fi + redirect_out "$@" # Restore the build tree to a clean state. cleanup + current_component="" } # Preliminary setup @@ -1910,6 +1946,7 @@ else "$@" } fi +pre_setup_quiet_redirect pre_prepare_outcome_file pre_print_configuration pre_check_tools From dfb114a84307d2fe292db643115ddf7eda967563 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:40:08 +0200 Subject: [PATCH 090/247] Make check_generate_test_code more -q friendly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fb9e50f99..e89e5ea27 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1886,7 +1886,10 @@ component_check_python_files () { component_check_generate_test_code () { msg "uint test: generate_test_code.py" - record_status ./tests/scripts/test_generate_test_code.py + # unittest writes out mundane stuff like number or tests run on stderr. + # Our convention is to reserve stderr for actual errors, and write + # harmless info on stdout so it can be suppress with --quiet. + record_status ./tests/scripts/test_generate_test_code.py 2>&1 } ################################################################ From a9119167e0739ca77b0ac24804618a8b8bfaaa53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:51:40 +0200 Subject: [PATCH 091/247] Make component_check_test_cases more -q frienly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e89e5ea27..1640dbe48 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -675,7 +675,12 @@ component_check_names () { component_check_test_cases () { msg "Check: test case descriptions" # < 1s - record_status tests/scripts/check-test-cases.py + if [ $QUIET -eq 1 ]; then + OPT='--quiet' + else + OPT='' + fi + record_status tests/scripts/check-test-cases.py $OPT } component_check_doxygen_warnings () { From 129e13cb1251e184c4848ec03d34c457f8bca3ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:54:25 +0200 Subject: [PATCH 092/247] Use all.sh in pre-push hook MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The list in the pre-push hook was redundant with the list of `check_*` components in all.sh, and unsurprisingly it was outdated. Missing components were: - check_recursion - check_changelog - check_test_cases - check_python_files - check_generate_test_code Signed-off-by: Manuel Pégourié-Gonnard --- tests/git-scripts/pre-push.sh | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index 86edf5a30..132e0b01a 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -32,18 +32,4 @@ echo "URL is $URL" set -eu -run_test() -{ - TEST=$1 - echo "running '$TEST'" - if ! `$TEST > /dev/null 2>&1`; then - echo "test '$TEST' failed" - return 1 - fi -} - -run_test ./tests/scripts/check-doxy-blocks.pl -run_test ./tests/scripts/check-names.sh -run_test ./tests/scripts/check-generated-files.sh -run_test ./tests/scripts/check-files.py -run_test ./tests/scripts/doxygen.sh +tests/scripts/all.sh -q -k 'check_*' From 7cca3589cb8b6bc4c8bbc9d7bed42e9d2b520d13 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Jun 2020 13:27:22 +0100 Subject: [PATCH 093/247] Fix indentation in debug statement in ssl_msg.c Signed-off-by: Hanno Becker --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 2c296561d..33e9a4ef7 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -851,7 +851,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->minor_ver ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", - iv, transform->ivlen ); + iv, transform->ivlen ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)", data - dynamic_iv_len * dynamic_iv_is_explicit, dynamic_iv_len * dynamic_iv_is_explicit ); From 16bf0e234663936ff533292ef64fba7001f694dc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Jun 2020 13:27:34 +0100 Subject: [PATCH 094/247] Fix debug print of explicit IV The previous version attempted to write the explicit IV from the destination buffer before it has been written there. Signed-off-by: Hanno Becker --- library/ssl_msg.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 33e9a4ef7..26f30b5d1 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -853,8 +853,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (internal)", iv, transform->ivlen ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used (transmitted)", - data - dynamic_iv_len * dynamic_iv_is_explicit, - dynamic_iv_len * dynamic_iv_is_explicit ); + dynamic_iv, + dynamic_iv_is_explicit ? dynamic_iv_len : 0 ); MBEDTLS_SSL_DEBUG_BUF( 4, "additional data used for AEAD", add_data, add_data_len ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "before encrypt: msglen = %d, " From 1cda2667afb0bb654db712321b1cd84b6028c34a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Jun 2020 13:28:28 +0100 Subject: [PATCH 095/247] Spell out check for non-zero'ness Signed-off-by: Hanno Becker --- library/ssl_msg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 26f30b5d1..65eab4b40 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -884,7 +884,7 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, /* * Prefix record content with dynamic IV in case it is explicit. */ - if( dynamic_iv_is_explicit ) + if( dynamic_iv_is_explicit != 0 ) { if( rec->data_offset < dynamic_iv_len ) { From 15952814d837cc5687230861d1defed0458ce0aa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Jun 2020 13:31:46 +0100 Subject: [PATCH 096/247] Improve documentation of nonce-generating function in ssl_msg.c Signed-off-by: Hanno Becker --- library/ssl_msg.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 65eab4b40..32bbc97be 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -557,8 +557,14 @@ static int ssl_transform_aead_dynamic_iv_is_explicit( * a) Fixed and dynamic IV lengths add up to total IV length, giving * IV = fixed_iv || dynamic_iv * + * This variant is used in TLS 1.2 when used with GCM or CCM. + * * b) Fixed IV lengths matches total IV length, giving * IV = fixed_iv XOR ( 0 || dynamic_iv ) + * + * This variant occurs in TLS 1.3 and for TLS 1.2 when using ChaChaPoly. + * + * See also the documentation of mbedtls_ssl_transform. */ static void ssl_build_record_nonce( unsigned char *dst_iv, size_t dst_iv_len, From f486e286948bb96fcaf746f440a1cf936ba048f2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Jun 2020 13:33:08 +0100 Subject: [PATCH 097/247] Document precondition of nonce-generating function in ssl_msg.c Signed-off-by: Hanno Becker --- library/ssl_msg.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 32bbc97be..ae8d07653 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -565,6 +565,13 @@ static int ssl_transform_aead_dynamic_iv_is_explicit( * This variant occurs in TLS 1.3 and for TLS 1.2 when using ChaChaPoly. * * See also the documentation of mbedtls_ssl_transform. + * + * This function has the precondition that + * + * dst_iv_len >= max( fixed_iv_len, dynamic_iv_len ) + * + * which has to be ensured by the caller. If this precondition + * violated, the behavior of this function is undefined. */ static void ssl_build_record_nonce( unsigned char *dst_iv, size_t dst_iv_len, From 742f1a45281a41cb1a690593aa2e4ed359ed8ff7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 15:01:32 +0200 Subject: [PATCH 098/247] Add a const annotation to the non-changing argument of mpi_sub_mul Signed-off-by: Gilles Peskine --- library/bignum.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index d56a16e76..8c9e9f46a 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1330,7 +1330,9 @@ cleanup: /* * Helper for mbedtls_mpi subtraction */ -static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d ) +static void mpi_sub_hlp( size_t n, + const mbedtls_mpi_uint *s, + mbedtls_mpi_uint *d ) { size_t i; mbedtls_mpi_uint c, z; From 4e91d473c30471adc196e47456f85607ddefe8ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 20:55:15 +0200 Subject: [PATCH 099/247] Revert "Shut up a clang-analyzer warning" This reverts commit 2cc69fffcf431085f18f4e59c3c5188297f97b87. A check was added in mpi_montmul because clang-analyzer warned about a possibly null pointer. However this was a false positive. Recent versions of clang-analyzer no longer emit a warning (3.6 does, 6 doesn't). Incidentally, the size check was wrong: mpi_montmul needs T->n >= 2 * (N->n + 1), not just T->n >= N->n + 1. Given that this is an internal function which is only used from one public function and in a tightly controlled way, remove both the null check (which is of low value to begin with) and the size check (which would be slightly more valuable, but was wrong anyway). This allows the function not to need to return an error, which makes the source code a little easier to read and makes the object code a little smaller. Signed-off-by: Gilles Peskine --- library/bignum.c | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 8c9e9f46a..4869d60cc 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1980,15 +1980,12 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) /* * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) */ -static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, +static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { size_t i, n, m; mbedtls_mpi_uint u0, u1, *d; - if( T->n < N->n + 1 || T->p == NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - memset( T->p, 0, T->n * ciL ); d = T->p; @@ -2016,15 +2013,13 @@ static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi else /* prevent timing attacks */ mpi_sub_hlp( n, A->p, T->p ); - - return( 0 ); } /* * Montgomery reduction: A = A * R^-1 mod N */ -static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, - mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, + mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { mbedtls_mpi_uint z = 1; mbedtls_mpi U; @@ -2032,7 +2027,7 @@ static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, U.n = U.s = (int) z; U.p = &z; - return( mpi_montmul( A, &U, N, mm, T ) ); + mpi_montmul( A, &U, N, mm, T ); } /* @@ -2118,13 +2113,13 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, else MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); - MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) ); + mpi_montmul( &W[1], &RR, N, mm, &T ); /* * X = R^2 * R^-1 mod N = R mod N */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); - MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); + mpi_montred( X, N, mm, &T ); if( wsize > 1 ) { @@ -2137,7 +2132,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); for( i = 0; i < wsize - 1; i++ ) - MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) ); + mpi_montmul( &W[j], &W[j], N, mm, &T ); /* * W[i] = W[i - 1] * W[1] @@ -2147,7 +2142,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); - MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) ); + mpi_montmul( &W[i], &W[1], N, mm, &T ); } } @@ -2184,7 +2179,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* * out of window, square X */ - MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); + mpi_montmul( X, X, N, mm, &T ); continue; } @@ -2202,12 +2197,12 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * X = X^wsize R^-1 mod N */ for( i = 0; i < wsize; i++ ) - MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); + mpi_montmul( X, X, N, mm, &T ); /* * X = X * W[wbits] R^-1 mod N */ - MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) ); + mpi_montmul( X, &W[wbits], N, mm, &T ); state--; nbits = 0; @@ -2220,18 +2215,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, */ for( i = 0; i < nbits; i++ ) { - MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); + mpi_montmul( X, X, N, mm, &T ); wbits <<= 1; if( ( wbits & ( one << wsize ) ) != 0 ) - MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) ); + mpi_montmul( X, &W[1], N, mm, &T ); } /* * X = A^E * R * R^-1 mod N = A^E mod N */ - MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); + mpi_montred( X, N, mm, &T ); if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) { From 2a82f72703c3cbb90697c13bdf57184c0547b653 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 15:00:49 +0200 Subject: [PATCH 100/247] Document some internal bignum functions Signed-off-by: Gilles Peskine --- library/bignum.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 4869d60cc..24c492633 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1328,7 +1328,8 @@ cleanup: } /* - * Helper for mbedtls_mpi subtraction + * Helper for mbedtls_mpi subtraction: + * d -= s where d and s have the same size and d >= s. */ static void mpi_sub_hlp( size_t n, const mbedtls_mpi_uint *s, @@ -1977,8 +1978,27 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) *mm = ~x + 1; } -/* - * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) +/** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) + * + * \param[in,out] A One of the numbers to multiply. + * It must have at least one more limb than N + * (A->n >= N->n + 1). + * On successful completion, A contains the result of + * the multiplication A * B * R^-1 mod N where + * R = (2^ciL)^n. + * \param[in] B One of the numbers to multiply. + * It must be nonzero and must not have more limbs than N + * (B->n <= N->n). + * \param[in] N The modulo. N must be odd. + * \param mm The value calculated by `mpi_montg_init(&mm, N)`. + * This is -N^-1 mod 2^ciL. + * \param[in,out] T A bignum for temporary storage. + * It must be at least twice the limb size of N plus 2 + * (T->n >= 2 * (N->n + 1)). + * Its initial content is unused and + * its final content is indeterminate. + * Note that unlike the usual convention in the library + * for `const mbedtls_mpi*`, the content of T can change. */ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) @@ -2008,6 +2028,8 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi memcpy( A->p, d, ( n + 1 ) * ciL ); + /* If A >= N then A -= N. Do the subtraction unconditionally to prevent + * timing attacks. Modify T as a side effect. */ if( mbedtls_mpi_cmp_abs( A, N ) >= 0 ) mpi_sub_hlp( n, N->p, A->p ); else @@ -2017,6 +2039,8 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi /* * Montgomery reduction: A = A * R^-1 mod N + * + * See mpi_montmul() regarding constraints and guarantees on the parameters. */ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) From f04d11e8b27d399c5f0ad079a0409320dcb646d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 19:14:58 +0200 Subject: [PATCH 101/247] Separate out low-level mpi_safe_cond_assign Separate out a version of mpi_safe_cond_assign that works on equal-sized limb arrays, without worrying about allocation sizes or signs. Signed-off-by: Gilles Peskine --- library/bignum.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 24c492633..33534874f 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -243,6 +243,22 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) memcpy( Y, &T, sizeof( mbedtls_mpi ) ); } +/* + * Conditionally assign dest = src, without leaking information + * about whether the assignment was made or not. + * dest and src must be arrays of limbs of size n. + * assign must be 0 or 1. + */ +static void mpi_safe_cond_assign( size_t n, + mbedtls_mpi_uint *dest, + const mbedtls_mpi_uint *src, + unsigned char assign ) +{ + size_t i; + for( i = 0; i < n; i++ ) + dest[i] = dest[i] * ( 1 - assign ) + src[i] * assign; +} + /* * Conditionally assign X = Y, without leaking information * about whether the assignment was made or not. @@ -262,10 +278,9 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned X->s = X->s * ( 1 - assign ) + Y->s * assign; - for( i = 0; i < Y->n; i++ ) - X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign; + mpi_safe_cond_assign( Y->n, X->p, Y->p, assign ); - for( ; i < X->n; i++ ) + for( i = Y->n; i < X->n; i++ ) X->p[i] *= ( 1 - assign ); cleanup: From 132c0976e9867eb316bbdd27b8343a25532cbdc3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 21:05:24 +0200 Subject: [PATCH 102/247] Remove a secret-dependent branch in Montgomery multiplication In mpi_montmul, an auxiliary function for modular exponentiation (mbedtls_mpi_mod_exp) that performs Montgomery multiplication, the last step is a conditional subtraction to force the result into the correct range. The current implementation uses a branch and therefore may leak information about secret data to an adversary who can observe what branch is taken through a side channel. Avoid this potential leak by always doing the same subtraction and doing a contant-trace conditional assignment to set the result. Signed-off-by: Gilles Peskine --- library/bignum.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 33534874f..aecd461b2 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2044,12 +2044,15 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi memcpy( A->p, d, ( n + 1 ) * ciL ); /* If A >= N then A -= N. Do the subtraction unconditionally to prevent - * timing attacks. Modify T as a side effect. */ - if( mbedtls_mpi_cmp_abs( A, N ) >= 0 ) - mpi_sub_hlp( n, N->p, A->p ); - else - /* prevent timing attacks */ - mpi_sub_hlp( n, A->p, T->p ); + * timing attacks. */ + /* Set d to A + (2^biL)^n - N. */ + d[n] += 1; + mpi_sub_hlp( n, N->p, d ); + /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. + * So we want to copy the result of the subtraction iff d->p[n] != 0. + * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ + mpi_safe_cond_assign( n + 1, A->p, d, d[n] ); + A->p[n] = 0; } /* From d55bfe962a57a1c12297471f6c623412d7566269 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 21:38:26 +0200 Subject: [PATCH 103/247] Add changelog entry: fix #3394 Signed-off-by: Gilles Peskine --- ChangeLog.d/montmul-cmp-branch.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/montmul-cmp-branch.txt diff --git a/ChangeLog.d/montmul-cmp-branch.txt b/ChangeLog.d/montmul-cmp-branch.txt new file mode 100644 index 000000000..59945188a --- /dev/null +++ b/ChangeLog.d/montmul-cmp-branch.txt @@ -0,0 +1,6 @@ +Security + * Fix a side channel vulnerability in modular exponentiation that could + reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, + Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute + of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul + Strackx (Fortanix) in #3394. From c03d499a589e2d44a182936a5fa1d938d494eb51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 4 Jun 2020 12:31:22 +0200 Subject: [PATCH 104/247] Fix undeclared dep on deterministic ECDSA in test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index ae175e448..48bdbed94 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -1655,7 +1655,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V15:MBEDT sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad":127:PSA_ERROR_BUFFER_TOO_SMALL PSA sign: deterministic ECDSA SECP256R1 SHA-256, output buffer too small -depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C +depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL PSA sign: RSA PKCS#1 v1.5 SHA-256, empty output buffer From 5b942dc45ed8c5eeb9c2101b829a131ee4485226 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 5 Jun 2020 09:29:51 +0200 Subject: [PATCH 105/247] Add test for dependencies on HMAC_DRBG in all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Similarly to the recently-added tests for dependencies on CTR_DRBG: constrained environments will probably want only one DRBG module, and we should make sure that tests pass in such a configuration. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index a2279769d..d911d493a 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -846,7 +846,23 @@ component_test_no_ctr_drbg () { msg "test: no CTR_DRBG" make test - # no SSL tests as they all depend on CTR_DRBG so far + # no ssl-opt.sh/compat.sh as they all depend on CTR_DRBG so far +} + +component_test_no_hmac_drbg () { + msg "build: Full minus HMAC_DRBG" + scripts/config.py full + scripts/config.py unset MBEDTLS_HMAC_DRBG_C + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: no HMAC_DRBG" + make test + + # No ssl-opt.sh/compat.sh as they never use HMAC_DRBG so far, + # so there's little value in running those lengthy tests here. } component_test_new_ecdh_context () { From 026f555df39824d9382fc3a43f200709f6ade108 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 5 Jun 2020 10:48:25 +0200 Subject: [PATCH 106/247] Explicitly cast down from mbedtls_mpi_uint to unsigned char Let code analyzers know that this is deliberate. For example MSVC warns about the conversion if it's implicit. Signed-off-by: Gilles Peskine --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index aecd461b2..487f1ef9c 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2051,7 +2051,7 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. * So we want to copy the result of the subtraction iff d->p[n] != 0. * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ - mpi_safe_cond_assign( n + 1, A->p, d, d[n] ); + mpi_safe_cond_assign( n + 1, A->p, d, (unsigned char) d[n] ); A->p[n] = 0; } From 1a3f9edc08e527953eff5a1a3a500ddd1e429807 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 19 May 2020 12:38:31 +0200 Subject: [PATCH 107/247] Add config.h option MBEDTLS_ECP_NO_INTERNAL_RNG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No effect so far, except on dependency checking, as the feature it's meant to disable isn't implemented yet (so the descriptions in config.h and the ChangeLog entry are anticipation for now). Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/ecp-internal-rng.txt | 5 +++++ include/mbedtls/check_config.h | 8 ++++++++ include/mbedtls/config.h | 22 ++++++++++++++++++++++ library/version_features.c | 3 +++ programs/test/query_config.c | 8 ++++++++ scripts/config.py | 1 + tests/scripts/all.sh | 18 ++++++++++++++++++ 7 files changed, 65 insertions(+) create mode 100644 ChangeLog.d/ecp-internal-rng.txt diff --git a/ChangeLog.d/ecp-internal-rng.txt b/ChangeLog.d/ecp-internal-rng.txt new file mode 100644 index 000000000..bf11a7391 --- /dev/null +++ b/ChangeLog.d/ecp-internal-rng.txt @@ -0,0 +1,5 @@ +Changes + * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on + `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel + coutermeasures. If side channels are not a concern, this dependency can + be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e2e45ac98..f2148a8b5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -156,6 +156,14 @@ #error "MBEDTLS_ECP_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_ECP_C) && !( \ + defined(MBEDTLS_ECP_ALT) || \ + defined(MBEDTLS_CTR_DRBG_C) || \ + defined(MBEDTLS_HMAC_DRBG_C) || \ + defined(MBEDTLS_ECP_NO_INTERNAL_RNG)) +#error "MBEDTLS_ECP_C requires a DRBG module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used" +#endif + #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C) #error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites" #endif diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 60a3aee55..e00c546e5 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -781,6 +781,28 @@ */ #define MBEDTLS_ECP_NIST_OPTIM +/** + * \def MBEDTLS_ECP_NO_INTERNAL_RNG + * + * When this option is disabled, mbedtls_ecp_mul() will make use of an + * internal RNG when called with a NULL \c f_rng argument, in order to protect + * against some side-channel attacks. + * + * This protection introduces a dependency of the ECP module on one of the + * DRBG modules. For very constrained implementations that don't require this + * protection (for example, because you're only doing signature verification, + * so not manipulating any secret, or because local/physical side-channel + * attacks are outside your threat model), it might be desirable to get rid of + * that dependency. + * + * \warning Enabling this option makes some uses of ECP vulnerable to some + * side-channel attacks. Only enable it if you know that's not a problem for + * your use case. + * + * Uncomment this macro to disable some counter-measures in ECP. + */ +//#define MBEDTLS_ECP_NO_INTERNAL_RNG + /** * \def MBEDTLS_ECP_RESTARTABLE * diff --git a/library/version_features.c b/library/version_features.c index adc61a1fe..16a0cd0e8 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -354,6 +354,9 @@ static const char * const features[] = { #if defined(MBEDTLS_ECP_NIST_OPTIM) "MBEDTLS_ECP_NIST_OPTIM", #endif /* MBEDTLS_ECP_NIST_OPTIM */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + "MBEDTLS_ECP_NO_INTERNAL_RNG", +#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ #if defined(MBEDTLS_ECP_RESTARTABLE) "MBEDTLS_ECP_RESTARTABLE", #endif /* MBEDTLS_ECP_RESTARTABLE */ diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 062dce6c1..98b065bfe 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -986,6 +986,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_ECP_NIST_OPTIM */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + if( strcmp( "MBEDTLS_ECP_NO_INTERNAL_RNG", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_ECP_NO_INTERNAL_RNG ); + return( 0 ); + } +#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ + #if defined(MBEDTLS_ECP_RESTARTABLE) if( strcmp( "MBEDTLS_ECP_RESTARTABLE", config ) == 0 ) { diff --git a/scripts/config.py b/scripts/config.py index 7f94587f6..3d297dc3d 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -173,6 +173,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options 'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options 'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS + 'MBEDTLS_ECP_NO_INTERNAL_RNG', # removes a feature 'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO 'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY 'MBEDTLS_HAVE_SSE2', # hardware dependency diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d911d493a..44c5fa27d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -865,6 +865,24 @@ component_test_no_hmac_drbg () { # so there's little value in running those lengthy tests here. } +component_test_ecp_no_internal_rng () { + msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules" + scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG + scripts/config.py unset MBEDTLS_CTR_DRBG_C + scripts/config.py unset MBEDTLS_HMAC_DRBG_C + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires a DRBG + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: ECP_NO_INTERNAL_RNG, no DRBG module" + make test + + # no SSL tests as they all depend on having a DRBG +} + component_test_new_ecdh_context () { msg "build: new ECDH context (ASan build)" # ~ 6 min scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT From c52a43c2bdcd5f118d9608013039f1e9e2ff372d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 22 May 2020 12:12:36 +0200 Subject: [PATCH 108/247] Implement use of internal DRBG for ecp_mul() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The case of MBEDTLS_ECP_RESTARTABLE isn't handled correctly yet: in that case the DRBG instance should persist when resuming the operation. This will be addressed in the next commit. When both CTR_DRBG and HMAC_DRBG are available, CTR_DRBG is preferred since both are suitable but CTR_DRBG tends to be faster and I needed a tie-breaker. There are currently three possible cases to test: - NO_INTERNAL_RNG is set -> tested in test_ecp_no_internal_rng - it's unset and CTR_DRBG is available -> tested in the default config - it's unset and CTR_DRBG is disabled -> tested in test_ecp_internal_rng_no_ctr_drbg Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/md.h | 2 + library/ecp.c | 137 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 139 insertions(+) diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 0b0ec91ff..7e70778ce 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -104,6 +104,8 @@ typedef struct mbedtls_md_context_t * \brief This function returns the list of digests supported by the * generic digest module. * + * \note The list starts with the strongest available hashes. + * * \return A statically allocated array of digests. Each element * in the returned list is an integer belonging to the * message-digest enumeration #mbedtls_md_type_t. diff --git a/library/ecp.c b/library/ecp.c index 9522edf77..dc2b59244 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -105,6 +105,16 @@ #include "mbedtls/ecp_internal.h" +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) +#if defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/ctr_drbg.h" +#elif defined(MBEDTLS_HMAC_DRBG_C) +#include "mbedtls/hmac_drbg.h" +#else +#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." +#endif +#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ + #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) #define inline __inline @@ -118,6 +128,113 @@ static unsigned long add_count, dbl_count, mul_count; #endif +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) +/* + * Currently ecp_mul() takes a RNG function as an argument, used for + * side-channel protection, but it can be NULL. The initial reasonning was + * that people will pass non-NULL RNG when they care about side-channels, but + * unfortunately we have some APIs that call ecp_mul() with a NULL RNG, with + * no opportunity for the user to do anything about it. + * + * The obvious strategies for addressing that include: + * - change those APIs so that they take RNG arguments; + * - require a global RNG to be available to all crypto modules. + * + * Unfortunately those would break compatibility. So what we do instead is + * have our own internal DRBG instance, seeded from the secret scalar. + * + * The following is a light-weight abstraction layer for doing that with + * CTR_DRBG or HMAC_DRBG. + */ + +#if defined(MBEDTLS_CTR_DRBG_C) +/* DRBG context type */ +typedef mbedtls_ctr_drbg_context ecp_drbg_context; + +/* DRBG context init */ +static inline void ecp_drbg_init( ecp_drbg_context *ctx ) +{ + mbedtls_ctr_drbg_init( ctx ); +} + +/* DRBG context free */ +static inline void ecp_drbg_free( ecp_drbg_context *ctx ) +{ + mbedtls_ctr_drbg_free( ctx ); +} + +/* DRBG function */ +static inline int ecp_drbg_random( void *p_rng, + unsigned char *output, size_t output_len ) +{ + return( mbedtls_ctr_drbg_random( p_rng, output, output_len ) ); +} + +/* + * Since CTR_DRBG doesn't have a seed_buf() function the way HMAC_DRBG does, + * we need to pass an entropy function when seeding. So we use a dummy + * function for that, and pass the actual entropy as customisation string. + * (During seeding of CTR_DRBG the entropy input and customisation string are + * concatenated before being used to update the secret state.) + */ +static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len) +{ + (void) ctx; + memset( out, 0, len ); + return( 0 ); +} + +/* DRBG context seeding */ +static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_mpi *secret ) +{ + const unsigned char *secret_p = (const unsigned char *) secret->p; + const size_t secret_size = secret->n * sizeof( mbedtls_mpi_uint ); + + return( mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL, + secret_p, secret_size ) ); +} + +#elif defined(MBEDTLS_HMAC_DRBG_C) +/* DRBG context type */ +typedef mbedtls_hmac_drbg_context ecp_drbg_context; + +/* DRBG context init */ +static inline void ecp_drbg_init( ecp_drbg_context *ctx ) +{ + mbedtls_hmac_drbg_init( ctx ); +} + +/* DRBG context free */ +static inline void ecp_drbg_free( ecp_drbg_context *ctx ) +{ + mbedtls_hmac_drbg_free( ctx ); +} + +/* DRBG function */ +static inline int ecp_drbg_random( void *p_rng, + unsigned char *output, size_t output_len ) +{ + return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) ); +} + +/* DRBG context seeding */ +static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_mpi *secret ) +{ + const unsigned char *secret_p = (const unsigned char *) secret->p; + const size_t secret_size = secret->n * sizeof( mbedtls_mpi_uint ); + + /* The list starts with strong hashes */ + const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); + + return( mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_p, secret_size ) ); +} + +#else +#error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." +#endif /* DRBG modules */ +#endif /* MBEDTLS_ECP_NO_INTERNAL_RNG */ + #if defined(MBEDTLS_ECP_RESTARTABLE) /* * Maximum number of "basic operations" to be done in a row. @@ -2443,12 +2560,19 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; +#endif +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_context drbg_ctx; #endif ECP_VALIDATE_RET( grp != NULL ); ECP_VALIDATE_RET( R != NULL ); ECP_VALIDATE_RET( m != NULL ); ECP_VALIDATE_RET( P != NULL ); +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_init( &drbg_ctx ); +#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ + #if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) @@ -2460,6 +2584,15 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + if( f_rng == NULL ) + { + MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) ); + f_rng = &ecp_drbg_random; + p_rng = &drbg_ctx; + } +#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ + #if defined(MBEDTLS_ECP_RESTARTABLE) /* skip argument check when restarting */ if( rs_ctx == NULL || rs_ctx->rsm == NULL ) @@ -2490,6 +2623,10 @@ cleanup: mbedtls_internal_ecp_free( grp ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_free( &drbg_ctx ); +#endif + #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL ) rs_ctx->depth--; From f2a9fcff6211f51204aa77cea3d682a3984d31a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 3 Jun 2020 12:11:56 +0200 Subject: [PATCH 109/247] Move internal drbg init to specific mul functions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While it seems cleaner and more convenient to set it in the top-level mbedtls_ecp_mul() function, the existence of the restartable option changes things - when it's enabled the drbg context needs to be saved in the restart context (more precisely in the restart_mul sub-context), which can only be done when it's allocated, which is in the curve-specific mul function. This commit only internal drbg management from mbedtls_ecp_mul() to ecp_mul_mxz() and ecp_mul_comb(), without modifying behaviour (even internal), and a future commit will modify the ecp_mul_comb() version to handle restart properly. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 59 ++++++++++++++++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 22 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index dc2b59244..0af3f4746 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2221,11 +2221,25 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char w, p_eq_g, i; size_t d; - unsigned char T_size, T_ok; - mbedtls_ecp_point *T; + unsigned char T_size = 0, T_ok = 0; + mbedtls_ecp_point *T = NULL; +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_context drbg_ctx; + + ecp_drbg_init( &drbg_ctx ); +#endif ECP_RS_ENTER( rsm ); +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + if( f_rng == NULL ) + { + MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) ); + f_rng = &ecp_drbg_random; + p_rng = &drbg_ctx; + } +#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ + /* Is P the base point ? */ #if MBEDTLS_ECP_FIXED_POINT_OPTIM == 1 p_eq_g = ( mbedtls_mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 && @@ -2297,6 +2311,10 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, cleanup: +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_free( &drbg_ctx ); +#endif + /* does T belong to the group? */ if( T == grp->T ) T = NULL; @@ -2487,9 +2505,22 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, unsigned char b; mbedtls_ecp_point RP; mbedtls_mpi PX; +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_context drbg_ctx; + ecp_drbg_init( &drbg_ctx ); +#endif mbedtls_ecp_point_init( &RP ); mbedtls_mpi_init( &PX ); +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + if( f_rng == NULL ) + { + MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) ); + f_rng = &ecp_drbg_random; + p_rng = &drbg_ctx; + } +#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ + /* Save PX and read from P before writing to R, in case P == R */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &PX, &P->X ) ); MBEDTLS_MPI_CHK( mbedtls_ecp_copy( &RP, P ) ); @@ -2542,6 +2573,10 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); cleanup: +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_free( &drbg_ctx ); +#endif + mbedtls_ecp_point_free( &RP ); mbedtls_mpi_free( &PX ); return( ret ); @@ -2560,19 +2595,12 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA; #if defined(MBEDTLS_ECP_INTERNAL_ALT) char is_grp_capable = 0; -#endif -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_context drbg_ctx; #endif ECP_VALIDATE_RET( grp != NULL ); ECP_VALIDATE_RET( R != NULL ); ECP_VALIDATE_RET( m != NULL ); ECP_VALIDATE_RET( P != NULL ); -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_init( &drbg_ctx ); -#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ - #if defined(MBEDTLS_ECP_RESTARTABLE) /* reset ops count for this call if top-level */ if( rs_ctx != NULL && rs_ctx->depth++ == 0 ) @@ -2584,15 +2612,6 @@ int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - if( f_rng == NULL ) - { - MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) ); - f_rng = &ecp_drbg_random; - p_rng = &drbg_ctx; - } -#endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ - #if defined(MBEDTLS_ECP_RESTARTABLE) /* skip argument check when restarting */ if( rs_ctx == NULL || rs_ctx->rsm == NULL ) @@ -2623,10 +2642,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); #endif /* MBEDTLS_ECP_INTERNAL_ALT */ -#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) - ecp_drbg_free( &drbg_ctx ); -#endif - #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL ) rs_ctx->depth--; From 53fb66db12fa3ff7a8cd5bfe7f5707cb55aa626a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 4 Jun 2020 09:43:14 +0200 Subject: [PATCH 110/247] Add support for RESTARTABLE with internal RNG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Currently we draw pseudo-random numbers at the beginning and end of the main loop. With ECP_RESTARTABLE, it's possible that between those two occasions we returned from the multiplication function, hence lost our internal DRBG context that lives in this function's stack frame. This would result in the same pseudo-random numbers being used for blinding in multiple places. While it's not immediately clear that this would give rise to an attack, it's also absolutely not clear that it doesn't. So let's avoid that by using a DRBG context that lives inside the restart context and persists across return/resume cycles. That way the RESTARTABLE case uses exactly the same pseudo-random numbers as the non-restartable case. Testing and compile-time options: - The case ECP_RESTARTABLE && !ECP_NO_INTERNAL_RNG is already tested by component_test_no_use_psa_crypto_full_cmake_asan. - The case ECP_RESTARTABLE && ECP_NO_INTERNAL_RNG didn't have a pre-existing test so a component is added. Testing and runtime options: when ECP_RESTARTABLE is enabled, the test suites already contain cases where restart happens and cases where it doesn't (because the operation is short enough or because restart is disabled (NULL restart context)). Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 34 ++++++++++++++++++++++++++++++++-- tests/scripts/all.sh | 19 +++++++++++++++++++ 2 files changed, 51 insertions(+), 2 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 0af3f4746..b8ce020be 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -282,6 +282,10 @@ struct mbedtls_ecp_restart_mul ecp_rsm_comb_core, /* ecp_mul_comb_core() */ ecp_rsm_final_norm, /* do the final normalization */ } state; +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_context drbg_ctx; + unsigned char drbg_seeded; +#endif }; /* @@ -294,6 +298,10 @@ static void ecp_restart_rsm_init( mbedtls_ecp_restart_mul_ctx *ctx ) ctx->T = NULL; ctx->T_size = 0; ctx->state = ecp_rsm_init; +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_init( &ctx->drbg_ctx ); + ctx->drbg_seeded = 0; +#endif } /* @@ -315,6 +323,10 @@ static void ecp_restart_rsm_free( mbedtls_ecp_restart_mul_ctx *ctx ) mbedtls_free( ctx->T ); } +#if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) + ecp_drbg_free( &ctx->drbg_ctx ); +#endif + ecp_restart_rsm_init( ctx ); } @@ -2234,9 +2246,27 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng == NULL ) { - MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) ); + /* Adjust pointers */ f_rng = &ecp_drbg_random; - p_rng = &drbg_ctx; +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + p_rng = &rs_ctx->rsm->drbg_ctx; + else +#endif + p_rng = &drbg_ctx; + + /* Initialize internal DRBG if necessary */ +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx == NULL || rs_ctx->rsm == NULL || + rs_ctx->rsm->drbg_seeded == 0 ) +#endif + { + MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m ) ); + } +#if defined(MBEDTLS_ECP_RESTARTABLE) + if( rs_ctx != NULL && rs_ctx->rsm != NULL ) + rs_ctx->rsm->drbg_seeded = 1; +#endif } #endif /* !MBEDTLS_ECP_NO_INTERNAL_RNG */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 44c5fa27d..34c03c3fa 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -883,6 +883,25 @@ component_test_ecp_no_internal_rng () { # no SSL tests as they all depend on having a DRBG } +component_test_ecp_restartable_no_internal_rng () { + msg "build: Default plus ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG" + scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG + scripts/config.py set MBEDTLS_ECP_RESTARTABLE + scripts/config.py unset MBEDTLS_CTR_DRBG_C + scripts/config.py unset MBEDTLS_HMAC_DRBG_C + scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG + scripts/config.py unset MBEDTLS_PSA_CRYPTO_C # requires CTR_DRBG + scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA Crypto + + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: ECP_RESTARTABLE and ECP_NO_INTERNAL_RNG, no DRBG module" + make test + + # no SSL tests as they all depend on having a DRBG +} + component_test_new_ecdh_context () { msg "build: new ECDH context (ASan build)" # ~ 6 min scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT From 71d56678d1cdf8ca97201d92e4a8aab0371710a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 4 Jun 2020 10:20:12 +0200 Subject: [PATCH 111/247] Update documentation about optional f_rng parameter MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- include/mbedtls/ecp.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index 4c05b4fd0..875e1f8d3 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -846,6 +846,9 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, * intermediate results to prevent potential timing attacks * targeting these results. We recommend always providing * a non-NULL \p f_rng. The overhead is negligible. + * Note: unless #MBEDTLS_ECP_NO_INTERNAL_RNG is defined, when + * \p f_rng is NULL, an internal RNG (seeded from the value + * of \p m) will be used instead. * * \param grp The ECP group to use. * This must be initialized and have group parameters From c7211784875025addffe0ef2c9f9593c8a5e105f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 4 Jun 2020 10:31:06 +0200 Subject: [PATCH 112/247] Add Security ChangeLog entry for lack of blinding MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/ecp-internal-rng.txt | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog.d/ecp-internal-rng.txt b/ChangeLog.d/ecp-internal-rng.txt index bf11a7391..c0419acad 100644 --- a/ChangeLog.d/ecp-internal-rng.txt +++ b/ChangeLog.d/ecp-internal-rng.txt @@ -3,3 +3,13 @@ Changes `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel coutermeasures. If side channels are not a concern, this dependency can be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. + +Security + * Fix side channel in mbedtls_ecp_check_pub_priv() and + mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a + private key that didn't include the uncompressed public key), as well as + mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL + f_rng argument. An attacker with access to precise enough timing and + memory access information (typically an untrusted operating system + attacking a secure enclave) could fully recover the ECC private key. + Found and reported by Alejandro Cabrera Aldaya and Billy Brumley. From 22b1de309758e972a7b62bc1474a23ed05c4ca40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 4 Jun 2020 10:43:29 +0200 Subject: [PATCH 113/247] Skip redundant checks for NULL f_rng MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined, it's no longer possible for f_rng to be NULL at the places that randomize coordinates. Eliminate the NULL check in this case: - it makes it clearer to reviewers that randomization always happens (unless the user opted out at compile time) - a NULL check in a place where it's easy to prove the value is never NULL might upset or confuse static analyzers (including humans) - removing the check saves a bit of code size Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/library/ecp.c b/library/ecp.c index b8ce020be..2dda15658 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2026,7 +2026,9 @@ static int ecp_mul_comb_core( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R i = d; MBEDTLS_MPI_CHK( ecp_select_comb( grp, R, T, T_size, x[i] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &R->Z, 1 ) ); +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != 0 ) +#endif MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, R, f_rng, p_rng ) ); } @@ -2159,7 +2161,9 @@ final_norm: * * Avoid the leak by randomizing coordinates before we normalize them. */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != 0 ) +#endif MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); @@ -2564,7 +2568,9 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MOD_ADD( RP.X ); /* Randomize coordinates of the starting point */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != NULL ) +#endif MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, &RP, f_rng, p_rng ) ); /* Loop invariant: R = result so far, RP = R + P */ @@ -2597,7 +2603,9 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, * * Avoid the leak by randomizing coordinates before we normalize them. */ +#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng != NULL ) +#endif MBEDTLS_MPI_CHK( ecp_randomize_mxz( grp, R, f_rng, p_rng ) ); MBEDTLS_MPI_CHK( ecp_normalize_mxz( grp, R ) ); From d53ef2ffd16490993010076f35f110bd65323caa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 4 Jun 2020 12:32:14 +0200 Subject: [PATCH 114/247] Use HMAC_DRBG by default for ECP internal DRBG MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It results in smaller code than using CTR_DRBG (64 bytes smaller on ARMv6-M with arm-none-eabi-gcc 7.3.1), so let's use this by default when both are available. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 84 ++++++++++++++++++++++++++------------------------- 1 file changed, 43 insertions(+), 41 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 2dda15658..eb921618a 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -106,10 +106,10 @@ #include "mbedtls/ecp_internal.h" #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) -#if defined(MBEDTLS_CTR_DRBG_C) -#include "mbedtls/ctr_drbg.h" -#elif defined(MBEDTLS_HMAC_DRBG_C) +#if defined(MBEDTLS_HMAC_DRBG_C) #include "mbedtls/hmac_drbg.h" +#elif defined(MBEDTLS_CTR_DRBG_C) +#include "mbedtls/ctr_drbg.h" #else #error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." #endif @@ -144,10 +144,48 @@ static unsigned long add_count, dbl_count, mul_count; * have our own internal DRBG instance, seeded from the secret scalar. * * The following is a light-weight abstraction layer for doing that with - * CTR_DRBG or HMAC_DRBG. + * HMAC_DRBG (first choice) or CTR_DRBG. */ -#if defined(MBEDTLS_CTR_DRBG_C) +#if defined(MBEDTLS_HMAC_DRBG_C) + +/* DRBG context type */ +typedef mbedtls_hmac_drbg_context ecp_drbg_context; + +/* DRBG context init */ +static inline void ecp_drbg_init( ecp_drbg_context *ctx ) +{ + mbedtls_hmac_drbg_init( ctx ); +} + +/* DRBG context free */ +static inline void ecp_drbg_free( ecp_drbg_context *ctx ) +{ + mbedtls_hmac_drbg_free( ctx ); +} + +/* DRBG function */ +static inline int ecp_drbg_random( void *p_rng, + unsigned char *output, size_t output_len ) +{ + return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) ); +} + +/* DRBG context seeding */ +static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_mpi *secret ) +{ + const unsigned char *secret_p = (const unsigned char *) secret->p; + const size_t secret_size = secret->n * sizeof( mbedtls_mpi_uint ); + + /* The list starts with strong hashes */ + const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); + + return( mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_p, secret_size ) ); +} + +#elif defined(MBEDTLS_CTR_DRBG_C) + /* DRBG context type */ typedef mbedtls_ctr_drbg_context ecp_drbg_context; @@ -194,42 +232,6 @@ static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_mpi *secret ) secret_p, secret_size ) ); } -#elif defined(MBEDTLS_HMAC_DRBG_C) -/* DRBG context type */ -typedef mbedtls_hmac_drbg_context ecp_drbg_context; - -/* DRBG context init */ -static inline void ecp_drbg_init( ecp_drbg_context *ctx ) -{ - mbedtls_hmac_drbg_init( ctx ); -} - -/* DRBG context free */ -static inline void ecp_drbg_free( ecp_drbg_context *ctx ) -{ - mbedtls_hmac_drbg_free( ctx ); -} - -/* DRBG function */ -static inline int ecp_drbg_random( void *p_rng, - unsigned char *output, size_t output_len ) -{ - return( mbedtls_hmac_drbg_random( p_rng, output, output_len ) ); -} - -/* DRBG context seeding */ -static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_mpi *secret ) -{ - const unsigned char *secret_p = (const unsigned char *) secret->p; - const size_t secret_size = secret->n * sizeof( mbedtls_mpi_uint ); - - /* The list starts with strong hashes */ - const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); - - return( mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_p, secret_size ) ); -} - #else #error "Invalid configuration detected. Include check_config.h to ensure that the configuration is valid." #endif /* DRBG modules */ From 9b8d34edd48877972c2f446b183eca2212de63ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jun 2020 09:53:20 +0200 Subject: [PATCH 115/247] Avoid superflous randomization with restartable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Checking the budget only after the randomization is done means sometimes we were randomizing first, then noticing we ran out of budget, return, come back and randomize again before we finally normalize. While this is fine from a correctness and security perspective, it's a minor inefficiency, and can also be disconcerting while debugging, so we might as well avoid it. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp.c b/library/ecp.c index eb921618a..6c856dc3d 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -2151,6 +2151,7 @@ static int ecp_mul_comb_after_precomp( const mbedtls_ecp_group *grp, rs_ctx->rsm->state = ecp_rsm_final_norm; final_norm: + MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); #endif /* * Knowledge of the jacobian coordinates may leak the last few bits of the @@ -2168,7 +2169,6 @@ final_norm: #endif MBEDTLS_MPI_CHK( ecp_randomize_jac( grp, RR, f_rng, p_rng ) ); - MBEDTLS_ECP_BUDGET( MBEDTLS_ECP_OPS_INV ); MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, RR ) ); #if defined(MBEDTLS_ECP_RESTARTABLE) From f1f180a6a19408023b04fdb2361c404c378006fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jun 2020 10:46:35 +0200 Subject: [PATCH 116/247] all.sh: keep dd output in non-quiet mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since dd prints everything on stderr, both normal status update and actual errors when they occur, redirecting that to /dev/null is a trade-off that's acceptable in quiet mode (typically used on a developer's machine and the developer will re-run in non-quiet mode if anything fails without sufficient detail in the output), but not that much in non-quiet mode. For example, if our dd invocation fails because the disk in full on a CI machine, we want the error to be reported at the time we invoke dd, and not later when a seemingly unrelated test fails due to an incorrect seedfile. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1640dbe48..f2b346359 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -510,10 +510,16 @@ pre_setup_quiet_redirect () { redirect_out () { "$@" } + redirect_err () { + "$@" + } else redirect_out () { "$@" >/dev/null } + redirect_err () { + "$@" 2>/dev/null + } fi } @@ -1925,7 +1931,7 @@ run_component () { # Unconditionally create a seedfile that's sufficiently long. # Do this before each component, because a previous component may # have messed it up or shortened it. - dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 >/dev/null 2>&1 + redirect_err dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 # Run the component code. if [ $QUIET -eq 1 ]; then From 304b0995342d7b77b3817f74f864633d09e9e7a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jun 2020 10:59:41 +0200 Subject: [PATCH 117/247] all.sh: clean up some uses of "local" variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While pure sh doesn't have a concept of local variables, we can partially emulate them by unsetting variables before we exit the function, and use the convention of giving them lowercase names to distinguish from global variables. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f2b346359..32efc1d1f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -682,11 +682,12 @@ component_check_names () { component_check_test_cases () { msg "Check: test case descriptions" # < 1s if [ $QUIET -eq 1 ]; then - OPT='--quiet' + opt='--quiet' else - OPT='' + opt='' fi - record_status tests/scripts/check-test-cases.py $OPT + record_status tests/scripts/check-test-cases.py $opt + unset opt } component_check_doxygen_warnings () { @@ -1942,7 +1943,7 @@ run_component () { # Restore the build tree to a clean state. cleanup - current_component="" + unset current_component } # Preliminary setup From e050191ef58733726f1a23858190c5b3b8a62ba9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jun 2020 12:59:27 +0200 Subject: [PATCH 118/247] Make basic-build-test.sh deterministic MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 8 ++++++-- tests/scripts/basic-build-test.sh | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d911d493a..00bf997f5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -122,6 +122,10 @@ pre_initialize_variables () { FORCE=0 KEEP_GOING=0 + # Seed value used with the --release-test option. + # !!! Keep this in sync with SEED in basic-build-test.sh !!! + RELEASE_SEED=1 + : ${MBEDTLS_TEST_OUTCOME_FILE=} : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} export MBEDTLS_TEST_OUTCOME_FILE @@ -219,7 +223,7 @@ General options: --outcome-file= File where test outcomes are written (not done if empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). --random-seed Use a random seed value for randomized tests (default). - -r|--release-test Run this script in release mode. This fixes the seed value to 1. + -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}. -s|--seed Integer seed value to use for this test run. Tool path options: @@ -369,7 +373,7 @@ pre_parse_command_line () { --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; --random-seed) unset SEED;; - --release-test|-r) SEED=1;; + --release-test|-r) SEED=$RELEASE_SEED;; --seed|-s) shift; SEED="$1";; -*) echo >&2 "Unknown option: $1" diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 0be870587..f91b14466 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -43,6 +43,11 @@ fi : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} +# Used to make ssl-opt.sh deterministic. +# !!! Keep this in sync with RELEASE_SEED in all.sh !!! +: ${SEED:=1} +export SEED + # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh # we just export the variables they require export OPENSSL_CMD="$OPENSSL" From db06445ad68edf185e4bb16fd46e666334e04b75 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 1 Jun 2020 12:29:26 +0200 Subject: [PATCH 119/247] Fix typo in currently unused macro constant Signed-off-by: Steven Cooreman --- include/psa/crypto_values.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 9fed276e7..f33946ab9 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -1611,7 +1611,7 @@ */ #define PSA_KEY_LIFETIME_IS_VOLATILE(lifetime) \ (PSA_KEY_LIFETIME_GET_PERSISTENCE(lifetime) == \ - PSA_KEY_LIFETIME_PERSISTENCE_VOLATILE) + PSA_KEY_PERSISTENCE_VOLATILE) /** Construct a lifetime from a persistence level and a location. * From 8335f41cda5fe927efd533f1495a451bc871ef43 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 2 Jun 2020 11:04:15 +0200 Subject: [PATCH 120/247] Enable figuring out number of cores when running on OS X Signed-off-by: Steven Cooreman --- tests/scripts/docker_env.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/tests/scripts/docker_env.sh b/tests/scripts/docker_env.sh index 8bdc42579..582a17d1a 100755 --- a/tests/scripts/docker_env.sh +++ b/tests/scripts/docker_env.sh @@ -60,12 +60,19 @@ else DOCKER="sudo docker" fi +# Figure out the number of processors available +if [ "$(uname)" == "Darwin" ]; then + NUM_PROC="$(sysctl -n hw.logicalcpu)" +else + NUM_PROC="$(nproc)" +fi + # Build the Docker image echo "Getting docker image up to date (this may take a few minutes)..." ${DOCKER} image build \ -t ${DOCKER_IMAGE_TAG} \ --cache-from=${DOCKER_IMAGE_TAG} \ - --build-arg MAKEFLAGS_PARALLEL="-j $(nproc)" \ + --build-arg MAKEFLAGS_PARALLEL="-j ${NUM_PROC}" \ --network host \ ${http_proxy+--build-arg http_proxy=${http_proxy}} \ ${https_proxy+--build-arg https_proxy=${https_proxy}} \ From c59de6ab7e7b8f006e7a70fccabb363bb9edb200 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Jun 2020 18:28:25 +0200 Subject: [PATCH 121/247] Refactor lifetime checking to reflect split in location and persistence Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 4 ++-- library/psa_crypto_slot_management.c | 5 ++++- library/psa_crypto_slot_management.h | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 69323184d..1c348e8b0 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1500,7 +1500,7 @@ static psa_status_t psa_validate_key_attributes( { psa_status_t status; - if( attributes->core.lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) ) { status = psa_validate_persistent_key_parameters( attributes->core.lifetime, attributes->core.id, @@ -1660,7 +1660,7 @@ static psa_status_t psa_finish_key_creation( (void) driver; #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( slot->attr.lifetime != PSA_KEY_LIFETIME_VOLATILE ) + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( slot->attr.lifetime ) ) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) if( driver != NULL ) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 6cd6a1135..193959aba 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -200,7 +200,10 @@ psa_status_t psa_validate_persistent_key_parameters( } else #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - if( lifetime != PSA_KEY_LIFETIME_PERSISTENT ) + if( ( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) + != PSA_KEY_LOCATION_LOCAL_STORAGE ) || + ( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ) + != PSA_KEY_PERSISTENCE_DEFAULT ) ) return( PSA_ERROR_INVALID_ARGUMENT ); #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 472253dd9..db2aa964c 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -88,8 +88,8 @@ psa_status_t psa_get_empty_key_slot( psa_key_handle_t *handle, */ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) { - return( lifetime != PSA_KEY_LIFETIME_VOLATILE && - lifetime != PSA_KEY_LIFETIME_PERSISTENT ); + return( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) + != PSA_KEY_LOCATION_LOCAL_STORAGE ); } /** Test whether the given parameters are acceptable for a persistent key. From bbeaf18eac24d142b79139fbac916b60d0b389ff Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Jun 2020 18:29:44 +0200 Subject: [PATCH 122/247] Do not persist transactions on volatile external keys Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 1c348e8b0..a0851c7f7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1593,11 +1593,14 @@ static psa_status_t psa_start_key_creation( #if defined(MBEDTLS_PSA_CRYPTO_SE_C) /* For a key in a secure element, we need to do three things - * when creating or registering a key: + * when creating or registering a persistent key: * create the key file in internal storage, create the * key inside the secure element, and update the driver's - * persistent data. Start a transaction that will encompass these - * three actions. */ + * persistent data. This is done by starting a transaction that will + * encompass these three actions. + * For registering a volatile key, we just need to find an appropriate + * slot number inside the SE. Since the key is designated volatile, creating + * a transaction is not required. */ /* The first thing to do is to find a slot number for the new key. * We save the slot number in persistent storage as part of the * transaction data. It will be needed to recover if the power @@ -1612,15 +1615,19 @@ static psa_status_t psa_start_key_creation( &slot->data.se.slot_number ); if( status != PSA_SUCCESS ) return( status ); - psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY ); - psa_crypto_transaction.key.lifetime = slot->attr.lifetime; - psa_crypto_transaction.key.slot = slot->data.se.slot_number; - psa_crypto_transaction.key.id = slot->attr.id; - status = psa_crypto_save_transaction( ); - if( status != PSA_SUCCESS ) + + if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) ) { - (void) psa_crypto_stop_transaction( ); - return( status ); + psa_crypto_prepare_transaction( PSA_CRYPTO_TRANSACTION_CREATE_KEY ); + psa_crypto_transaction.key.lifetime = slot->attr.lifetime; + psa_crypto_transaction.key.slot = slot->data.se.slot_number; + psa_crypto_transaction.key.id = slot->attr.id; + status = psa_crypto_save_transaction( ); + if( status != PSA_SUCCESS ) + { + (void) psa_crypto_stop_transaction( ); + return( status ); + } } } @@ -1708,8 +1715,8 @@ static psa_status_t psa_finish_key_creation( /* Finish the transaction for a key creation. This does not * happen when registering an existing key. Detect this case * by checking whether a transaction is in progress (actual - * creation of a key in a secure element requires a transaction, - * but registration doesn't use one). */ + * creation of a persistent key in a secure element requires a transaction, + * but registration or volatile key creation doesn't use one). */ if( driver != NULL && psa_crypto_transaction.unknown.type == PSA_CRYPTO_TRANSACTION_CREATE_KEY ) { From 223f2877bee96defc611bcee8c255c349d62f7c5 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Jun 2020 18:30:20 +0200 Subject: [PATCH 123/247] Add test to check that volatile external keys do not get persisted Signed-off-by: Steven Cooreman --- .../test_suite_psa_crypto_se_driver_hal.data | 28 +++++-- ...st_suite_psa_crypto_se_driver_hal.function | 77 ++++++++++++++++--- 2 files changed, 86 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 55c34266b..5333e570d 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -24,17 +24,29 @@ register_twice:3 Register SE driver: maximum number of drivers register_max: -SE key import-export (p_allocate allows all slots) -key_creation_import_export:0:0 +SE key import-export persistent (p_allocate allows all slots) +key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:0:0 -SE key import-export (p_allocate allows 1 slot) -key_creation_import_export:ARRAY_LENGTH( ram_slots ) - 1:0 +SE key import-export persistent (p_allocate allows 1 slot) +key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:ARRAY_LENGTH( ram_slots ) - 1:0 -SE key import-export, check after restart (slot 0) -key_creation_import_export:0:1 +SE key import-export persistent, check after restart (slot 0) +key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:0:1 -SE key import-export, check after restart (slot 3) -key_creation_import_export:3:1 +SE key import-export persistent, check after restart (slot 3) +key_creation_import_export:TEST_SE_PERSISTENT_LIFETIME:3:1 + +SE key import-export volatile (p_allocate allows all slots) +key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:0:0 + +SE key import-export volatile (p_allocate allows 1 slot) +key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:ARRAY_LENGTH( ram_slots ) - 1:0 + +SE key import-export volatile, check after restart (slot 0) +key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:0:1 + +SE key import-export volatile, check after restart (slot 3) +key_creation_import_export:TEST_SE_VOLATILE_LIFETIME:3:1 Key creation in a specific slot (0) key_creation_in_chosen_slot:0:0:PSA_SUCCESS diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index f95f7e526..9b0cf45f3 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -27,6 +27,10 @@ ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION ) ) +#define TEST_SE_VOLATILE_LIFETIME \ + ( PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ + PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ) ) + /** The driver detected a condition that shouldn't happen. * This is probably a bug in the library. */ #define PSA_ERROR_DETECTED_BY_DRIVER ((psa_status_t)( -500 )) @@ -609,6 +613,20 @@ exit: return( ok ); } +/* Check that no persistent data exists for the given location. */ +static int check_no_persistent_data( psa_key_location_t location ) +{ + psa_storage_uid_t uid = file_uid_for_location( location ); + struct psa_storage_info_t info; + int ok = 0; + + TEST_ASSERT( psa_its_get_info( uid, &info ) == PSA_ERROR_DOES_NOT_EXIST ); + ok = 1; + +exit: + return( ok ); +} + /* Check that a function's return status is "smoke-free", i.e. that * it's an acceptable error code when calling an API function that operates * on a key with potentially bogus parameters. */ @@ -829,11 +847,11 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void key_creation_import_export( int min_slot, int restart ) +void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) { psa_drv_se_t driver; psa_drv_se_key_management_t key_management; - psa_key_lifetime_t lifetime = TEST_SE_PERSISTENT_LIFETIME; + psa_key_lifetime_t lifetime = (psa_key_lifetime_t) lifetime_arg; psa_key_location_t location = PSA_KEY_LIFETIME_GET_LOCATION( lifetime ); psa_key_id_t id = 1; psa_key_handle_t handle = 0; @@ -864,10 +882,25 @@ void key_creation_import_export( int min_slot, int restart ) PSA_ASSERT( psa_import_key( &attributes, key_material, sizeof( key_material ), &handle ) ); - if( ! check_persistent_data( location, - &ram_shadow_slot_usage, - sizeof( ram_shadow_slot_usage ) ) ) - goto exit; + + + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + /* For volatile keys, check no persistent data was created */ + if( ! check_no_persistent_data( location ) ) + goto exit; + } + else + { + /* For persistent keys, check persistent data */ + if( ! check_persistent_data( location, + &ram_shadow_slot_usage, + sizeof( ram_shadow_slot_usage ) ) ) + goto exit; + } + + /* Test that the key was created in the expected slot. */ + TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA ); /* Maybe restart, to check that the information is saved correctly. */ if( restart ) @@ -875,11 +908,33 @@ void key_creation_import_export( int min_slot, int restart ) mbedtls_psa_crypto_free( ); PSA_ASSERT( psa_register_se_driver( location, &driver ) ); PSA_ASSERT( psa_crypto_init( ) ); - if( ! check_persistent_data( location, - &ram_shadow_slot_usage, - sizeof( ram_shadow_slot_usage ) ) ) - goto exit; - PSA_ASSERT( psa_open_key( id, &handle ) ); + + if( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + /* Check that the PSA core has no knowledge of the volatile key */ + TEST_ASSERT( psa_open_key( id, &handle ) == PSA_ERROR_DOES_NOT_EXIST ); + + /* Drop data from our mockup driver */ + ram_slots_reset(); + ram_min_slot = min_slot; + + /* Re-import key */ + PSA_ASSERT( psa_import_key( &attributes, + key_material, sizeof( key_material ), + &handle ) ); + } + else + { + + /* Check we can re-open the persistent key */ + if( ! check_persistent_data( location, + &ram_shadow_slot_usage, + sizeof( ram_shadow_slot_usage ) ) ) + goto exit; + + /* Check that the PSA core still knows about the key */ + PSA_ASSERT( psa_open_key( id, &handle ) ); + } } /* Test that the key was created in the expected slot. */ From 37ecc61836da2b5be50112479828e7c0ca147ee1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Jun 2020 22:05:13 +0200 Subject: [PATCH 124/247] More logical parameter order for mpi_sub_hlp mpi_sub_hlp performs a subtraction A - B, but took parameters in the order (B, A). Swap the parameters so that they match the usual mathematical syntax. This has the additional benefit of putting the output parameter (A) first, which is the normal convention in this module. Signed-off-by: Gilles Peskine --- library/bignum.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 487f1ef9c..64ea872e0 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1347,8 +1347,8 @@ cleanup: * d -= s where d and s have the same size and d >= s. */ static void mpi_sub_hlp( size_t n, - const mbedtls_mpi_uint *s, - mbedtls_mpi_uint *d ) + mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *s ) { size_t i; mbedtls_mpi_uint c, z; @@ -1403,7 +1403,7 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( B->p[n - 1] != 0 ) break; - mpi_sub_hlp( n, B->p, X->p ); + mpi_sub_hlp( n, X->p, B->p ); cleanup: @@ -2047,7 +2047,7 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi * timing attacks. */ /* Set d to A + (2^biL)^n - N. */ d[n] += 1; - mpi_sub_hlp( n, N->p, d ); + mpi_sub_hlp( n, d, N->p ); /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. * So we want to copy the result of the subtraction iff d->p[n] != 0. * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ From c097e9ea45f12bd8cb2f2ffa40a9181dba898b91 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Jun 2020 21:58:22 +0200 Subject: [PATCH 125/247] Move carry propagation out of mpi_sub_hlp The function mpi_sub_hlp had confusing semantics: although it took a size parameter, it accessed the limb array d beyond this size, to propagate the carry. This made the function difficult to understand and analyze, with a potential buffer overflow if misused (not enough room to propagate the carry). Change the function so that it only performs the subtraction within the specified number of limbs, and returns the carry. Move the carry propagation out of mpi_sub_hlp and into its caller mbedtls_mpi_sub_abs. This makes the code of subtraction very slightly less neat, but not significantly different. In the one other place where mpi_sub_hlp is used, namely mpi_montmul, this is a net win because the carry is potentially sensitive data and the function carefully arranges to not have to propagate it. Signed-off-by: Gilles Peskine --- library/bignum.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 64ea872e0..0fddef2ac 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1343,12 +1343,23 @@ cleanup: } /* - * Helper for mbedtls_mpi subtraction: - * d -= s where d and s have the same size and d >= s. + * Helper for mbedtls_mpi subtraction. + * + * Calculate d - s where d and s have the same size. + * This function operates modulo (2^ciL)^n and returns the carry + * (1 if there was a wraparound, i.e. if `d < s`, and 0 otherwise). + * + * \param n Number of limbs of \p d and \p s. + * \param[in,out] d On input, the left operand. + * On output, the result of the subtraction: + * \param[s] The right operand. + * + * \return 1 if `d < s`. + * 0 if `d >= s`. */ -static void mpi_sub_hlp( size_t n, - mbedtls_mpi_uint *d, - const mbedtls_mpi_uint *s ) +static mbedtls_mpi_uint mpi_sub_hlp( size_t n, + mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *s ) { size_t i; mbedtls_mpi_uint c, z; @@ -1359,11 +1370,7 @@ static void mpi_sub_hlp( size_t n, c = ( *d < *s ) + z; *d -= *s; } - while( c != 0 ) - { - z = ( *d < c ); *d -= c; - c = z; d++; - } + return( c ); } /* @@ -1374,6 +1381,7 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi mbedtls_mpi TB; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; + mbedtls_mpi_uint c, z; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( B != NULL ); @@ -1403,7 +1411,12 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( B->p[n - 1] != 0 ) break; - mpi_sub_hlp( n, X->p, B->p ); + c = mpi_sub_hlp( n, X->p, B->p ); + while( c != 0 ) + { + z = ( X->p[n] < c ); X->p[n] -= c; + c = z; n++; + } cleanup: @@ -2047,7 +2060,7 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi * timing attacks. */ /* Set d to A + (2^biL)^n - N. */ d[n] += 1; - mpi_sub_hlp( n, d, N->p ); + d[n] -= mpi_sub_hlp( n, d, N->p ); /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. * So we want to copy the result of the subtraction iff d->p[n] != 0. * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ From 221626f2d3fb8712a4e171240a909a1eb464ce53 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Jun 2020 22:37:50 +0200 Subject: [PATCH 126/247] Simplify the final reduction in mpi_montmul There was some confusion during review about when A->p[n] could be nonzero. In fact, there is no need to set A->p[n]: only the intermediate result d might need to extend to n+1 limbs, not the final result A. So never access A->p[n]. Rework the explanation of the calculation in a way that should be easier to follow. Signed-off-by: Gilles Peskine --- library/bignum.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 0fddef2ac..7a81f33b1 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2009,8 +2009,8 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) /** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) * * \param[in,out] A One of the numbers to multiply. - * It must have at least one more limb than N - * (A->n >= N->n + 1). + * It must have at least as many limbs as N + * (A->n >= N->n), and any limbs beyond n are ignored. * On successful completion, A contains the result of * the multiplication A * B * R^-1 mod N where * R = (2^ciL)^n. @@ -2054,18 +2054,25 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *d++ = u0; d[n + 1] = 0; } - memcpy( A->p, d, ( n + 1 ) * ciL ); + /* At this point, d is either the desired result or the desired result + * plus N. We now potentially subtract N, avoiding leaking whether the + * subtraction is performed through side channels. */ - /* If A >= N then A -= N. Do the subtraction unconditionally to prevent - * timing attacks. */ - /* Set d to A + (2^biL)^n - N. */ + /* Copy the n least significant limbs of d to A, so that + * A = d if d < N (recall that N has n limbs). */ + memcpy( A->p, d, n * ciL ); + /* If d >= N then we want to set A to N - d. To prevent timing attacks, + * do the calculation without using conditional tests. */ + /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */ d[n] += 1; d[n] -= mpi_sub_hlp( n, d, N->p ); - /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. - * So we want to copy the result of the subtraction iff d->p[n] != 0. - * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ - mpi_safe_cond_assign( n + 1, A->p, d, (unsigned char) d[n] ); - A->p[n] = 0; + /* If d0 < N then d < (2^biL)^n + * so d[n] == 0 and we want to keep A as it is. + * If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n + * so d[n] == 1 and we want to set A to the result of the subtraction + * which is d - (2^biL)^n, i.e. the n least significant limbs of d. + * This exactly corresponds to a conditional assignment. */ + mpi_safe_cond_assign( n, A->p, d, (unsigned char) d[n] ); } /* From 0e5faf64074b987284ed3305f3bb4326662a8ad5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Jun 2020 22:50:35 +0200 Subject: [PATCH 127/247] mbedtls_mpi_sub_abs: check the range of the result when it happens The function mbedtls_mpi_sub_abs first checked that A >= B and then performed the subtraction, relying on the fact that A >= B to guarantee that the carry propagation would stop, and not taking advantage of the fact that the carry when subtracting two numbers can only be 0 or 1. This made the carry propagation code a little hard to follow. Write an ad hoc loop for the carry propagation, checking the size of the result. This makes termination obvious. The initial check that A >= B is no longer needed, since the function now checks that the carry propagation terminates, which is equivalent. This is a slight performance gain. Signed-off-by: Gilles Peskine --- library/bignum.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 7a81f33b1..3825820ea 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1374,20 +1374,20 @@ static mbedtls_mpi_uint mpi_sub_hlp( size_t n, } /* - * Unsigned subtraction: X = |A| - |B| (HAC 14.9) + * Unsigned subtraction: X = |A| - |B| (HAC 14.9, 14.10) */ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { mbedtls_mpi TB; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; - mbedtls_mpi_uint c, z; + mbedtls_mpi_uint carry; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( B != NULL ); - if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) - return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + /* if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) */ + /* return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); */ mbedtls_mpi_init( &TB ); @@ -1411,11 +1411,17 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( B->p[n - 1] != 0 ) break; - c = mpi_sub_hlp( n, X->p, B->p ); - while( c != 0 ) + carry = mpi_sub_hlp( n, X->p, B->p ); + if( carry != 0 ) { - z = ( X->p[n] < c ); X->p[n] -= c; - c = z; n++; + /* Propagate the carry to the first nonzero limb of X. */ + for( ; n < X->n && X->p[n] == 0; n++ ) + --X->p[n]; + /* If we ran out of space for the carry, it means that the result + * is negative. */ + if( n == X->n ) + return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + --X->p[n]; } cleanup: From 09ec10a32e56c11d358659ba3a2e547049520298 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 9 Jun 2020 10:39:38 +0200 Subject: [PATCH 128/247] Clean up some comments Signed-off-by: Gilles Peskine --- library/bignum.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 3825820ea..d9ab6f68b 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1342,7 +1342,7 @@ cleanup: return( ret ); } -/* +/** * Helper for mbedtls_mpi subtraction. * * Calculate d - s where d and s have the same size. @@ -1352,7 +1352,7 @@ cleanup: * \param n Number of limbs of \p d and \p s. * \param[in,out] d On input, the left operand. * On output, the result of the subtraction: - * \param[s] The right operand. + * \param[in] s The right operand. * * \return 1 if `d < s`. * 0 if `d >= s`. @@ -1386,9 +1386,6 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( B != NULL ); - /* if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) */ - /* return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); */ - mbedtls_mpi_init( &TB ); if( X == B ) @@ -2067,7 +2064,7 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi /* Copy the n least significant limbs of d to A, so that * A = d if d < N (recall that N has n limbs). */ memcpy( A->p, d, n * ciL ); - /* If d >= N then we want to set A to N - d. To prevent timing attacks, + /* If d >= N then we want to set A to d - N. To prevent timing attacks, * do the calculation without using conditional tests. */ /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */ d[n] += 1; From 5620d71d581b7a5e9aafc56103b9655662b9826f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 9 Jun 2020 12:52:04 +0200 Subject: [PATCH 129/247] Remove hardcoded line number from the zeroize test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead, we insert a comment containing GDB_BREAK_HERE in the line we want to break at, and let the gdb script search for it. Signed-off-by: Bence Szépkúti --- programs/test/zeroize.c | 12 +++++------- tests/scripts/test_zeroize.gdb | 12 +++--------- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index c670a6b58..e61b4707c 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -4,12 +4,10 @@ * This is a simple test application used for debugger-driven testing to check * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb under the assumption that the code does not - * change often (as opposed to the library code) because the script sets a - * breakpoint at the last return statement in the main() function of this - * program. The debugger facilities are then used to manually inspect the - * memory and verify that the call to mbedtls_platform_zeroize() was not - * eliminated. + * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last + * return statement in the main() function of this program. The debugger + * facilities are then used to manually inspect the memory and verify that the + * call to mbedtls_platform_zeroize() was not eliminated. * * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -98,5 +96,5 @@ int main( int argc, char** argv ) fclose( fp ); mbedtls_platform_zeroize( buf, sizeof( buf ) ); - mbedtls_exit( exit_code ); + mbedtls_exit( exit_code ); // GDB_BREAK_HERE -- don't remove this comment! } diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index c929c88a0..8164acb9b 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -31,19 +31,13 @@ # the compiler potentially has a bug. # # Note: This test requires that the test program is compiled with -g3. -# -# WARNING: There does not seem to be a mechanism in GDB scripts to set a -# breakpoint at the end of a function (probably because there are a lot of -# complications as function can have multiple exit points, etc). Therefore, it -# was necessary to hard-code the line number of the breakpoint in the zeroize.c -# test app. The assumption is that zeroize.c is a simple test app that does not -# change often (as opposed to the actual library code), so the breakpoint line -# number does not need to be updated often. set confirm off file ./programs/test/zeroize -break zeroize.c:100 + +search GDB_BREAK_HERE +break $_ set args ./programs/test/zeroize.c run From 672257b7d92d6f5dd7f03e5ac40d186e36b76648 Mon Sep 17 00:00:00 2001 From: irwir Date: Thu, 21 May 2020 17:23:57 +0300 Subject: [PATCH 130/247] Add changelog entry Signed-off-by: irwir --- ChangeLog.d/bugfix_PR3333.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/bugfix_PR3333.txt diff --git a/ChangeLog.d/bugfix_PR3333.txt b/ChangeLog.d/bugfix_PR3333.txt new file mode 100644 index 000000000..90766ac71 --- /dev/null +++ b/ChangeLog.d/bugfix_PR3333.txt @@ -0,0 +1,2 @@ +Bugfix + * Remove unused macros from MSVC projects. Reported in #3297 and fix submitted in #3333 by irwir. From c857044e94715481c7e1222ef2b6fac221038fe1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Apr 2020 17:00:50 +0100 Subject: [PATCH 131/247] Add min/max version negotiation to unit tests Add the min/max version negotiation tests from ssl-opt.sh as unit tests for the sake of utility and easier running of tests during development Signed-off-by: Paul Elliott --- tests/suites/test_suite_ssl.data | 44 ++++++++++++-- tests/suites/test_suite_ssl.function | 87 +++++++++++++++++++++++----- 2 files changed, 109 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index aa314dd32..d3158fd4c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -201,19 +201,19 @@ move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TIC Handshake, SSL3 depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -handshake_version:MBEDTLS_SSL_MINOR_VERSION_0:0 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0 Handshake, tls1 depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_CIPHER_MODE_CBC -handshake_version:MBEDTLS_SSL_MINOR_VERSION_1:0 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1 Handshake, tls1_1 depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC -handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:0 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2 Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:0 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -241,11 +241,11 @@ handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 DTLS Handshake, tls1_1 depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS -handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:1 +handshake_version:1:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2 DTLS Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS -handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:1 +handshake_version:1:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS @@ -281,6 +281,38 @@ handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1 DTLS Handshake fragmentation, MFL=1024 handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1 +Handshake min/max version check, all -> 1.2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_3 + +Handshake min/max version check, cli max 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, srv max 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, cli+srv max 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, cli max 1.1, srv min 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, cli min 1.1, srv max 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, cli min 1.2, srv max 1.1 -> fail +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_TLS1_2 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_2:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE + +Handshake min/max version check, srv min 1.2, cli max 1.1 -> fail +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_TLS1_2 +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_2:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE + Sending app data via TLS, MFL=512 without fragmentation depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6b32ca344..9d16a573b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -36,10 +36,17 @@ void log_analyzer( void *ctx, int level, } } +/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */ +#define TEST_SSL_MINOR_VERSION_NONE -1 + typedef struct handshake_test_options { const char *cipher; - int version; + int client_min_version; + int client_max_version; + int server_min_version; + int server_max_version; + int expected_negotiated_version; int pk_alg; data_t *psk_str; int dtls; @@ -62,7 +69,11 @@ typedef struct handshake_test_options void init_handshake_options( handshake_test_options *opts ) { opts->cipher = ""; - opts->version = MBEDTLS_SSL_MINOR_VERSION_3; + opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE; + opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE; + opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE; + opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE; + opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3; opts->pk_alg = MBEDTLS_PK_RSA; opts->psk_str = NULL; opts->dtls = 0; @@ -1671,7 +1682,7 @@ void perform_handshake( handshake_test_options* options ) #if defined(MBEDTLS_SSL_RENEGOTIATION) int ret = -1; #endif - + int expected_handshake_result = 0; mbedtls_test_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; @@ -1697,10 +1708,18 @@ void perform_handshake( handshake_test_options* options ) options->pk_alg, NULL, NULL, NULL ) == 0 ); } - mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->version ); - mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->version ); + + if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE ) + { + mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->client_min_version ); + } + + if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE ) + { + mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->client_max_version ); + } if( strlen( options->cipher ) > 0 ) { @@ -1737,8 +1756,18 @@ void perform_handshake( handshake_test_options* options ) mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode ); - mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->version ); + if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE ) + { + mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->server_min_version ); + } + + if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE ) + { + mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->server_max_version ); + } + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) options->mfl ) == 0 ); @@ -1803,18 +1832,36 @@ void perform_handshake( handshake_test_options* options ) } #endif + if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE ) + { + expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; + } + TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER ) - == 0 ); + == expected_handshake_result ); + + if( expected_handshake_result != 0 ) + { + /* Connection will have failed by this point, skip to cleanup */ + goto exit; + } + TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); + /* Check that we agree on the version... */ + TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver ); + + /* And check that the version negotiated is the expected one. */ + TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version ); + #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if( options->resize_buffers != 0 ) { - if( options->version != MBEDTLS_SSL_MINOR_VERSION_0 && - options->version != MBEDTLS_SSL_MINOR_VERSION_1 ) + if( options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 && + options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1 ) { /* A server, when using DTLS, might delay a buffer resize to happen * after it receives a message, so we force it. */ @@ -3791,17 +3838,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ -void handshake_version( int version, int dtls ) +void handshake_version( int dtls, int client_min_version, int client_max_version, + int server_min_version, int server_max_version, + int expected_negotiated_version ) { handshake_test_options options; init_handshake_options( &options ); - options.version = version; + options.client_min_version = client_min_version; + options.client_max_version = client_max_version; + options.server_min_version = server_min_version; + options.server_max_version = server_max_version; + + options.expected_negotiated_version = expected_negotiated_version; + options.dtls = dtls; /* By default, SSLv3.0 and TLSv1.0 use 1/n-1 splitting when sending data, so * the number of fragments will be twice as big. */ - if( version == MBEDTLS_SSL_MINOR_VERSION_0 || - version == MBEDTLS_SSL_MINOR_VERSION_1 ) + if( expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 || + expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1 ) { options.expected_cli_fragments = 2; options.expected_srv_fragments = 2; From 3c1b090e582f7f617b3040bc97413b6d65b23790 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?okhowang=28=E7=8E=8B=E6=B2=9B=E6=96=87=29?= Date: Wed, 25 Mar 2020 19:55:32 +0800 Subject: [PATCH 132/247] Use FindPython3 when cmake version >= 3.15.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: okhowang(王沛文) --- 3rdparty/everest/CMakeLists.txt | 2 +- CMakeLists.txt | 19 +++++++++++++++---- ChangeLog.d/use-find-python3-cmake.txt | 2 ++ programs/psa/CMakeLists.txt | 2 +- tests/CMakeLists.txt | 7 +++---- 5 files changed, 22 insertions(+), 10 deletions(-) create mode 100644 ChangeLog.d/use-find-python3-cmake.txt diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index 782c0c563..c27a8e5ee 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -10,7 +10,7 @@ set(everest_src list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) -execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) +execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) if(${result} EQUAL 0) diff --git a/CMakeLists.txt b/CMakeLists.txt index c84194c63..1f675c1ee 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -51,18 +51,29 @@ set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}" "${WARNING_BORDER}") # Python 3 is only needed here to check for configuration warnings. -find_package(PythonInterp 3) -if(PYTHONINTERP_FOUND) +if(NOT CMAKE_VERSION VERSION_LESS 3.15.0) + set(Python3_FIND_STRATEGY LOCATION) + find_package(Python3 COMPONENTS Interpreter) + if(Python3_Interpreter_FOUND) + set(MBEDTLS_PYTHON_EXECUTABLE ${Python3_EXECUTABLE}) + endif() +else() + find_package(PythonInterp 3) + if(PYTHONINTERP_FOUND) + set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE}) + endif() +endif() +if(MBEDTLS_PYTHON_EXECUTABLE) # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY RESULT_VARIABLE result) if(${result} EQUAL 0) message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) endif() # If NULL Entropy is configured, display an appropriate warning - execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY + execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY RESULT_VARIABLE result) if(${result} EQUAL 0) message(WARNING ${NULL_ENTROPY_WARNING}) diff --git a/ChangeLog.d/use-find-python3-cmake.txt b/ChangeLog.d/use-find-python3-cmake.txt new file mode 100644 index 000000000..36a5171ee --- /dev/null +++ b/ChangeLog.d/use-find-python3-cmake.txt @@ -0,0 +1,2 @@ +Changes + * Use FindPython3 when cmake version >= 3.15.0 diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index 201f987c7..4373cebc8 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -10,7 +10,7 @@ target_link_libraries(psa_constant_names mbedtls) add_custom_target( psa_constant_names_generated - COMMAND ${PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR} + COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR} WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../ ) add_dependencies(psa_constant_names psa_constant_names_generated) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 14a7b7e94..bd5ed8328 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -17,9 +17,8 @@ if(ENABLE_ZLIB_SUPPORT) set(libs ${libs} ${ZLIB_LIBRARIES}) endif(ENABLE_ZLIB_SUPPORT) -find_package(PythonInterp) -if(NOT PYTHONINTERP_FOUND) - message(FATAL_ERROR "Cannot build test suites without Python 2 or 3") +if(NOT MBEDTLS_PYTHON_EXECUTABLE) + message(FATAL_ERROR "Cannot build test suites without Python 3") endif() # Enable definition of various functions used throughout the testsuite @@ -43,7 +42,7 @@ function(add_test_suite suite_name) add_custom_command( OUTPUT test_suite_${data_name}.c - COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o . + COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o . DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) From 25705e6757cfa052d007c7dede8c16577206f283 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 10 Jun 2020 09:18:25 +0200 Subject: [PATCH 133/247] Fix typo in a comment Co-authored-by: Janos Follath --- library/ecp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ecp.c b/library/ecp.c index 6c856dc3d..13408799e 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -131,7 +131,7 @@ static unsigned long add_count, dbl_count, mul_count; #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) /* * Currently ecp_mul() takes a RNG function as an argument, used for - * side-channel protection, but it can be NULL. The initial reasonning was + * side-channel protection, but it can be NULL. The initial reasoning was * that people will pass non-NULL RNG when they care about side-channels, but * unfortunately we have some APIs that call ecp_mul() with a NULL RNG, with * no opportunity for the user to do anything about it. From 02c78b78259a62e65f6b3fd25f342cf6d8ce2c03 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 27 May 2020 09:22:32 +0200 Subject: [PATCH 134/247] tests: Create an include folder Create an include folder dedicated to include files for tests. With the upcoming work on tests for PSA crypto drivers the number of includes specific to tests is going to increase significantly thus create a dedicated folder. Don't put the include files in the include folder but in include/test folder. This way test headers can be included using a test/* path pattern as mbedtls and psa headers are included using an mbedtls/* and psa/* path pattern. This makes explicit the scope of the test headers. Move the existing includes for tests into include/test and update the code and build systems (make and cmake) accordingly. Signed-off-by: Ronald Cron --- tests/.gitignore | 2 +- tests/CMakeLists.txt | 2 +- tests/Makefile | 14 +++++++------- tests/{ => include/test}/psa_crypto_helpers.h | 2 +- tests/{ => include/test}/psa_helpers.h | 0 tests/suites/test_suite_cipher.function | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_psa_crypto.function | 2 +- .../suites/test_suite_psa_crypto_entropy.function | 2 +- tests/suites/test_suite_psa_crypto_hash.function | 2 +- tests/suites/test_suite_psa_crypto_init.function | 2 +- .../test_suite_psa_crypto_persistent_key.function | 2 +- .../test_suite_psa_crypto_se_driver_hal.function | 2 +- ...t_suite_psa_crypto_se_driver_hal_mocks.function | 2 +- .../test_suite_psa_crypto_slot_management.function | 2 +- tests/suites/test_suite_psa_its.function | 2 +- 16 files changed, 21 insertions(+), 21 deletions(-) rename tests/{ => include/test}/psa_crypto_helpers.h (99%) rename tests/{ => include/test}/psa_helpers.h (100%) diff --git a/tests/.gitignore b/tests/.gitignore index fbbd0dfe2..805287eb2 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -8,4 +8,4 @@ data_files/hmac_drbg_seed data_files/ctr_drbg_seed data_files/entropy_seed -/instrument_record_status.h +include/test/instrument_record_status.h diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index bd5ed8328..cc5a9c67d 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -46,7 +46,7 @@ function(add_test_suite suite_name) DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) - include_directories(${CMAKE_CURRENT_SOURCE_DIR}) + include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include) add_executable(test_suite_${data_name} test_suite_${data_name}.c) target_link_libraries(test_suite_${data_name} ${libs}) if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX}) diff --git a/tests/Makefile b/tests/Makefile index e74bf9548..e027e127c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,7 +6,7 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -I../library -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I./include -I../include -I../library -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = -L../library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ @@ -110,9 +110,9 @@ $(BINARIES): %$(EXEXT): %.c $(DEP) $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ # Some test suites require additional header files. -$(filter test_suite_psa_crypto%, $(BINARIES)): psa_crypto_helpers.h +$(filter test_suite_psa_crypto%, $(BINARIES)): include/test/psa_crypto_helpers.h $(addprefix embedded_,$(filter test_suite_psa_crypto%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_crypto_helpers.h -$(filter test_suite_psa_%, $(BINARIES)): psa_helpers.h +$(filter test_suite_psa_%, $(BINARIES)): include/test/psa_helpers.h $(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_helpers.h clean: @@ -152,7 +152,7 @@ $(EMBEDDED_TESTS): embedded_%: suites/$$(firstword $$(subst ., ,$$*)).function s generate-target-tests: $(EMBEDDED_TESTS) define copy_header_to_target -TESTS/mbedtls/$(1)/$(2): $(2) +TESTS/mbedtls/$(1)/$(2): include/test/$(2) echo " Copy ./$$@" ifndef WINDOWS mkdir -p $$(@D) @@ -163,11 +163,11 @@ else endif endef -$(foreach app, $(APPS), $(foreach file, $(wildcard *.h), \ +$(foreach app, $(APPS), $(foreach file, $(notdir $(wildcard include/test/*.h)), \ $(eval $(call copy_header_to_target,$(app),$(file))))) ifdef RECORD_PSA_STATUS_COVERAGE_LOG -$(BINARIES): instrument_record_status.h -instrument_record_status.h: ../include/psa/crypto.h Makefile +$(BINARIES): include/test/instrument_record_status.h +include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' endif diff --git a/tests/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h similarity index 99% rename from tests/psa_crypto_helpers.h rename to tests/include/test/psa_crypto_helpers.h index 19303de57..1dd608433 100644 --- a/tests/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -22,7 +22,7 @@ #ifndef PSA_CRYPTO_HELPERS_H #define PSA_CRYPTO_HELPERS_H -#include "psa_helpers.h" +#include "test/psa_helpers.h" #include diff --git a/tests/psa_helpers.h b/tests/include/test/psa_helpers.h similarity index 100% rename from tests/psa_helpers.h rename to tests/include/test/psa_helpers.h diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 8405f69c7..783407314 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -10,7 +10,7 @@ #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #endif /* END_HEADER */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index d88ca5454..a67cb4564 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -17,7 +17,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) ) #else /* Define empty macros so that we can use them in the preamble and teardown diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index bc95f6fb0..ae4045c74 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9,7 +9,7 @@ * uses mbedtls_ctr_drbg internally. */ #include "mbedtls/ctr_drbg.h" -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" /* Tests that require more than 128kB of RAM plus change have this symbol * as a dependency. Currently we always define this symbol, so the tests diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function index 8538d6d8d..66c241e5e 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tests/suites/test_suite_psa_crypto_entropy.function @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #if defined(MBEDTLS_PSA_ITS_FILE_C) #include #else diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index d50ff5ad2..6c577c06a 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -2,7 +2,7 @@ #include -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" /* END_HEADER */ diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index 3283ac9f6..fd4ff21fc 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -1,7 +1,7 @@ /* BEGIN_HEADER */ #include -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" /* Some tests in this module configure entropy sources. */ #include "psa_crypto_invasive.h" diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index e2d87efd8..49ce964fb 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -9,7 +9,7 @@ #include -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #include "psa_crypto_storage.h" #include "mbedtls/md.h" diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index f95f7e526..9f44b884b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -1,5 +1,5 @@ /* BEGIN_HEADER */ -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #include "psa/crypto_se_driver.h" #include "psa_crypto_se.h" diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index f6acb0727..ef50a6814 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -1,5 +1,5 @@ /* BEGIN_HEADER */ -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #include "psa/crypto_se_driver.h" #include "psa_crypto_se.h" diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 4c824f7de..a9c7f0459 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -1,7 +1,7 @@ /* BEGIN_HEADER */ #include -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #include "psa_crypto_storage.h" typedef enum diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index 04a735a29..b6cc488a6 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -7,7 +7,7 @@ #include "../library/psa_crypto_its.h" -#include "psa_helpers.h" +#include "test/psa_helpers.h" /* Internal definitions of the implementation, copied for the sake of * some of the tests and of the cleanup code. */ From f91c495379dc96845f14da5815e202a8084bde29 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 27 May 2020 16:22:17 +0200 Subject: [PATCH 135/247] tests: helpers: Update static qualifiers In preparation of moving the content of helpers.function to its own compilation unit, remove/add static qualifiers where appropriate. Signed-off-by: Ronald Cron --- tests/suites/helpers.function | 10 +++++----- tests/suites/test_suite_pk.function | 2 -- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index f38502f55..5ed37da09 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -449,7 +449,7 @@ test_info_t; static test_info_t test_info; #if defined(MBEDTLS_PLATFORM_C) -mbedtls_platform_context platform_ctx; +static mbedtls_platform_context platform_ctx; #endif #if defined(MBEDTLS_CHECK_PARAMS) @@ -504,7 +504,7 @@ void test_skip( const char *test, int line_no, const char* filename ) test_info.filename = filename; } -static int platform_setup() +int platform_setup() { int ret = 0; #if defined(MBEDTLS_PLATFORM_C) @@ -513,7 +513,7 @@ static int platform_setup() return( ret ); } -static void platform_teardown() +void platform_teardown() { #if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_teardown( &platform_ctx ); @@ -652,7 +652,7 @@ void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) * * For convenience, dies if allocation fails. */ -static unsigned char *zero_alloc( size_t len ) +unsigned char *zero_alloc( size_t len ) { void *p; size_t actual_len = ( len != 0 ) ? len : 1; @@ -701,7 +701,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) * * rng_state shall be NULL. */ -static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) +int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) { #if !defined(__OpenBSD__) size_t i; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index a67cb4564..88f8e3bab 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -27,8 +27,6 @@ #define PSA_DONE( ) ( (void) 0 ) #endif -static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); - #define RSA_KEY_SIZE 512 #define RSA_KEY_LEN 64 From 4b8b199eada218a292f7a2b5bda9a25faedc3fde Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 13:52:23 +0200 Subject: [PATCH 136/247] tests: Add macros.h include file Just adding an empty file. The purpose of this header file is to contain the definition of generic macros used for the purpose of testing. Signed-off-by: Ronald Cron --- tests/include/test/macros.h | 34 ++++++++++++++++++++++++++++++++++ tests/suites/helpers.function | 2 ++ 2 files changed, 36 insertions(+) create mode 100644 tests/include/test/macros.h diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h new file mode 100644 index 000000000..dc99bdca2 --- /dev/null +++ b/tests/include/test/macros.h @@ -0,0 +1,34 @@ +/** + * \file macros.h + * + * \brief This file contains generic macros for the purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_MACROS_H +#define TEST_MACROS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#endif /* TEST_MACROS_H */ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 5ed37da09..fe398e218 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -2,6 +2,8 @@ /*----------------------------------------------------------------------------*/ /* Headers */ +#include + #include #if defined(MBEDTLS_PLATFORM_C) From 849930a50e41e9ed6609e7fa6c86fc0840a54656 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Jun 2020 08:06:47 +0200 Subject: [PATCH 137/247] tests: Move generic macros to macros.h Move generic macros from helpers.function to macros.h. Signed-off-by: Ronald Cron --- tests/include/test/macros.h | 103 ++++++++++++++++++++++++++++++++++ tests/suites/helpers.function | 83 --------------------------- 2 files changed, 103 insertions(+), 83 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index dc99bdca2..25f831208 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -31,4 +31,107 @@ #include MBEDTLS_CONFIG_FILE #endif +#include + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_fprintf fprintf +#define mbedtls_snprintf snprintf +#define mbedtls_calloc calloc +#define mbedtls_free free +#define mbedtls_exit exit +#define mbedtls_time time +#define mbedtls_time_t time_t +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#include "mbedtls/memory_buffer_alloc.h" +#endif + +#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ +{ \ + mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ + __FILE__, __LINE__, #a ); \ + mbedtls_exit( 1 ); \ +} + +#if defined(__GNUC__) +/* Test if arg and &(arg)[0] have the same type. This is true if arg is + * an array but not if it's a pointer. */ +#define IS_ARRAY_NOT_POINTER( arg ) \ + ( ! __builtin_types_compatible_p( __typeof__( arg ), \ + __typeof__( &( arg )[0] ) ) ) +#else +/* On platforms where we don't know how to implement this check, + * omit it. Oh well, a non-portable check is better than nothing. */ +#define IS_ARRAY_NOT_POINTER( arg ) 1 +#endif + +/* A compile-time constant with the value 0. If `const_expr` is not a + * compile-time constant with a nonzero value, cause a compile-time error. */ +#define STATIC_ASSERT_EXPR( const_expr ) \ + ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) +/* Return the scalar value `value` (possibly promoted). This is a compile-time + * constant if `value` is. `condition` must be a compile-time constant. + * If `condition` is false, arrange to cause a compile-time error. */ +#define STATIC_ASSERT_THEN_RETURN( condition, value ) \ + ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) + +#define ARRAY_LENGTH_UNSAFE( array ) \ + ( sizeof( array ) / sizeof( *( array ) ) ) +/** Return the number of elements of a static or stack array. + * + * \param array A value of array (not pointer) type. + * + * \return The number of elements of the array. + */ +#define ARRAY_LENGTH( array ) \ + ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ + ARRAY_LENGTH_UNSAFE( array ) ) ) + +/** Return the smaller of two values. + * + * \param x An integer-valued expression without side effects. + * \param y An integer-valued expression without side effects. + * + * \return The smaller of \p x and \p y. + */ +#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) ) + +/** Return the larger of two values. + * + * \param x An integer-valued expression without side effects. + * \param y An integer-valued expression without side effects. + * + * \return The larger of \p x and \p y. + */ +#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) ) + +/* + * 32-bit integer manipulation macros (big endian) + */ +#ifndef GET_UINT32_BE +#define GET_UINT32_BE(n,b,i) \ +{ \ + (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ + | ( (uint32_t) (b)[(i) + 1] << 16 ) \ + | ( (uint32_t) (b)[(i) + 2] << 8 ) \ + | ( (uint32_t) (b)[(i) + 3] ); \ +} +#endif + +#ifndef PUT_UINT32_BE +#define PUT_UINT32_BE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) ); \ +} +#endif + #endif /* TEST_MACROS_H */ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index fe398e218..fa23d3362 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -313,65 +313,6 @@ typedef enum #define TEST_VALID_PARAM( TEST ) \ TEST_ASSERT( ( TEST, 1 ) ); -#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ -{ \ - mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ - __FILE__, __LINE__, #a ); \ - mbedtls_exit( 1 ); \ -} - -#if defined(__GNUC__) -/* Test if arg and &(arg)[0] have the same type. This is true if arg is - * an array but not if it's a pointer. */ -#define IS_ARRAY_NOT_POINTER( arg ) \ - ( ! __builtin_types_compatible_p( __typeof__( arg ), \ - __typeof__( &( arg )[0] ) ) ) -#else -/* On platforms where we don't know how to implement this check, - * omit it. Oh well, a non-portable check is better than nothing. */ -#define IS_ARRAY_NOT_POINTER( arg ) 1 -#endif - -/* A compile-time constant with the value 0. If `const_expr` is not a - * compile-time constant with a nonzero value, cause a compile-time error. */ -#define STATIC_ASSERT_EXPR( const_expr ) \ - ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) -/* Return the scalar value `value` (possibly promoted). This is a compile-time - * constant if `value` is. `condition` must be a compile-time constant. - * If `condition` is false, arrange to cause a compile-time error. */ -#define STATIC_ASSERT_THEN_RETURN( condition, value ) \ - ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) - -#define ARRAY_LENGTH_UNSAFE( array ) \ - ( sizeof( array ) / sizeof( *( array ) ) ) -/** Return the number of elements of a static or stack array. - * - * \param array A value of array (not pointer) type. - * - * \return The number of elements of the array. - */ -#define ARRAY_LENGTH( array ) \ - ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ - ARRAY_LENGTH_UNSAFE( array ) ) ) - -/** Return the smaller of two values. - * - * \param x An integer-valued expression without side effects. - * \param y An integer-valued expression without side effects. - * - * \return The smaller of \p x and \p y. - */ -#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) ) - -/** Return the larger of two values. - * - * \param x An integer-valued expression without side effects. - * \param y An integer-valued expression without side effects. - * - * \return The larger of \p x and \p y. - */ -#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) ) - /** Allocate memory dynamically and fail the test case if this fails. * * You must set \p pointer to \c NULL before calling this macro and @@ -404,30 +345,6 @@ typedef enum } \ while( 0 ) -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - - /*----------------------------------------------------------------------------*/ /* Global variables */ From 5ee570752184d16d4a6ed340c040c6e5fcd6520f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 11 Jun 2020 09:34:06 +0200 Subject: [PATCH 138/247] ssl_client: Align line breaking with MBEDTLS_SSL_DEBUG_* Signed-off-by: Ronald Cron --- library/ssl_cli.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 118bc900c..48ef30de2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1367,8 +1367,8 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, { if( len != 1 || buf[0] != 0x00 ) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ( "non-zero length renegotiation info" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-zero length renegotiation info" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, @@ -3761,8 +3761,8 @@ ecdh_calc_secret: ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ( "skip PMS generation for opaque PSK" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "skip PMS generation for opaque PSK" ) ); } else #endif /* MBEDTLS_USE_PSA_CRYPTO && @@ -3770,8 +3770,8 @@ ecdh_calc_secret: if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, ciphersuite_info->key_exchange ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_psk_derive_premaster", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_psk_derive_premaster", ret ); return( ret ); } } From b7b35e125b579113821afef4a66af47aad323b3d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 11 Jun 2020 09:50:51 +0200 Subject: [PATCH 139/247] Align with check-like function return value convention By convention, in the project, functions that have a check or similar in the name return 0 if the check succeeds, non-zero otherwise. Align with this for mbedtls_ssl_chk_buf_ptr(). Signed-off-by: Ronald Cron --- include/mbedtls/ssl_internal.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 1a3102a2c..0460357f1 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -313,13 +313,13 @@ static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context * * \param end Pointer to one past the end of the buffer. * \param need Needed space in bytes. * - * \return Non-zero if the needed space is available in the buffer, 0 + * \return Zero if the needed space is available in the buffer, non-zero * otherwise. */ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, const uint8_t *end, size_t need ) { - return( cur <= end && need <= (size_t)( end - cur ) ); + return( ( cur > end ) || ( need > (size_t)( end - cur ) ) ); } /** @@ -334,7 +334,7 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, */ #define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \ do { \ - if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) == 0 ) \ + if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \ { \ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \ } \ From 0b01fd9b6722d13afa35c8ce07ff65bbe9c0f33b Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 12:29:15 +0100 Subject: [PATCH 140/247] net_sockets: Fix building on NetBSD 9.0 Fixes #2310 Signed-off-by: nia --- library/net_sockets.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 8258aea73..b26e85818 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -23,6 +23,7 @@ * be set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ #define _POSIX_C_SOURCE 200112L +#define _XOPEN_SOURCE 600 /* sockaddr_storage */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -322,7 +323,8 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, struct sockaddr_storage client_addr; #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ - defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) + defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ + defined(socklen_t) socklen_t n = (socklen_t) sizeof( client_addr ); socklen_t type_len = (socklen_t) sizeof( type ); #else From 7eb0e62f6414897ac9b3b7561de729405d803f60 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 12:30:12 +0100 Subject: [PATCH 141/247] ssl_mail_client: Define _XOPEN_SOURCE=600 for gethostname Fixes building this program on NetBSD 9.0. Signed-off-by: nia --- programs/ssl/ssl_mail_client.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 08ff02595..b7458cd21 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -23,6 +23,7 @@ * be set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ #define _POSIX_C_SOURCE 200112L +#define _XOPEN_SOURCE 600 #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" From 508e21ccfdd7107303bce9bcbbc093a0d2c65006 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 13:55:07 +0100 Subject: [PATCH 142/247] Add ChangeLog.d entry for #3422 Signed-off-by: nia --- ChangeLog.d/bugfix_PR3422.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/bugfix_PR3422.txt diff --git a/ChangeLog.d/bugfix_PR3422.txt b/ChangeLog.d/bugfix_PR3422.txt new file mode 100644 index 000000000..dfe152c36 --- /dev/null +++ b/ChangeLog.d/bugfix_PR3422.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix building library/net_sockets.c and the ssl_mail_client program on NetBSD. Contributed by Nia Alarie in #3422. From 9f5312cc4ec704d4a58df52b00987109ac327af0 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 13:32:13 +0100 Subject: [PATCH 143/247] entropy: Add support for BSD sysctl(KERN_ARND) This is basically the same as reading from /dev/urandom on supported systems, only it has a limit of 256 bytes per call, and does not require an open file descriptor (so it can be used in chroots, when resource limits are in place, or are otherwise exhausted). It's functionally equivalent to the comparable function getentropy(), but has been around for longer. It's actually used to implement getentropy in FreeBSD's libc. Discussions about adding getrandom or getentropy to NetBSD are still ongoing. It's present in all supported versions of FreeBSD and NetBSD. It's not present in DragonFly or OpenBSD. Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7 Comparable code in OpenSSL: https://github.com/openssl/openssl/blob/ddec332f329a432a45c0131d83f3bfb46114532b/crypto/rand/rand_unix.c#L208 Signed-off-by: nia --- library/entropy_poll.c | 45 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 8b4a5af9e..203034eb4 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -115,6 +115,41 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #endif /* SYS_getrandom */ #endif /* __linux__ || __midipix__ */ +/* + * Some BSD systems provide KERN_ARND. + * This is equivalent to reading from /dev/urandom, only it doesn't require an + * open file descriptor, and provides up to 256 bytes per call (basically the + * same as getentropy(), but with a longer history). + * + * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7 + */ +#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM) +#include +#include +#if defined(KERN_ARND) +#define HAVE_SYSCTL_ARND + +static int sysctl_wrapper ( void *buf, size_t buflen ) +{ + int name[2]; + size_t len; + + name[0] = CTL_KERN; + name[1] = KERN_ARND; + + while( buflen > 0 ) + { + len = buflen > 256 ? 256 : buflen; + if( sysctl(name, 2, buf, &len, NULL, 0) == -1 ) + return( -1 ); + buflen -= len; + buf += len; + } + return( 0 ); +} +#endif /* KERN_ARND */ +#endif /* __FreeBSD__ || __NetBSD__ */ + #include int mbedtls_platform_entropy_poll( void *data, @@ -139,6 +174,15 @@ int mbedtls_platform_entropy_poll( void *data, ((void) ret); #endif /* HAVE_GETRANDOM */ +#if defined(HAVE_SYSCTL_ARND) + ((void) file); + ((void) read_len); + if( sysctl_wrapper( output, len ) == -1 ) + return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + *olen = len; + return( 0 ); +#else + *olen = 0; file = fopen( "/dev/urandom", "rb" ); @@ -156,6 +200,7 @@ int mbedtls_platform_entropy_poll( void *data, *olen = len; return( 0 ); +#endif /* HAVE_SYSCTL_ARND */ } #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ From 6777dcb16f99ea0b7944eef3137683dd41e00854 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 14:01:07 +0100 Subject: [PATCH 144/247] Add ChangeLog.d entry for kern.arandom support. Signed-off-by: nia --- ChangeLog.d/sysctl-arnd-support.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/sysctl-arnd-support.txt diff --git a/ChangeLog.d/sysctl-arnd-support.txt b/ChangeLog.d/sysctl-arnd-support.txt new file mode 100644 index 000000000..14ad67412 --- /dev/null +++ b/ChangeLog.d/sysctl-arnd-support.txt @@ -0,0 +1,2 @@ +Features + * Added support to entropy_poll for the kern.arandom syscall supported on some BSD systems. Contributed by Nia Alarie in #3423. From 1c0c837ddc997fab9dd4480d52a06576a6c1fff0 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 12:03:45 +0100 Subject: [PATCH 145/247] Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99. Strict platforms cannot be expected to accept C99 code as valid when earlier standards versions are selected. This helps the programs build on Solaris-like platforms (e.g. illumos). Fixes #3420 Signed-off-by: nia --- programs/aes/aescrypt2.c | 2 +- programs/aes/crypt_and_hash.c | 2 +- tests/suites/main_test.function | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index f17c641b0..b0c1feaff 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -22,7 +22,7 @@ /* Enable definition of fileno() even when compiling with -std=c99. Must be * set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ -#define _POSIX_C_SOURCE 1 +#define _POSIX_C_SOURCE 200112L #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 1e03d43ae..5c7048045 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -23,7 +23,7 @@ /* Enable definition of fileno() even when compiling with -std=c99. Must be * set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ -#define _POSIX_C_SOURCE 1 +#define _POSIX_C_SOURCE 200112L #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ff4cf2015..e56191a4c 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -21,7 +21,7 @@ #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) #if !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 1 // for fileno() from +#define _POSIX_C_SOURCE 200112L // for fileno() from #endif #endif From ecef1ddd5be76b0b5a4571d0db5440915c55a4e0 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 18:43:48 +0100 Subject: [PATCH 146/247] Add ChangeLog.d entry for PR3421 Signed-off-by: nia --- ChangeLog.d/bugfix_PR3421.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/bugfix_PR3421.txt diff --git a/ChangeLog.d/bugfix_PR3421.txt b/ChangeLog.d/bugfix_PR3421.txt new file mode 100644 index 000000000..b52dee00f --- /dev/null +++ b/ChangeLog.d/bugfix_PR3421.txt @@ -0,0 +1,2 @@ +Bugfix + * Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and fix submitted in #3421 by Nia Alarie. From 6f1eda710ccc8e1e954dd072d4cd074ee804163b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 11 Jun 2020 20:22:00 +0100 Subject: [PATCH 147/247] Fix for resource leak in test_suite_ssl Fix for coverity bugs 349041, 349052 Allocated pointers could potentially be leaked in the case of errors. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ssl.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9d16a573b..f9bb52085 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1179,6 +1179,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, size_t keylen, maclen, ivlen; unsigned char *key0 = NULL, *key1 = NULL; + unsigned char *md0 = NULL, *md1 = NULL; unsigned char iv_enc[16], iv_dec[16]; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1245,7 +1246,6 @@ static int build_transforms( mbedtls_ssl_transform *t_in, cipher_info->mode == MBEDTLS_MODE_STREAM ) { mbedtls_md_info_t const *md_info; - unsigned char *md0, *md1; /* Pick hash */ md_info = mbedtls_md_info_from_type( hash_id ); @@ -1283,9 +1283,6 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memcpy( &t_out->mac_dec, md0, maclen ); } #endif - - mbedtls_free( md0 ); - mbedtls_free( md1 ); } #else ((void) hash_id); @@ -1417,6 +1414,9 @@ cleanup: mbedtls_free( key0 ); mbedtls_free( key1 ); + mbedtls_free( md0 ); + mbedtls_free( md1 ); + return( ret ); } From b6d6d4c61ababab68a396b5fa1f4c8908811520b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Jun 2020 10:11:18 +0200 Subject: [PATCH 148/247] tests: Add helpers.c and helpers.h files The purpose of helpers.c file is to contain the helper functions that have been in helpers.function so far and that are not related to the mechanism of unit test execution and not related to random number generation (will be moved in a dedicated file). The purpose of helpers.h is to contain the interface exposed by helpers.c thus helper function prototypes. Make the changes in the build systems (make and cmake) to build helpers.c and link it to test executables along with mbedtls library. Signed-off-by: Ronald Cron --- tests/.gitignore | 3 +++ tests/CMakeLists.txt | 8 ++++++-- tests/Makefile | 20 +++++++++++++++----- tests/include/test/helpers.h | 35 +++++++++++++++++++++++++++++++++++ tests/src/helpers.c | 19 +++++++++++++++++++ tests/suites/helpers.function | 1 + 6 files changed, 79 insertions(+), 7 deletions(-) create mode 100644 tests/include/test/helpers.h create mode 100644 tests/src/helpers.c diff --git a/tests/.gitignore b/tests/.gitignore index 805287eb2..d49611c1e 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -9,3 +9,6 @@ data_files/ctr_drbg_seed data_files/entropy_seed include/test/instrument_record_status.h + +src/*.o +src/libmbed* diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index cc5a9c67d..39a7a2cd0 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -46,9 +46,9 @@ function(add_test_suite suite_name) DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) - include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include) - add_executable(test_suite_${data_name} test_suite_${data_name}.c) + add_executable(test_suite_${data_name} test_suite_${data_name}.c $) target_link_libraries(test_suite_${data_name} ${libs}) + target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include) if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX}) message(STATUS "The test suite ${data_name} will not be executed.") else() @@ -66,6 +66,10 @@ if(MSVC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) +file(GLOB MBEDTESTS_FILES ${CMAKE_CURRENT_SOURCE_DIR}/src/*.c) +add_library(mbedtests OBJECT ${MBEDTESTS_FILES}) +target_include_directories(mbedtests PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include) + add_test_suite(aes aes.cbc) add_test_suite(aes aes.cfb) add_test_suite(aes aes.ecb) diff --git a/tests/Makefile b/tests/Makefile index e027e127c..6f3179cff 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -21,9 +21,9 @@ LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L ifndef SHARED -DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a else -DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) endif ifdef DEBUG @@ -74,9 +74,16 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) all: $(BINARIES) -$(DEP): +$(MBEDLIBS): $(MAKE) -C ../library +MBEDTESTS_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c)) + +# Rule to compile common test C files in src folder +src/%.o : src/%.c + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< + C_FILES := $(addsuffix .c,$(APPS)) # Wildcard target for test code generation: @@ -105,9 +112,9 @@ C_FILES := $(addsuffix .c,$(APPS)) -o . -$(BINARIES): %$(EXEXT): %.c $(DEP) +$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(MBEDTESTS_OBJS) echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(MBEDTESTS_OBJS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ # Some test suites require additional header files. $(filter test_suite_psa_crypto%, $(BINARIES)): include/test/psa_crypto_helpers.h @@ -118,10 +125,13 @@ $(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mb clean: ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax TESTS + rm -f src/*.o src/libmbed* else if exist *.c del /Q /F *.c if exist *.exe del /Q /F *.exe if exist *.datax del /Q /F *.datax + if exist src/*.o del /Q /F src/*.o + if exist src/libmbed* del /Q /F src/libmed* ifneq ($(wildcard TESTS/.*),) rmdir /Q /S TESTS endif diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h new file mode 100644 index 000000000..289f04a84 --- /dev/null +++ b/tests/include/test/helpers.h @@ -0,0 +1,35 @@ +/** + * \file helpers.h + * + * \brief This file contains the prototypes of helper functions for the + * purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_HELPERS_H +#define TEST_HELPERS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#endif /* TEST_HELPERS_H */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c new file mode 100644 index 000000000..2258e554a --- /dev/null +++ b/tests/src/helpers.c @@ -0,0 +1,19 @@ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index fa23d3362..445c5c9a5 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -3,6 +3,7 @@ /* Headers */ #include +#include #include From f40529d5f4f9d87d69b4896493814fd2329b32ac Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 16:27:37 +0200 Subject: [PATCH 149/247] tests: Move generic helper functions Move generic helper functions from helpers.functions to helpers.c Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 47 +++++++++++ tests/src/helpers.c | 129 ++++++++++++++++++++++++++++++ tests/suites/helpers.function | 144 ---------------------------------- 3 files changed, 176 insertions(+), 144 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 289f04a84..9194ada68 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -32,4 +32,51 @@ #include MBEDTLS_CONFIG_FILE #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_fprintf fprintf +#define mbedtls_snprintf snprintf +#define mbedtls_calloc calloc +#define mbedtls_free free +#define mbedtls_exit exit +#define mbedtls_time time +#define mbedtls_time_t time_t +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + +#include +#include + +int platform_setup( void ); +void platform_teardown( void ); + +int unhexify( unsigned char *obuf, const char *ibuf ); +void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); + +/** + * Allocate and zeroize a buffer. + * + * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. + * + * For convenience, dies if allocation fails. + */ +unsigned char *zero_alloc( size_t len ); + +/** + * Allocate and fill a buffer from hex data. + * + * The buffer is sized exactly as needed. This allows to detect buffer + * overruns (including overreads) when running the test suite under valgrind. + * + * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. + * + * For convenience, dies if allocation fails. + */ +unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ); + +int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); + #endif /* TEST_HELPERS_H */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 2258e554a..b5ca1f8c1 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -17,3 +17,132 @@ */ #include +#include +#include + +#if defined(MBEDTLS_PLATFORM_C) +static mbedtls_platform_context platform_ctx; +#endif + +int platform_setup( void ) +{ + int ret = 0; +#if defined(MBEDTLS_PLATFORM_C) + ret = mbedtls_platform_setup( &platform_ctx ); +#endif /* MBEDTLS_PLATFORM_C */ + return( ret ); +} + +void platform_teardown( void ) +{ +#if defined(MBEDTLS_PLATFORM_C) + mbedtls_platform_teardown( &platform_ctx ); +#endif /* MBEDTLS_PLATFORM_C */ +} + +int unhexify( unsigned char *obuf, const char *ibuf ) +{ + unsigned char c, c2; + int len = strlen( ibuf ) / 2; + TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ + + while( *ibuf != 0 ) + { + c = *ibuf++; + if( c >= '0' && c <= '9' ) + c -= '0'; + else if( c >= 'a' && c <= 'f' ) + c -= 'a' - 10; + else if( c >= 'A' && c <= 'F' ) + c -= 'A' - 10; + else + TEST_HELPER_ASSERT( 0 ); + + c2 = *ibuf++; + if( c2 >= '0' && c2 <= '9' ) + c2 -= '0'; + else if( c2 >= 'a' && c2 <= 'f' ) + c2 -= 'a' - 10; + else if( c2 >= 'A' && c2 <= 'F' ) + c2 -= 'A' - 10; + else + TEST_HELPER_ASSERT( 0 ); + + *obuf++ = ( c << 4 ) | c2; + } + + return len; +} + +void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) +{ + unsigned char l, h; + + while( len != 0 ) + { + h = *ibuf / 16; + l = *ibuf % 16; + + if( h < 10 ) + *obuf++ = '0' + h; + else + *obuf++ = 'a' + h - 10; + + if( l < 10 ) + *obuf++ = '0' + l; + else + *obuf++ = 'a' + l - 10; + + ++ibuf; + len--; + } +} + +unsigned char *zero_alloc( size_t len ) +{ + void *p; + size_t actual_len = ( len != 0 ) ? len : 1; + + p = mbedtls_calloc( 1, actual_len ); + TEST_HELPER_ASSERT( p != NULL ); + + memset( p, 0x00, actual_len ); + + return( p ); +} + +unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) +{ + unsigned char *obuf; + + *olen = strlen( ibuf ) / 2; + + if( *olen == 0 ) + return( zero_alloc( *olen ) ); + + obuf = mbedtls_calloc( 1, *olen ); + TEST_HELPER_ASSERT( obuf != NULL ); + + (void) unhexify( obuf, ibuf ); + + return( obuf ); +} + +int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) +{ + int ret = 0; + uint32_t i = 0; + + if( a_len != b_len ) + return( -1 ); + + for( i = 0; i < a_len; i++ ) + { + if( a[i] != b[i] ) + { + ret = -1; + break; + } + } + return ret; +} diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 445c5c9a5..2d1e38c23 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -368,10 +368,6 @@ typedef struct test_info_t; static test_info_t test_info; -#if defined(MBEDTLS_PLATFORM_C) -static mbedtls_platform_context platform_ctx; -#endif - #if defined(MBEDTLS_CHECK_PARAMS) jmp_buf param_fail_jmp; jmp_buf jmp_tmp; @@ -424,22 +420,6 @@ void test_skip( const char *test, int line_no, const char* filename ) test_info.filename = filename; } -int platform_setup() -{ - int ret = 0; -#if defined(MBEDTLS_PLATFORM_C) - ret = mbedtls_platform_setup( &platform_ctx ); -#endif /* MBEDTLS_PLATFORM_C */ - return( ret ); -} - -void platform_teardown() -{ -#if defined(MBEDTLS_PLATFORM_C) - mbedtls_platform_teardown( &platform_ctx ); -#endif /* MBEDTLS_PLATFORM_C */ -} - #if defined(MBEDTLS_CHECK_PARAMS) void mbedtls_param_failed( const char *failure_condition, const char *file, @@ -507,111 +487,6 @@ static void close_output( FILE* out_stream ) } #endif /* __unix__ || __APPLE__ __MACH__ */ -int unhexify( unsigned char *obuf, const char *ibuf ) -{ - unsigned char c, c2; - int len = strlen( ibuf ) / 2; - TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ - - while( *ibuf != 0 ) - { - c = *ibuf++; - if( c >= '0' && c <= '9' ) - c -= '0'; - else if( c >= 'a' && c <= 'f' ) - c -= 'a' - 10; - else if( c >= 'A' && c <= 'F' ) - c -= 'A' - 10; - else - TEST_HELPER_ASSERT( 0 ); - - c2 = *ibuf++; - if( c2 >= '0' && c2 <= '9' ) - c2 -= '0'; - else if( c2 >= 'a' && c2 <= 'f' ) - c2 -= 'a' - 10; - else if( c2 >= 'A' && c2 <= 'F' ) - c2 -= 'A' - 10; - else - TEST_HELPER_ASSERT( 0 ); - - *obuf++ = ( c << 4 ) | c2; - } - - return len; -} - -void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) -{ - unsigned char l, h; - - while( len != 0 ) - { - h = *ibuf / 16; - l = *ibuf % 16; - - if( h < 10 ) - *obuf++ = '0' + h; - else - *obuf++ = 'a' + h - 10; - - if( l < 10 ) - *obuf++ = '0' + l; - else - *obuf++ = 'a' + l - 10; - - ++ibuf; - len--; - } -} - -/** - * Allocate and zeroize a buffer. - * - * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. - * - * For convenience, dies if allocation fails. - */ -unsigned char *zero_alloc( size_t len ) -{ - void *p; - size_t actual_len = ( len != 0 ) ? len : 1; - - p = mbedtls_calloc( 1, actual_len ); - TEST_HELPER_ASSERT( p != NULL ); - - memset( p, 0x00, actual_len ); - - return( p ); -} - -/** - * Allocate and fill a buffer from hex data. - * - * The buffer is sized exactly as needed. This allows to detect buffer - * overruns (including overreads) when running the test suite under valgrind. - * - * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. - * - * For convenience, dies if allocation fails. - */ -unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) -{ - unsigned char *obuf; - - *olen = strlen( ibuf ) / 2; - - if( *olen == 0 ) - return( zero_alloc( *olen ) ); - - obuf = mbedtls_calloc( 1, *olen ); - TEST_HELPER_ASSERT( obuf != NULL ); - - (void) unhexify( obuf, ibuf ); - - return( obuf ); -} - /** * This function just returns data from rand(). * Although predictable and often similar on multiple @@ -752,22 +627,3 @@ int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } - -int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) -{ - int ret = 0; - uint32_t i = 0; - - if( a_len != b_len ) - return( -1 ); - - for( i = 0; i < a_len; i++ ) - { - if( a[i] != b[i] ) - { - ret = -1; - break; - } - } - return ret; -} From b7eb67fb74e98ae4c7002bb9a37bc07911f4ee59 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 16:57:42 +0200 Subject: [PATCH 150/247] tests: Add random.c and random.h files The purpose of random.c file is to contain the helper functions to generate random numbers that have been in helpers.function so far. The purpose of random.h is to contain the interface exposed by random.c thus helper function prototypes. Signed-off-by: Ronald Cron --- tests/include/test/random.h | 35 +++++++++++++++++++++++++++++++++++ tests/src/random.c | 26 ++++++++++++++++++++++++++ tests/suites/helpers.function | 1 + 3 files changed, 62 insertions(+) create mode 100644 tests/include/test/random.h create mode 100644 tests/src/random.c diff --git a/tests/include/test/random.h b/tests/include/test/random.h new file mode 100644 index 000000000..11a353176 --- /dev/null +++ b/tests/include/test/random.h @@ -0,0 +1,35 @@ +/** + * \file random.h + * + * \brief This file contains the prototypes of helper functions to generate + * random numbers for the purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_RANDOM_H +#define TEST_RANDOM_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#endif /* TEST_RANDOM_H */ diff --git a/tests/src/random.c b/tests/src/random.c new file mode 100644 index 000000000..f80a1c471 --- /dev/null +++ b/tests/src/random.c @@ -0,0 +1,26 @@ +/** + * \file random.c + * + * \brief This file contains the helper functions to generate random numbers + * for the purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2d1e38c23..926658216 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -4,6 +4,7 @@ #include #include +#include #include From 2058d56fccc2309e8bb575912c15333593e15250 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 17:11:47 +0200 Subject: [PATCH 151/247] tests: Move random helper functions Move helper functions to generate random numbers from helpers.functions to random.c. Signed-off-by: Ronald Cron --- tests/include/test/random.h | 63 +++++++++++++++ tests/src/random.c | 91 ++++++++++++++++++++++ tests/suites/helpers.function | 141 ---------------------------------- 3 files changed, 154 insertions(+), 141 deletions(-) diff --git a/tests/include/test/random.h b/tests/include/test/random.h index 11a353176..c60803597 100644 --- a/tests/include/test/random.h +++ b/tests/include/test/random.h @@ -32,4 +32,67 @@ #include MBEDTLS_CONFIG_FILE #endif +#include +#include + +typedef struct +{ + unsigned char *buf; + size_t length; +} rnd_buf_info; + +/** + * Info structure for the pseudo random function + * + * Key should be set at the start to a test-unique value. + * Do not forget endianness! + * State( v0, v1 ) should be set to zero. + */ +typedef struct +{ + uint32_t key[16]; + uint32_t v0, v1; +} rnd_pseudo_info; + +/** + * This function just returns data from rand(). + * Although predictable and often similar on multiple + * runs, this does not result in identical random on + * each run. So do not use this if the results of a + * test depend on the random data that is generated. + * + * rng_state shall be NULL. + */ +int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); + +/** + * This function only returns zeros + * + * rng_state shall be NULL. + */ +int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); + +/** + * This function returns random based on a buffer it receives. + * + * rng_state shall be a pointer to a rnd_buf_info structure. + * + * The number of bytes released from the buffer on each call to + * the random function is specified by per_call. (Can be between + * 1 and 4) + * + * After the buffer is empty it will return rand(); + */ +int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ); + +/** + * This function returns random based on a pseudo random function. + * This means the results should be identical on all systems. + * Pseudo random is based on the XTEA encryption algorithm to + * generate pseudorandom. + * + * rng_state shall be a pointer to a rnd_pseudo_info structure. + */ +int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ); + #endif /* TEST_RANDOM_H */ diff --git a/tests/src/random.c b/tests/src/random.c index f80a1c471..bb0df7a71 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -23,4 +23,95 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#include #include +#include + +int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) +{ +#if !defined(__OpenBSD__) + size_t i; + + if( rng_state != NULL ) + rng_state = NULL; + + for( i = 0; i < len; ++i ) + output[i] = rand(); +#else + if( rng_state != NULL ) + rng_state = NULL; + + arc4random_buf( output, len ); +#endif /* !OpenBSD */ + + return( 0 ); +} + +int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) +{ + if( rng_state != NULL ) + rng_state = NULL; + + memset( output, 0, len ); + + return( 0 ); +} + +int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) +{ + rnd_buf_info *info = (rnd_buf_info *) rng_state; + size_t use_len; + + if( rng_state == NULL ) + return( rnd_std_rand( NULL, output, len ) ); + + use_len = len; + if( len > info->length ) + use_len = info->length; + + if( use_len ) + { + memcpy( output, info->buf, use_len ); + info->buf += use_len; + info->length -= use_len; + } + + if( len - use_len > 0 ) + return( rnd_std_rand( NULL, output + use_len, len - use_len ) ); + + return( 0 ); +} + +int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) +{ + rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; + uint32_t i, *k, sum, delta=0x9E3779B9; + unsigned char result[4], *out = output; + + if( rng_state == NULL ) + return( rnd_std_rand( NULL, output, len ) ); + + k = info->key; + + while( len > 0 ) + { + size_t use_len = ( len > 4 ) ? 4 : len; + sum = 0; + + for( i = 0; i < 32; i++ ) + { + info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) ) + + info->v1 ) ^ ( sum + k[sum & 3] ); + sum += delta; + info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) ) + + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] ); + } + + PUT_UINT32_BE( info->v0, result, 0 ); + memcpy( out, result, use_len ); + len -= use_len; + out += 4; + } + + return( 0 ); +} diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 926658216..a5285a3a6 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -487,144 +487,3 @@ static void close_output( FILE* out_stream ) fclose( out_stream ); } #endif /* __unix__ || __APPLE__ __MACH__ */ - -/** - * This function just returns data from rand(). - * Although predictable and often similar on multiple - * runs, this does not result in identical random on - * each run. So do not use this if the results of a - * test depend on the random data that is generated. - * - * rng_state shall be NULL. - */ -int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) -{ -#if !defined(__OpenBSD__) - size_t i; - - if( rng_state != NULL ) - rng_state = NULL; - - for( i = 0; i < len; ++i ) - output[i] = rand(); -#else - if( rng_state != NULL ) - rng_state = NULL; - - arc4random_buf( output, len ); -#endif /* !OpenBSD */ - - return( 0 ); -} - -/** - * This function only returns zeros - * - * rng_state shall be NULL. - */ -int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) -{ - if( rng_state != NULL ) - rng_state = NULL; - - memset( output, 0, len ); - - return( 0 ); -} - -typedef struct -{ - unsigned char *buf; - size_t length; -} rnd_buf_info; - -/** - * This function returns random based on a buffer it receives. - * - * rng_state shall be a pointer to a rnd_buf_info structure. - * - * The number of bytes released from the buffer on each call to - * the random function is specified by per_call. (Can be between - * 1 and 4) - * - * After the buffer is empty it will return rand(); - */ -int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) -{ - rnd_buf_info *info = (rnd_buf_info *) rng_state; - size_t use_len; - - if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); - - use_len = len; - if( len > info->length ) - use_len = info->length; - - if( use_len ) - { - memcpy( output, info->buf, use_len ); - info->buf += use_len; - info->length -= use_len; - } - - if( len - use_len > 0 ) - return( rnd_std_rand( NULL, output + use_len, len - use_len ) ); - - return( 0 ); -} - -/** - * Info structure for the pseudo random function - * - * Key should be set at the start to a test-unique value. - * Do not forget endianness! - * State( v0, v1 ) should be set to zero. - */ -typedef struct -{ - uint32_t key[16]; - uint32_t v0, v1; -} rnd_pseudo_info; - -/** - * This function returns random based on a pseudo random function. - * This means the results should be identical on all systems. - * Pseudo random is based on the XTEA encryption algorithm to - * generate pseudorandom. - * - * rng_state shall be a pointer to a rnd_pseudo_info structure. - */ -int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) -{ - rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; - uint32_t i, *k, sum, delta=0x9E3779B9; - unsigned char result[4], *out = output; - - if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); - - k = info->key; - - while( len > 0 ) - { - size_t use_len = ( len > 4 ) ? 4 : len; - sum = 0; - - for( i = 0; i < 32; i++ ) - { - info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) ) - + info->v1 ) ^ ( sum + k[sum & 3] ); - sum += delta; - info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) ) - + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] ); - } - - PUT_UINT32_BE( info->v0, result, 0 ); - memcpy( out, result, use_len ); - len -= use_len; - out += 4; - } - - return( 0 ); -} From e9c09f1efc6a141120214b1239dec600d4120127 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 8 Jun 2020 16:44:58 +0200 Subject: [PATCH 152/247] tests: Add mbedtls_test_ prefix to platform_* functions Add mbedtls_test_ prefix to platform_setup() and platform_teardown() test helper functions. Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 4 ++-- tests/src/helpers.c | 4 ++-- tests/suites/main_test.function | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 9194ada68..817353ad1 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -50,8 +50,8 @@ #include #include -int platform_setup( void ); -void platform_teardown( void ); +int mbedtls_test_platform_setup( void ); +void mbedtls_test_platform_teardown( void ); int unhexify( unsigned char *obuf, const char *ibuf ); void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); diff --git a/tests/src/helpers.c b/tests/src/helpers.c index b5ca1f8c1..dc022ff6d 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -24,7 +24,7 @@ static mbedtls_platform_context platform_ctx; #endif -int platform_setup( void ) +int mbedtls_test_platform_setup( void ) { int ret = 0; #if defined(MBEDTLS_PLATFORM_C) @@ -33,7 +33,7 @@ int platform_setup( void ) return( ret ); } -void platform_teardown( void ) +void mbedtls_test_platform_teardown( void ) { #if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_teardown( &platform_ctx ); diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ff4cf2015..af4b84e3b 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -261,7 +261,7 @@ $platform_code */ int main( int argc, const char *argv[] ) { - int ret = platform_setup(); + int ret = mbedtls_test_platform_setup(); if( ret != 0 ) { mbedtls_fprintf( stderr, @@ -271,6 +271,6 @@ int main( int argc, const char *argv[] ) } ret = execute_tests( argc, argv ); - platform_teardown(); + mbedtls_test_platform_teardown(); return( ret ); } From 72d628f7f5a6014ededd3bff5f32d6b2f2109821 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 8 Jun 2020 17:05:57 +0200 Subject: [PATCH 153/247] tests: Add mbedtls_test_ prefix to *hexify functions Add mbedtls_test_ prefix to hexify() and unhexify() test helper functions. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/(un|)hexify\>/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 6 ++- tests/src/helpers.c | 8 +-- tests/suites/host_test.function | 2 +- tests/suites/target_test.function | 4 +- tests/suites/test_suite_aes.function | 8 +-- tests/suites/test_suite_aria.function | 60 ++++++++++----------- tests/suites/test_suite_ccm.function | 24 ++++----- tests/suites/test_suite_chacha20.function | 14 ++--- tests/suites/test_suite_chachapoly.function | 24 ++++----- tests/suites/test_suite_cipher.function | 8 +-- tests/suites/test_suite_ecdh.function | 6 +-- tests/suites/test_suite_ecdsa.function | 8 +-- tests/suites/test_suite_hkdf.function | 12 ++--- tests/suites/test_suite_nist_kw.function | 12 ++--- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_poly1305.function | 12 ++--- 16 files changed, 107 insertions(+), 103 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 817353ad1..2d53cf9ea 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -53,8 +53,10 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); -int unhexify( unsigned char *obuf, const char *ibuf ); -void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); +int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ); +void mbedtls_test_hexify( unsigned char *obuf, + const unsigned char *ibuf, + int len ); /** * Allocate and zeroize a buffer. diff --git a/tests/src/helpers.c b/tests/src/helpers.c index dc022ff6d..358f3e4ae 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -40,7 +40,7 @@ void mbedtls_test_platform_teardown( void ) #endif /* MBEDTLS_PLATFORM_C */ } -int unhexify( unsigned char *obuf, const char *ibuf ) +int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; @@ -74,7 +74,9 @@ int unhexify( unsigned char *obuf, const char *ibuf ) return len; } -void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) +void mbedtls_test_hexify( unsigned char *obuf, + const unsigned char *ibuf, + int len ) { unsigned char l, h; @@ -123,7 +125,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) obuf = mbedtls_calloc( 1, *olen ); TEST_HELPER_ASSERT( obuf != NULL ); - (void) unhexify( obuf, ibuf ); + (void) mbedtls_test_unhexify( obuf, ibuf ); return( obuf ); } diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index db65c0f24..77f146baa 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -277,7 +277,7 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store { if ( verify_string( &val ) == 0 ) { - *int_params_store = unhexify( (unsigned char *) val, val ); + *int_params_store = mbedtls_test_unhexify( (unsigned char *) val, val ); *out++ = val; *out++ = (char *)(int_params_store++); } diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function index 3d8895788..f7a9f0438 100644 --- a/tests/suites/target_test.function +++ b/tests/suites/target_test.function @@ -75,7 +75,7 @@ uint8_t receive_byte() c[1] = greentea_getc(); c[2] = '\0'; - TEST_HELPER_ASSERT( unhexify( &byte, c ) != 2 ); + TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, c ) != 2 ); return( byte ); } @@ -101,7 +101,7 @@ uint32_t receive_uint32() }; const uint8_t c[9] = { c_be[6], c_be[7], c_be[4], c_be[5], c_be[2], c_be[3], c_be[0], c_be[1], '\0' }; - TEST_HELPER_ASSERT( unhexify( (uint8_t*)&value, c ) != 8 ); + TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, c ) != 8 ); return( value ); } diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index da8c1e935..9734aa0d5 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -340,9 +340,9 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, TEST_ASSERT( strlen( hex_src_string ) <= ( 64 * 2 ) ); TEST_ASSERT( strlen( hex_dst_string ) <= ( 64 * 2 ) ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - in_buffer_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + in_buffer_len = mbedtls_test_unhexify( src_str, hex_src_string ); TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == 0 ); src_str_next = src_str; @@ -352,7 +352,7 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset, iv_str, src_str_next, output ) == 0 ); - hexify( dst_str, output, fragment_size ); + mbedtls_test_hexify( dst_str, output, fragment_size ); TEST_ASSERT( strncmp( (char *) dst_str, hex_dst_string, ( 2 * fragment_size ) ) == 0 ); diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 7e35f154b..89de82f93 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -222,8 +222,8 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result ); @@ -234,7 +234,7 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) == 0 ); } - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -261,8 +261,8 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result ); @@ -273,7 +273,7 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) == 0 ); } - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -303,9 +303,9 @@ void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len, @@ -313,7 +313,7 @@ void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, == cbc_result ); if( cbc_result == 0 ) { - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -343,9 +343,9 @@ void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, data_len, @@ -353,7 +353,7 @@ void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, == cbc_result ); if( cbc_result == 0 ) { - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -384,16 +384,16 @@ void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len, &iv_offset, iv_str, src_str, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -423,16 +423,16 @@ void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, data_len, &iv_offset, iv_str, src_str, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -463,15 +463,15 @@ void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, blk, src_str, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -502,15 +502,15 @@ void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, blk, src_str, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 16f9f8e3b..2e374c0a5 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -218,12 +218,12 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, memset( source_address, 0x00, sizeof( source_address ) ); memset( frame_counter, 0x00, sizeof( frame_counter ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - add_len = unhexify( add, add_hex ); - result_len = unhexify( result, result_hex ); - source_address_len = unhexify( source_address, source_address_hex ); - frame_counter_len = unhexify( frame_counter, frame_counter_hex ); + key_len = mbedtls_test_unhexify( key, key_hex ); + msg_len = mbedtls_test_unhexify( msg, msg_hex ); + add_len = mbedtls_test_unhexify( add, add_hex ); + result_len = mbedtls_test_unhexify( result, result_hex ); + source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); + frame_counter_len = mbedtls_test_unhexify( frame_counter, frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; @@ -286,12 +286,12 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id, memset( frame_counter, 0x00, sizeof( frame_counter ) ); memset( tag, 0x00, sizeof( tag ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - add_len = unhexify( add, add_hex ); - result_len = unhexify( result, result_hex ); - source_address_len = unhexify( source_address, source_address_hex ); - frame_counter_len = unhexify( frame_counter, frame_counter_hex ); + key_len = mbedtls_test_unhexify( key, key_hex ); + msg_len = mbedtls_test_unhexify( msg, msg_hex ); + add_len = mbedtls_test_unhexify( add, add_hex ); + result_len = mbedtls_test_unhexify( result, result_hex ); + source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); + frame_counter_len = mbedtls_test_unhexify( frame_counter, frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 49b389c7f..48ac9755a 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -31,10 +31,10 @@ void chacha20_crypt( char *hex_key_string, memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); - key_len = unhexify( key_str, hex_key_string ); - nonce_len = unhexify( nonce_str, hex_nonce_string ); - src_len = unhexify( src_str, hex_src_string ); - dst_len = unhexify( dst_str, hex_dst_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); + src_len = mbedtls_test_unhexify( src_str, hex_src_string ); + dst_len = mbedtls_test_unhexify( dst_str, hex_dst_string ); TEST_ASSERT( src_len == dst_len ); TEST_ASSERT( key_len == 32U ); @@ -45,7 +45,7 @@ void chacha20_crypt( char *hex_key_string, */ TEST_ASSERT( mbedtls_chacha20_crypt( key_str, nonce_str, counter, src_len, src_str, output ) == 0 ); - hexify( dst_str, output, src_len ); + mbedtls_test_hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); /* @@ -60,7 +60,7 @@ void chacha20_crypt( char *hex_key_string, memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len, src_str, output ) == 0 ); - hexify( dst_str, output, src_len ); + mbedtls_test_hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); /* @@ -75,7 +75,7 @@ void chacha20_crypt( char *hex_key_string, TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str, output ) == 0 ); TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len - 1, src_str + 1, output + 1 ) == 0 ); - hexify( dst_str, output, src_len ); + mbedtls_test_hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); mbedtls_chacha20_free( &ctx ); diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function index 8e56bf69a..aeaf1d74a 100644 --- a/tests/suites/test_suite_chachapoly.function +++ b/tests/suites/test_suite_chachapoly.function @@ -33,12 +33,12 @@ void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char memset( output_str, 0x00, sizeof( output_str ) ); memset( mac_str, 0x00, sizeof( mac_str ) ); - aad_len = unhexify( aad_str, hex_aad_string ); - input_len = unhexify( input_str, hex_input_string ); - output_len = unhexify( output_str, hex_output_string ); - key_len = unhexify( key_str, hex_key_string ); - nonce_len = unhexify( nonce_str, hex_nonce_string ); - mac_len = unhexify( mac_str, hex_mac_string ); + aad_len = mbedtls_test_unhexify( aad_str, hex_aad_string ); + input_len = mbedtls_test_unhexify( input_str, hex_input_string ); + output_len = mbedtls_test_unhexify( output_str, hex_output_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); + mac_len = mbedtls_test_unhexify( mac_str, hex_mac_string ); TEST_ASSERT( key_len == 32 ); TEST_ASSERT( nonce_len == 12 ); @@ -87,12 +87,12 @@ void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char memset( output_str, 0x00, sizeof( output_str ) ); memset( mac_str, 0x00, sizeof( mac_str ) ); - aad_len = unhexify( aad_str, hex_aad_string ); - input_len = unhexify( input_str, hex_input_string ); - output_len = unhexify( output_str, hex_output_string ); - key_len = unhexify( key_str, hex_key_string ); - nonce_len = unhexify( nonce_str, hex_nonce_string ); - mac_len = unhexify( mac_str, hex_mac_string ); + aad_len = mbedtls_test_unhexify( aad_str, hex_aad_string ); + input_len = mbedtls_test_unhexify( input_str, hex_input_string ); + output_len = mbedtls_test_unhexify( output_str, hex_output_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); + mac_len = mbedtls_test_unhexify( mac_str, hex_mac_string ); TEST_ASSERT( key_len == 32 ); TEST_ASSERT( nonce_len == 12 ); diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 783407314..8b2956f94 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1161,15 +1161,15 @@ void test_vec_crypt( int cipher_id, int operation, char *hex_key, TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, mbedtls_cipher_info_from_type( cipher_id ) ) ); - key_len = unhexify( key, hex_key ); - inputlen = unhexify( input, hex_input ); - resultlen = unhexify( result, hex_result ); + key_len = mbedtls_test_unhexify( key, hex_key ); + inputlen = mbedtls_test_unhexify( input, hex_input ); + resultlen = mbedtls_test_unhexify( result, hex_result ); TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) ); if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode ) TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) ); - iv_len = unhexify( iv, hex_iv ); + iv_len = mbedtls_test_unhexify( iv, hex_iv ); TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL, iv_len, input, inputlen, diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index d6bed7f4c..6d0a10efc 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -359,13 +359,13 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); - z_len = unhexify( z, z_str ); + z_len = mbedtls_test_unhexify( z, z_str ); rnd_info_A.buf = rnd_buf_A; - rnd_info_A.length = unhexify( rnd_buf_A, dA_str ); + rnd_info_A.length = mbedtls_test_unhexify( rnd_buf_A, dA_str ); rnd_info_B.buf = rnd_buf_B; - rnd_info_B.length = unhexify( rnd_buf_B, dB_str ); + rnd_info_B.length = mbedtls_test_unhexify( rnd_buf_B, dB_str ); /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure * in every configuration, therefore we load it separately. */ diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 59c1c4907..4176b8164 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -420,9 +420,9 @@ void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str, mbedtls_ecdsa_init( &ctx ); mbedtls_ecdsa_restart_init( &rs_ctx ); - hash_len = unhexify(hash, h_str); - sig_len = unhexify(sig, s_str); - pk_len = unhexify(pk, k_str); + hash_len = mbedtls_test_unhexify(hash, h_str); + sig_len = mbedtls_test_unhexify(sig, s_str); + pk_len = mbedtls_test_unhexify(pk, k_str); TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 ); @@ -494,7 +494,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 ); - slen_check = unhexify( sig_check, sig_str ); + slen_check = mbedtls_test_unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 3e8720734..c08d8f335 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -28,17 +28,17 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); - ikm_len = unhexify( ikm, hex_ikm_string ); - salt_len = unhexify( salt, hex_salt_string ); - info_len = unhexify( info, hex_info_string ); - okm_len = unhexify( expected_okm, hex_okm_string ); + ikm_len = mbedtls_test_unhexify( ikm, hex_ikm_string ); + salt_len = mbedtls_test_unhexify( salt, hex_salt_string ); + info_len = mbedtls_test_unhexify( info, hex_info_string ); + okm_len = mbedtls_test_unhexify( expected_okm, hex_okm_string ); ret = mbedtls_hkdf( md, salt, salt_len, ikm, ikm_len, info, info_len, okm, okm_len); TEST_ASSERT( ret == 0 ); - // Run hexify on it so that it looks nicer if the assertion fails - hexify( okm_hex, okm, okm_len ); + // Run mbedtls_test_hexify on it so that it looks nicer if the assertion fails + mbedtls_test_hexify( okm_hex, okm, okm_len ); TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function index 9c34ea619..827c6903a 100644 --- a/tests/suites/test_suite_nist_kw.function +++ b/tests/suites/test_suite_nist_kw.function @@ -259,9 +259,9 @@ void mbedtls_nist_kw_wrap( int cipher_id, int mode, memset( msg, 0x00, sizeof( msg ) ); memset( result, '+', sizeof( result ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - result_len = unhexify( expected_result, result_hex ); + key_len = mbedtls_test_unhexify( key, key_hex ); + msg_len = mbedtls_test_unhexify( msg, msg_hex ); + result_len = mbedtls_test_unhexify( expected_result, result_hex ); output_len = sizeof( result ); TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 1 ) @@ -306,9 +306,9 @@ void mbedtls_nist_kw_unwrap( int cipher_id, int mode, memset( result, '+', sizeof( result ) ); memset( expected_result, 0x00, sizeof( expected_result ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - result_len = unhexify( expected_result, result_hex ); + key_len = mbedtls_test_unhexify( key, key_hex ); + msg_len = mbedtls_test_unhexify( msg, msg_hex ); + result_len = mbedtls_test_unhexify( expected_result, result_hex ); output_len = sizeof( result ); TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 0 ) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 88f8e3bab..5a30f0f4d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -841,7 +841,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 ); - slen_check = unhexify( sig_check, sig_str ); + slen_check = mbedtls_test_unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 066bb3942..eadb992fe 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -23,15 +23,15 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src memset( key, 0x00, sizeof( key ) ); memset( mac, 0x00, sizeof( mac ) ); - src_len = unhexify( src_str, hex_src_string ); - unhexify( key, hex_key_string ); + src_len = mbedtls_test_unhexify( src_str, hex_src_string ); + mbedtls_test_unhexify( key, hex_key_string ); /* * Test the integrated API */ TEST_ASSERT( mbedtls_poly1305_mac( key, src_str, src_len, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); /* @@ -45,7 +45,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); /* @@ -63,7 +63,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); } @@ -80,7 +80,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); } From ff31eab9381496a8808c9affdf48dbe526ced887 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 8 Jun 2020 17:20:59 +0200 Subject: [PATCH 154/247] tests: Reformating due to *hexify functions renaming Command to find the files in which lines have gone larger than 79 characters due to the renaming: grep '.\{80\}' \ `git diff-tree --no-commit-id --name-only -r HEAD` \ | grep hexify Signed-off-by: Ronald Cron --- tests/suites/host_test.function | 3 ++- tests/suites/test_suite_ccm.function | 12 ++++++++---- tests/suites/test_suite_hkdf.function | 5 ++++- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 77f146baa..c57fa0707 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -277,7 +277,8 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store { if ( verify_string( &val ) == 0 ) { - *int_params_store = mbedtls_test_unhexify( (unsigned char *) val, val ); + *int_params_store = mbedtls_test_unhexify( + (unsigned char *) val, val ); *out++ = val; *out++ = (char *)(int_params_store++); } diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 2e374c0a5..01e1a173b 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -222,8 +222,10 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, msg_len = mbedtls_test_unhexify( msg, msg_hex ); add_len = mbedtls_test_unhexify( add, add_hex ); result_len = mbedtls_test_unhexify( result, result_hex ); - source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); - frame_counter_len = mbedtls_test_unhexify( frame_counter, frame_counter_hex ); + source_address_len = mbedtls_test_unhexify( source_address, + source_address_hex ); + frame_counter_len = mbedtls_test_unhexify( frame_counter, + frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; @@ -290,8 +292,10 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id, msg_len = mbedtls_test_unhexify( msg, msg_hex ); add_len = mbedtls_test_unhexify( add, add_hex ); result_len = mbedtls_test_unhexify( result, result_hex ); - source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); - frame_counter_len = mbedtls_test_unhexify( frame_counter, frame_counter_hex ); + source_address_len = mbedtls_test_unhexify( source_address, + source_address_hex ); + frame_counter_len = mbedtls_test_unhexify( frame_counter, + frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index c08d8f335..9781e7f28 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -37,7 +37,10 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, okm_len); TEST_ASSERT( ret == 0 ); - // Run mbedtls_test_hexify on it so that it looks nicer if the assertion fails + /* + * Run mbedtls_test_hexify on it so that it looks nicer if the assertion + * fails. + */ mbedtls_test_hexify( okm_hex, okm, okm_len ); TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) ); } From 690f3ebe92cb93f0437a3bfdcee84b61c5b377ca Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 10:42:18 +0200 Subject: [PATCH 155/247] tests: Add mbedtls_test_ prefix to zero_alloc() Add mbedtls_test_ prefix to zero_alloc() test helper function. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/zero_alloc/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 2 +- tests/src/helpers.c | 4 ++-- tests/suites/test_suite_aes.function | 4 ++-- tests/suites/test_suite_base64.function | 4 ++-- tests/suites/test_suite_pkcs5.function | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 2d53cf9ea..134e49b7d 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -65,7 +65,7 @@ void mbedtls_test_hexify( unsigned char *obuf, * * For convenience, dies if allocation fails. */ -unsigned char *zero_alloc( size_t len ); +unsigned char *mbedtls_test_zero_alloc( size_t len ); /** * Allocate and fill a buffer from hex data. diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 358f3e4ae..063ebcd68 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -100,7 +100,7 @@ void mbedtls_test_hexify( unsigned char *obuf, } } -unsigned char *zero_alloc( size_t len ) +unsigned char *mbedtls_test_zero_alloc( size_t len ) { void *p; size_t actual_len = ( len != 0 ) ? len : 1; @@ -120,7 +120,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) *olen = strlen( ibuf ) / 2; if( *olen == 0 ) - return( zero_alloc( *olen ) ); + return( mbedtls_test_zero_alloc( *olen ) ); obuf = mbedtls_calloc( 1, *olen ); TEST_HELPER_ASSERT( obuf != NULL ); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 9734aa0d5..8fe0bda9b 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -129,7 +129,7 @@ void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string, dst = unhexify_alloc( hex_dst_string, &dst_len ); TEST_ASSERT( src_len == dst_len ); - output = zero_alloc( dst_len ); + output = mbedtls_test_zero_alloc( dst_len ); TEST_ASSERT( mbedtls_aes_xts_setkey_enc( &ctx, key, key_len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, src_len, @@ -172,7 +172,7 @@ void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string, dst = unhexify_alloc( hex_dst_string, &dst_len ); TEST_ASSERT( src_len == dst_len ); - output = zero_alloc( dst_len ); + output = mbedtls_test_zero_alloc( dst_len ); TEST_ASSERT( mbedtls_aes_xts_setkey_dec( &ctx, key, key_len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_DECRYPT, src_len, diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index 3a8bf430f..dc6ec153b 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -55,7 +55,7 @@ void base64_encode_hex( data_t * src, char * dst, int dst_buf_size, unsigned char *res = NULL; size_t len; - res = zero_alloc( dst_buf_size ); + res = mbedtls_test_zero_alloc( dst_buf_size ); TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result ); if( result == 0 ) @@ -76,7 +76,7 @@ void base64_decode_hex( char * src, data_t * dst, int dst_buf_size, unsigned char *res = NULL; size_t len; - res = zero_alloc( dst_buf_size ); + res = mbedtls_test_zero_alloc( dst_buf_size ); TEST_ASSERT( mbedtls_base64_decode( res, dst_buf_size, &len, (unsigned char *) src, strlen( src ) ) == result ); diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 26f1d3331..ee894f134 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -43,7 +43,7 @@ void mbedtls_pkcs5_pbes2( int params_tag, data_t *params_hex, data_t *pw, params.p = params_hex->x; params.len = params_hex->len; - my_out = zero_alloc( ref_out->len ); + my_out = mbedtls_test_zero_alloc( ref_out->len ); my_ret = mbedtls_pkcs5_pbes2( ¶ms, MBEDTLS_PKCS5_DECRYPT, pw->x, pw->len, data->x, data->len, my_out ); From a256c7025fc3ed401159f7754674e65d0639dd8b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 10:53:11 +0200 Subject: [PATCH 156/247] tests: Add mbedtls_test_ prefix to unhexify_alloc() Add mbedtls_test_ prefix to unhexify_alloc() test helper functions. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/unhexify_alloc\>/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 2 +- tests/src/helpers.c | 2 +- tests/suites/test_suite_aes.function | 16 ++++++++-------- tests/suites/test_suite_hkdf.function | 12 ++++++------ 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 134e49b7d..ad6b9d793 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -77,7 +77,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ); * * For convenience, dies if allocation fails. */ -unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ); +unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 063ebcd68..5f1250110 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -113,7 +113,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ) return( p ); } -unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) +unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) { unsigned char *obuf; diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 8fe0bda9b..887cee84d 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -119,14 +119,14 @@ void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string, mbedtls_aes_xts_init( &ctx ); - data_unit = unhexify_alloc( hex_data_unit_string, &data_unit_len ); + data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, &data_unit_len ); TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE ); - key = unhexify_alloc( hex_key_string, &key_len ); + key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len ); TEST_ASSERT( key_len % 2 == 0 ); - src = unhexify_alloc( hex_src_string, &src_len ); - dst = unhexify_alloc( hex_dst_string, &dst_len ); + src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len ); + dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len ); TEST_ASSERT( src_len == dst_len ); output = mbedtls_test_zero_alloc( dst_len ); @@ -162,14 +162,14 @@ void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string, mbedtls_aes_xts_init( &ctx ); - data_unit = unhexify_alloc( hex_data_unit_string, &data_unit_len ); + data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, &data_unit_len ); TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE ); - key = unhexify_alloc( hex_key_string, &key_len ); + key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len ); TEST_ASSERT( key_len % 2 == 0 ); - src = unhexify_alloc( hex_src_string, &src_len ); - dst = unhexify_alloc( hex_dst_string, &dst_len ); + src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len ); + dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len ); TEST_ASSERT( src_len == dst_len ); output = mbedtls_test_zero_alloc( dst_len ); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 9781e7f28..47e8ee63f 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -63,9 +63,9 @@ void test_hkdf_extract( int md_alg, char *hex_ikm_string, output_prk_len = mbedtls_md_get_size( md ); output_prk = mbedtls_calloc( 1, output_prk_len ); - ikm = unhexify_alloc( hex_ikm_string, &ikm_len ); - salt = unhexify_alloc( hex_salt_string, &salt_len ); - prk = unhexify_alloc( hex_prk_string, &prk_len ); + ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len ); + salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len ); + prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len ); TEST_ASSERT( prk_len == output_prk_len ); ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, output_prk ); @@ -98,9 +98,9 @@ void test_hkdf_expand( int md_alg, char *hex_info_string, output_okm = mbedtls_calloc( OKM_LEN, 1 ); - prk = unhexify_alloc( hex_prk_string, &prk_len ); - info = unhexify_alloc( hex_info_string, &info_len ); - okm = unhexify_alloc( hex_okm_string, &okm_len ); + prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len ); + info = mbedtls_test_unhexify_alloc( hex_info_string, &info_len ); + okm = mbedtls_test_unhexify_alloc( hex_okm_string, &okm_len ); TEST_ASSERT( prk_len == mbedtls_md_get_size( md ) ); TEST_ASSERT( okm_len < OKM_LEN ); From f73ab008d2ab362b244cf5ecc2b277294e7735e4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 10:57:28 +0200 Subject: [PATCH 157/247] tests: Reformating due to unhexify_alloc() renaming Command to find the files in which lines have gone larger than 79 characters due to the renaming: grep '.\{80\}' \ `git diff-tree --no-commit-id --name-only -r HEAD` \ | grep unhexify_alloc Signed-off-by: Ronald Cron --- tests/suites/test_suite_aes.function | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 887cee84d..c2b497813 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -119,7 +119,8 @@ void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string, mbedtls_aes_xts_init( &ctx ); - data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, &data_unit_len ); + data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, + &data_unit_len ); TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE ); key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len ); @@ -162,7 +163,8 @@ void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string, mbedtls_aes_xts_init( &ctx ); - data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, &data_unit_len ); + data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, + &data_unit_len ); TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE ); key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len ); From de70b165a4e0638ddcf5498495d53608069181b7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 11:03:08 +0200 Subject: [PATCH 158/247] tests: Add mbedtls_test_ prefix to hexcmp() Add mbedtls_test_ prefix to hexcmp() test helper function. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 3 ++- tests/src/helpers.c | 3 ++- tests/suites/test_suite_aes.function | 16 ++++++++-------- tests/suites/test_suite_arc4.function | 2 +- tests/suites/test_suite_blowfish.function | 14 +++++++------- tests/suites/test_suite_camellia.function | 12 ++++++------ tests/suites/test_suite_des.function | 16 ++++++++-------- tests/suites/test_suite_ecp.function | 2 +- tests/suites/test_suite_gcm.function | 6 +++--- tests/suites/test_suite_md.function | 20 ++++++++++---------- tests/suites/test_suite_mdx.function | 8 ++++---- tests/suites/test_suite_mpi.function | 6 +++--- tests/suites/test_suite_pkcs1_v15.function | 6 +++--- tests/suites/test_suite_pkcs1_v21.function | 6 +++--- tests/suites/test_suite_pkcs5.function | 2 +- tests/suites/test_suite_rsa.function | 20 ++++++++++---------- tests/suites/test_suite_shax.function | 10 +++++----- tests/suites/test_suite_ssl.function | 2 +- tests/suites/test_suite_xtea.function | 8 ++++---- 19 files changed, 82 insertions(+), 80 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index ad6b9d793..36b9e72e2 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -79,6 +79,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ); */ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); -int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); +int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, + uint32_t a_len, uint32_t b_len ); #endif /* TEST_HELPERS_H */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 5f1250110..f0c27c3ff 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -130,7 +130,8 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) return( obuf ); } -int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) +int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, + uint32_t a_len, uint32_t b_len ) { int ret = 0; uint32_t i = 0; diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index c2b497813..677978d30 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -23,7 +23,7 @@ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); } exit: @@ -47,7 +47,7 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); } exit: @@ -72,7 +72,7 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -96,7 +96,7 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -243,7 +243,7 @@ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -265,7 +265,7 @@ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -286,7 +286,7 @@ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -307,7 +307,7 @@ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function index ae3b032b3..7f85df6a3 100644 --- a/tests/suites/test_suite_arc4.function +++ b/tests/suites/test_suite_arc4.function @@ -21,7 +21,7 @@ void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, mbedtls_arc4_setup(&ctx, key_str->x, key_str->len); TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 ); - TEST_ASSERT( hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_arc4_free( &ctx ); diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index 7a93cd139..d14555eec 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -181,7 +181,7 @@ void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); } exit: @@ -205,7 +205,7 @@ void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); } exit: @@ -231,7 +231,7 @@ void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -256,7 +256,7 @@ void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -280,7 +280,7 @@ void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -303,7 +303,7 @@ void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -327,7 +327,7 @@ void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 940834815..4a2d764f6 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -189,7 +189,7 @@ void camellia_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); } exit: @@ -213,7 +213,7 @@ void camellia_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); } exit: @@ -238,7 +238,7 @@ void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -263,7 +263,7 @@ void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -287,7 +287,7 @@ void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); @@ -310,7 +310,7 @@ void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index b5acb7b0f..4ba8a85ab 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -28,7 +28,7 @@ void des_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_enc( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -49,7 +49,7 @@ void des_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_dec( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -73,7 +73,7 @@ void des_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -98,7 +98,7 @@ void des_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -126,7 +126,7 @@ void des3_encrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -153,7 +153,7 @@ void des3_decrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -184,7 +184,7 @@ void des3_encrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -216,7 +216,7 @@ void des3_decrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 6385e7767..2cf84d791 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -806,7 +806,7 @@ void ecp_write_binary( int id, char * x, char * y, char * z, int format, if( ret == 0 ) { - TEST_ASSERT( hexcmp( buf, out->x, olen, out->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 1fcb681b9..ea2c91d77 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -55,8 +55,8 @@ void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, { TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); - TEST_ASSERT( hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 ); } exit: @@ -94,7 +94,7 @@ void gcm_decrypt_and_verify( int cipher_id, data_t * key_str, { TEST_ASSERT( ret == 0 ); - TEST_ASSERT( hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 ); } } diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 11cf88ae7..e2d9149d2 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -145,7 +145,7 @@ void md_text( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -167,7 +167,7 @@ void md_hex( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -208,7 +208,7 @@ void md_text_multi( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len) == 0 ); /* Test clone */ @@ -216,7 +216,7 @@ void md_text_multi( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -255,14 +255,14 @@ void md_hex_multi( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -289,7 +289,7 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -321,7 +321,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); /* Test again, for reset() */ memset( output, 0x00, 100 ); @@ -331,7 +331,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -355,6 +355,6 @@ void mbedtls_md_file( char * text_md_name, char * filename, TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 02004efa8..b6c8d8d62 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -20,7 +20,7 @@ void md2_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ) ; - TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -39,7 +39,7 @@ void md4_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -58,7 +58,7 @@ void md5_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -77,7 +77,7 @@ void ripemd160_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 43975cba0..a3afb9b6d 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -373,7 +373,7 @@ void mbedtls_mpi_write_binary( int radix_X, char * input_X, if( result == 0) { - TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); } exit: @@ -404,7 +404,7 @@ void mbedtls_mpi_write_binary_le( int radix_X, char * input_X, if( result == 0) { - TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); } exit: @@ -438,7 +438,7 @@ void mbedtls_mpi_read_file( int radix_X, char * input_file, TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 ); - TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 13fdf58f8..1f6597482 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -37,7 +37,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -87,7 +87,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 ); } } @@ -287,7 +287,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 7b8087b1c..c3ac92f00 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -37,7 +37,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -93,7 +93,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, sizeof( output ) ) == result ); if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); } } @@ -146,7 +146,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index ee894f134..c334a7a10 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -24,7 +24,7 @@ void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str, TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len, it_cnt, key_len, key ) == 0 ); - TEST_ASSERT( hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 9a3b5837c..bbe3638d7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -506,7 +506,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -586,7 +586,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, output ) == 0 ); - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); #if defined(MBEDTLS_PKCS1_V15) /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ @@ -608,7 +608,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, if( res == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } } #endif /* MBEDTLS_PKCS1_V15 */ @@ -714,7 +714,7 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -752,7 +752,7 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -800,7 +800,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); } exit: @@ -837,7 +837,7 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } /* And now with the copy */ @@ -852,7 +852,7 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -902,7 +902,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } } @@ -919,7 +919,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index e621f49cd..358054eca 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -61,7 +61,7 @@ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -131,7 +131,7 @@ void sha224( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -145,7 +145,7 @@ void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -215,7 +215,7 @@ void sha384( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -229,7 +229,7 @@ void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6b32ca344..639e8c370 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3424,7 +3424,7 @@ void ssl_tls_prf( int type, data_t * secret, data_t * random, if( exp_ret == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, result_hex_str->len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function index a24a42065..f1926d644 100644 --- a/tests/suites/test_suite_xtea.function +++ b/tests/suites/test_suite_xtea.function @@ -20,7 +20,7 @@ void xtea_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -37,7 +37,7 @@ void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -55,7 +55,7 @@ void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -73,7 +73,7 @@ void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } /* END_CASE */ From 2dbba9970835f21ddad3121329c996057c82f126 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 11:42:32 +0200 Subject: [PATCH 159/247] tests: Reformating due to hexcmp() renaming Command to find the files in which lines have gone larger than 79 characters due to the renaming: grep '.\{80\}' \ `git diff-tree --no-commit-id --name-only -r HEAD` \ | grep hexcmp Signed-off-by: Ronald Cron --- tests/suites/test_suite_aes.function | 28 ++++++++++++----- tests/suites/test_suite_arc4.function | 4 ++- tests/suites/test_suite_blowfish.function | 26 +++++++++++----- tests/suites/test_suite_camellia.function | 20 +++++++++---- tests/suites/test_suite_des.function | 28 ++++++++++++----- tests/suites/test_suite_gcm.function | 11 +++++-- tests/suites/test_suite_md.function | 35 +++++++++++++++------- tests/suites/test_suite_mdx.function | 16 +++++++--- tests/suites/test_suite_mpi.function | 9 ++++-- tests/suites/test_suite_pkcs1_v15.function | 10 +++++-- tests/suites/test_suite_pkcs1_v21.function | 10 +++++-- tests/suites/test_suite_pkcs5.function | 3 +- tests/suites/test_suite_rsa.function | 34 ++++++++++++++------- tests/suites/test_suite_shax.function | 15 ++++++---- tests/suites/test_suite_xtea.function | 14 ++++++--- 15 files changed, 187 insertions(+), 76 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 677978d30..f1be3cec2 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -23,7 +23,8 @@ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); } exit: @@ -47,7 +48,8 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); } exit: @@ -72,7 +74,9 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -96,7 +100,9 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -243,7 +249,8 @@ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -265,7 +272,8 @@ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -286,7 +294,9 @@ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -307,7 +317,9 @@ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function index 7f85df6a3..9aa491382 100644 --- a/tests/suites/test_suite_arc4.function +++ b/tests/suites/test_suite_arc4.function @@ -21,7 +21,9 @@ void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, mbedtls_arc4_setup(&ctx, key_str->x, key_str->len); TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_arc4_free( &ctx ); diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index d14555eec..eb6891cad 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -181,7 +181,8 @@ void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); } exit: @@ -205,7 +206,8 @@ void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); } exit: @@ -231,7 +233,9 @@ void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -256,7 +260,9 @@ void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -280,7 +286,9 @@ void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -303,7 +311,9 @@ void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -327,7 +337,9 @@ void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 4a2d764f6..4949feb88 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -189,7 +189,8 @@ void camellia_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); } exit: @@ -213,7 +214,8 @@ void camellia_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); } exit: @@ -238,7 +240,9 @@ void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -263,7 +267,9 @@ void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -287,7 +293,8 @@ void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); @@ -310,7 +317,8 @@ void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index 4ba8a85ab..625c87ab1 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -28,7 +28,8 @@ void des_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_enc( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -49,7 +50,8 @@ void des_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_dec( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -73,7 +75,9 @@ void des_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -98,7 +102,9 @@ void des_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -126,7 +132,8 @@ void des3_encrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -153,7 +160,8 @@ void des3_decrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -184,7 +192,9 @@ void des3_encrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -216,7 +226,9 @@ void des3_decrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index ea2c91d77..b28d918ba 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -55,8 +55,11 @@ void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, { TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x, + tag_len, hex_tag_string->len ) == 0 ); } exit: @@ -94,7 +97,9 @@ void gcm_decrypt_and_verify( int cipher_id, data_t * key_str, { TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, pt_result->x, + src_str->len, + pt_result->len ) == 0 ); } } diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index e2d9149d2..be5782902 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -145,7 +145,9 @@ void md_text( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -168,7 +170,8 @@ void md_hex( char * text_md_name, data_t * src_str, TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -209,14 +212,17 @@ void md_text_multi( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - mbedtls_md_get_size( md_info ), hex_hash_string->len) == 0 ); + mbedtls_md_get_size( md_info ), + hex_hash_string->len) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -255,14 +261,18 @@ void md_hex_multi( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -289,7 +299,8 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + trunc_size, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -321,7 +332,8 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + trunc_size, hex_hash_string->len ) == 0 ); /* Test again, for reset() */ memset( output, 0x00, 100 ); @@ -331,7 +343,8 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + trunc_size, hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -355,6 +368,8 @@ void mbedtls_md_file( char * text_md_name, char * filename, TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index b6c8d8d62..ed2ae58b4 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -20,7 +20,9 @@ void md2_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ) ; - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + sizeof output, + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -39,7 +41,9 @@ void md4_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + sizeof output, + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -58,7 +62,9 @@ void md5_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + sizeof output, + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -77,7 +83,9 @@ void ripemd160_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + sizeof output, + hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index a3afb9b6d..895a08757 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -373,7 +373,8 @@ void mbedtls_mpi_write_binary( int radix_X, char * input_X, if( result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, + buflen, input_A->len ) == 0 ); } exit: @@ -404,7 +405,8 @@ void mbedtls_mpi_write_binary_le( int radix_X, char * input_X, if( result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, + buflen, input_A->len ) == 0 ); } exit: @@ -438,7 +440,8 @@ void mbedtls_mpi_read_file( int radix_X, char * input_file, TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, + buflen, input_A->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 1f6597482..d4f31f9b2 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -37,7 +37,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -87,7 +88,9 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + output_len, + result_hex_str->len) == 0 ); } } @@ -287,7 +290,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index c3ac92f00..86dfd5c4d 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -37,7 +37,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -93,7 +94,9 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, sizeof( output ) ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + output_len, + result_hex_str->len ) == 0 ); } } @@ -146,7 +149,8 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index c334a7a10..0b0c937cf 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -24,7 +24,8 @@ void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str, TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len, it_cnt, key_len, key ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x, + key_len, result_key_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index bbe3638d7..59d688dd7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -506,7 +506,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -586,7 +587,8 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); #if defined(MBEDTLS_PKCS1_V15) /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ @@ -608,7 +610,9 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, if( res == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, + result_hex_str->len ) == 0 ); } } #endif /* MBEDTLS_PKCS1_V15 */ @@ -714,7 +718,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -752,7 +757,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -800,7 +806,9 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + output_len, + result_hex_str->len ) == 0 ); } exit: @@ -837,7 +845,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } /* And now with the copy */ @@ -852,7 +861,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -902,7 +912,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, + result_hex_str->len ) == 0 ); } } @@ -919,7 +931,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx2.len, + result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 358054eca..64280098c 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -61,7 +61,8 @@ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 20, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -131,7 +132,8 @@ void sha224( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 28, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -145,7 +147,8 @@ void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 32, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -215,7 +218,8 @@ void sha384( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 48, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -229,7 +233,8 @@ void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 64, hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function index f1926d644..f286e6735 100644 --- a/tests/suites/test_suite_xtea.function +++ b/tests/suites/test_suite_xtea.function @@ -20,7 +20,8 @@ void xtea_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -37,7 +38,8 @@ void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -55,7 +57,9 @@ void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -73,7 +77,9 @@ void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } /* END_CASE */ From 351f0eee205f5cc99407ca0b83b88d292a834e32 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 12:12:18 +0200 Subject: [PATCH 160/247] tests: Add mbedtls_test_ prefix to rnd_* symbols Add mbedtls_test_ prefix to rnd_buf_info and rnd_pseudo_info types, to rnd_std_rand(), rnd_zero_rand(), rnd_buffer_rand() and rnd_pseudo_rand() functions. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/rnd_(buf_info|pseudo_info|std_rand| \ zero_rand|buffer_rand|pseudo_rand)/, \ "mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/random.h | 20 +++-- tests/src/random.c | 28 ++++--- tests/suites/test_suite_ctr_drbg.function | 2 +- tests/suites/test_suite_dhm.function | 34 ++++----- tests/suites/test_suite_ecdh.function | 88 +++++++++++----------- tests/suites/test_suite_ecdsa.function | 64 ++++++++-------- tests/suites/test_suite_ecjpake.function | 18 ++--- tests/suites/test_suite_ecp.function | 72 +++++++++--------- tests/suites/test_suite_hmac_drbg.function | 2 +- tests/suites/test_suite_mpi.function | 10 +-- tests/suites/test_suite_pk.function | 88 +++++++++++----------- tests/suites/test_suite_pkcs1_v15.function | 24 +++--- tests/suites/test_suite_pkcs1_v21.function | 16 ++-- tests/suites/test_suite_rsa.function | 38 +++++----- tests/suites/test_suite_ssl.function | 8 +- tests/suites/test_suite_x509write.function | 26 +++---- 16 files changed, 278 insertions(+), 260 deletions(-) diff --git a/tests/include/test/random.h b/tests/include/test/random.h index c60803597..dfdefa688 100644 --- a/tests/include/test/random.h +++ b/tests/include/test/random.h @@ -39,7 +39,7 @@ typedef struct { unsigned char *buf; size_t length; -} rnd_buf_info; +} mbedtls_test_rnd_buf_info; /** * Info structure for the pseudo random function @@ -52,7 +52,7 @@ typedef struct { uint32_t key[16]; uint32_t v0, v1; -} rnd_pseudo_info; +} mbedtls_test_rnd_pseudo_info; /** * This function just returns data from rand(). @@ -63,14 +63,18 @@ typedef struct * * rng_state shall be NULL. */ -int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_std_rand( void *rng_state, + unsigned char *output, + size_t len ); /** * This function only returns zeros * * rng_state shall be NULL. */ -int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_zero_rand( void *rng_state, + unsigned char *output, + size_t len ); /** * This function returns random based on a buffer it receives. @@ -83,7 +87,9 @@ int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); * * After the buffer is empty it will return rand(); */ -int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_buffer_rand( void *rng_state, + unsigned char *output, + size_t len ); /** * This function returns random based on a pseudo random function. @@ -93,6 +99,8 @@ int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ); * * rng_state shall be a pointer to a rnd_pseudo_info structure. */ -int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_pseudo_rand( void *rng_state, + unsigned char *output, + size_t len ); #endif /* TEST_RANDOM_H */ diff --git a/tests/src/random.c b/tests/src/random.c index bb0df7a71..25fa4cf33 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -27,7 +27,9 @@ #include #include -int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_std_rand( void *rng_state, + unsigned char *output, + size_t len ) { #if !defined(__OpenBSD__) size_t i; @@ -47,7 +49,9 @@ int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_zero_rand( void *rng_state, + unsigned char *output, + size_t len ) { if( rng_state != NULL ) rng_state = NULL; @@ -57,13 +61,15 @@ int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_buffer_rand( void *rng_state, + unsigned char *output, + size_t len ) { - rnd_buf_info *info = (rnd_buf_info *) rng_state; + mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state; size_t use_len; if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); + return( mbedtls_test_rnd_std_rand( NULL, output, len ) ); use_len = len; if( len > info->length ) @@ -77,19 +83,23 @@ int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) } if( len - use_len > 0 ) - return( rnd_std_rand( NULL, output + use_len, len - use_len ) ); + return( mbedtls_test_rnd_std_rand( NULL, output + use_len, + len - use_len ) ); return( 0 ); } -int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_pseudo_rand( void *rng_state, + unsigned char *output, + size_t len ) { - rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; + mbedtls_test_rnd_pseudo_info *info = + (mbedtls_test_rnd_pseudo_info *) rng_state; uint32_t i, *k, sum, delta=0x9E3779B9; unsigned char result[4], *out = output; if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); + return( mbedtls_test_rnd_std_rand( NULL, output, len ) ); k = info->key; diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 8317c08c8..d8301bf95 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -316,7 +316,7 @@ void ctr_drbg_seed_file( char * path, int ret ) mbedtls_ctr_drbg_init( &ctx ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, rnd_std_rand, NULL, NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_rnd_std_rand, NULL, NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret ); TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 8a05a38df..e00849a4e 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -36,17 +36,17 @@ void dhm_invalid_params( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_params( NULL, buflen, buf, &len, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_params( &ctx, buflen, NULL, &len, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_params( &ctx, buflen, buf, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_params( &ctx, buflen, @@ -69,12 +69,12 @@ void dhm_invalid_params( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_public( NULL, buflen, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_public( &ctx, buflen, NULL, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_public( &ctx, buflen, @@ -84,15 +84,15 @@ void dhm_invalid_params( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_calc_secret( NULL, buf, buflen, - &len, rnd_std_rand, + &len, mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_calc_secret( &ctx, NULL, buflen, - &len, rnd_std_rand, + &len, mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_calc_secret( &ctx, buf, buflen, - NULL, rnd_std_rand, + NULL, mbedtls_test_rnd_std_rand, NULL ) ); #if defined(MBEDTLS_ASN1_PARSE_C) @@ -130,7 +130,7 @@ void dhm_do_dhm( int radix_P, char *input_P, size_t sec_srv_len; size_t sec_cli_len; int x_size, i; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_dhm_init( &ctx_srv ); mbedtls_dhm_init( &ctx_cli ); @@ -138,7 +138,7 @@ void dhm_do_dhm( int radix_P, char *input_P, memset( pub_cli, 0x00, 1000 ); memset( sec_srv, 0x00, 1000 ); memset( sec_cli, 0x00, 1000 ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); /* * Set params @@ -151,7 +151,7 @@ void dhm_do_dhm( int radix_P, char *input_P, /* * First key exchange */ - TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == result ); + TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == result ); if ( result != 0 ) goto exit; @@ -159,10 +159,10 @@ void dhm_do_dhm( int radix_P, char *input_P, ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); @@ -173,7 +173,7 @@ void dhm_do_dhm( int radix_P, char *input_P, for( i = 0; i < 3; i++ ) { sec_srv_len = 1000; - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len != 0 ); @@ -185,15 +185,15 @@ void dhm_do_dhm( int radix_P, char *input_P, */ p = ske; - TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); ske[ske_len++] = 0; ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 6d0a10efc..4155a862b 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -19,7 +19,7 @@ exit: static int load_private_key( int grp_id, data_t *private_key, mbedtls_ecp_keypair *ecp, - rnd_pseudo_info *rnd_info ) + mbedtls_test_rnd_pseudo_info *rnd_info ) { int ok = 0; TEST_ASSERT( mbedtls_ecp_read_key( grp_id, ecp, @@ -29,7 +29,7 @@ static int load_private_key( int grp_id, data_t *private_key, /* Calculate the public key from the private key. */ TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, - &rnd_pseudo_rand, rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, rnd_info ) == 0 ); ok = 1; exit: return( ok ); @@ -72,29 +72,29 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( NULL, &m, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, NULL, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, &m, NULL, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, &m, &P, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( NULL, &m, &P, &m, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_setup( NULL, valid_grp ) ); @@ -102,15 +102,15 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_params( NULL, &olen, buf, buflen, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_params( &ctx, NULL, buf, buflen, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_params( &ctx, &olen, NULL, buflen, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_params( &ctx, &olen, buf, buflen, @@ -143,17 +143,17 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_public( NULL, &olen, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_public( &ctx, NULL, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_public( &ctx, &olen, NULL, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_public( &ctx, &olen, @@ -168,15 +168,15 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); exit: @@ -190,22 +190,22 @@ void ecdh_primitive_random( int id ) mbedtls_ecp_group grp; mbedtls_ecp_point qA, qB; mbedtls_mpi dA, dB, zA, zB; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &rnd_pseudo_rand, &rnd_info ) + TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &rnd_pseudo_rand, &rnd_info ) + TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 ); @@ -227,7 +227,7 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, mbedtls_ecp_group grp; mbedtls_ecp_point qA, qB; mbedtls_mpi dA, dB, zA, zB, check; - rnd_buf_info rnd_info_A, rnd_info_B; + mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB ); @@ -269,7 +269,7 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, } TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, - rnd_buffer_rand, &rnd_info_A ) == 0 ); + mbedtls_test_rnd_buffer_rand, &rnd_info_A ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 ); @@ -277,7 +277,7 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 ); TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, - rnd_buffer_rand, &rnd_info_B ) == 0 ); + mbedtls_test_rnd_buffer_rand, &rnd_info_B ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 ); @@ -305,28 +305,28 @@ void ecdh_exchange( int id ) unsigned char buf[1000]; const unsigned char *vbuf; size_t len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; unsigned char res_buf[1000]; size_t res_len; mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000, NULL, NULL ) == 0 ); TEST_ASSERT( len == res_len ); @@ -351,7 +351,7 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, size_t z_len; unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES]; unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES]; - rnd_buf_info rnd_info_A, rnd_info_B; + mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; int cnt_restart; mbedtls_ecp_group grp; @@ -393,7 +393,7 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, cnt_restart = 0; do { ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ), - rnd_buffer_rand, &rnd_info_A ); + mbedtls_test_rnd_buffer_rand, &rnd_info_A ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -411,7 +411,7 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, cnt_restart = 0; do { ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ), - rnd_buffer_rand, &rnd_info_B ); + mbedtls_test_rnd_buffer_rand, &rnd_info_B ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -470,26 +470,26 @@ void ecdh_exchange_legacy( int id ) const unsigned char *vbuf; size_t len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 ); @@ -507,14 +507,14 @@ void ecdh_exchange_calc_secret( int grp_id, int ours_first, data_t *expected ) { - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_keypair our_key; mbedtls_ecp_keypair their_key; mbedtls_ecdh_context ecdh; unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES]; size_t shared_secret_length = 0; - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_ecdh_init( &ecdh ); mbedtls_ecp_keypair_init( &our_key ); mbedtls_ecp_keypair_init( &their_key ); @@ -545,7 +545,7 @@ void ecdh_exchange_calc_secret( int grp_id, &ecdh, &shared_secret_length, shared_secret, sizeof( shared_secret ), - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( shared_secret_length == expected->len ); TEST_ASSERT( memcmp( expected->x, shared_secret, shared_secret_length ) == 0 ); @@ -565,12 +565,12 @@ void ecdh_exchange_get_params_fail( int our_grp_id, int ours_first, int expected_ret ) { - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_keypair our_key; mbedtls_ecp_keypair their_key; mbedtls_ecdh_context ecdh; - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_ecdh_init( &ecdh ); mbedtls_ecp_keypair_init( &our_key ); mbedtls_ecp_keypair_init( &their_key ); diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 4176b8164..afee710e4 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -31,23 +31,23 @@ void ecdsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( NULL, &m, &m, &m, buf, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, NULL, &m, &m, buf, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, NULL, &m, buf, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, NULL, buf, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, &m, NULL, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, &m, buf, sizeof( buf ), @@ -58,27 +58,27 @@ void ecdsa_invalid_param( ) mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m, buf, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m, buf, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m, buf, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL, buf, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m, NULL, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -107,28 +107,28 @@ void ecdsa_invalid_param( ) valid_md, buf, sizeof( buf ), buf, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ), buf, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), NULL, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), buf, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -136,28 +136,28 @@ void ecdsa_invalid_param( ) valid_md, buf, sizeof( buf ), buf, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL, sizeof( buf ), buf, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, sizeof( buf ), NULL, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, sizeof( buf ), buf, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -191,7 +191,7 @@ void ecdsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_genkey( NULL, valid_group, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_genkey( &ctx, valid_group, NULL, NULL ) ); @@ -213,23 +213,23 @@ void ecdsa_prim_random( int id ) mbedtls_ecp_group grp; mbedtls_ecp_point Q; mbedtls_mpi d, r, s; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; unsigned char buf[MBEDTLS_MD_MAX_SIZE]; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( buf, 0, sizeof( buf ) ); /* prepare material for signature */ - TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 ); + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info ) + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); exit: @@ -248,7 +248,7 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str, mbedtls_ecp_group grp; mbedtls_ecp_point Q; mbedtls_mpi d, r, s, r_check, s_check; - rnd_buf_info rnd_info; + mbedtls_test_rnd_buf_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); @@ -276,7 +276,7 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str, } TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len, - rnd_buffer_rand, &rnd_info ) == result ); + mbedtls_test_rnd_buffer_rand, &rnd_info ) == result ); if ( result == 0) { @@ -332,7 +332,7 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, TEST_ASSERT( mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen, - md_alg, rnd_std_rand, NULL ) + md_alg, mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); @@ -349,26 +349,26 @@ exit: void ecdsa_write_read_random( int id ) { mbedtls_ecdsa_context ctx; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; unsigned char hash[32]; unsigned char sig[200]; size_t sig_len, i; mbedtls_ecdsa_init( &ctx ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( hash, 0, sizeof( hash ) ); memset( sig, 0x2a, sizeof( sig ) ); /* prepare material for signature */ - TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 ); + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 ); /* generate signing key */ - TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); /* generate and write signature, then read and verify it */ TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, hash, sizeof( hash ), - sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len ) == 0 ); diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index 38f190de2..0c223a3b3 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -139,19 +139,19 @@ void ecjpake_invalid_param( ) mbedtls_ecjpake_write_round_one( NULL, buf, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_one( &ctx, NULL, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_one( &ctx, buf, len, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_one( &ctx, @@ -164,19 +164,19 @@ void ecjpake_invalid_param( ) mbedtls_ecjpake_write_round_two( NULL, buf, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_two( &ctx, NULL, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_two( &ctx, buf, len, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_two( &ctx, @@ -203,19 +203,19 @@ void ecjpake_invalid_param( ) mbedtls_ecjpake_derive_secret( NULL, buf, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_derive_secret( &ctx, NULL, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_derive_secret( &ctx, buf, len, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_derive_secret( &ctx, diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 2cf84d791..bed1bd7e3 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -69,12 +69,12 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_privkey( NULL, &m, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_privkey( &grp, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_privkey( &grp, @@ -222,29 +222,29 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( NULL, &P, &m, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, NULL, &m, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, &P, NULL, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, &P, &m, NULL, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( NULL, &P, &m, &P, - rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P, - rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P, - rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL, - rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_muladd( NULL, &P, &m, &P, @@ -302,22 +302,22 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( NULL, &P, &m, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( &grp, NULL, &m, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( &grp, &P, NULL, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( &grp, &P, &m, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( &grp, &P, @@ -328,17 +328,17 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( NULL, &m, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( &grp, NULL, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( &grp, &m, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( &grp, @@ -348,7 +348,7 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_key( valid_group, NULL, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_key( valid_group, &kp, NULL, NULL ) ); @@ -576,12 +576,12 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, mbedtls_ecp_group grp; mbedtls_ecp_point R; mbedtls_mpi dA, xA, yA, dB, xB, yB, xZ, yZ; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xB ); mbedtls_mpi_init( &yB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); @@ -597,7 +597,7 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); @@ -611,7 +611,7 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yB ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); @@ -630,13 +630,13 @@ void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex, mbedtls_ecp_group grp; mbedtls_ecp_point R; mbedtls_mpi dA, xA, dB, xB, xS; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xB ); mbedtls_mpi_init( &xS ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); @@ -649,12 +649,12 @@ void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex, TEST_ASSERT( mbedtls_mpi_read_string( &xS, 16, xS_hex ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 ); @@ -683,12 +683,12 @@ void ecp_test_mul( int id, data_t * n_hex, mbedtls_ecp_group grp; mbedtls_ecp_point P, nP, R; mbedtls_mpi n; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P ); mbedtls_ecp_point_init( &nP ); mbedtls_mpi_init( &n ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); @@ -707,7 +707,7 @@ void ecp_test_mul( int id, data_t * n_hex, == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &n, &P, - &rnd_pseudo_rand, &rnd_info ) + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == expected_ret ); if( expected_ret == 0 ) @@ -740,7 +740,7 @@ void ecp_test_mul_rng( int id, data_t * d_hex) TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 ); - TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &rnd_zero_rand, NULL ) + TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &mbedtls_test_rnd_zero_rand, NULL ) == MBEDTLS_ERR_ECP_RANDOM_FAILED ); exit: @@ -1052,16 +1052,16 @@ void mbedtls_ecp_gen_keypair( int id ) mbedtls_ecp_group grp; mbedtls_ecp_point Q; mbedtls_mpi d; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); mbedtls_mpi_init( &d ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info ) + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &Q ) == 0 ); @@ -1078,12 +1078,12 @@ exit: void mbedtls_ecp_gen_key( int id ) { mbedtls_ecp_keypair key; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_keypair_init( &key ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &key.grp, &key.Q ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_privkey( &key.grp, &key.d ) == 0 ); diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index b526f4313..b84826697 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -129,7 +129,7 @@ void hmac_drbg_seed_file( int md_alg, char * path, int ret ) md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, rnd_std_rand, NULL, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_rnd_std_rand, NULL, NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_write_seed_file( &ctx, path ) == ret ); diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 895a08757..02cd1a9ca 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -240,7 +240,7 @@ void mpi_invalid_param( ) mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_fill_random( NULL, 42, rnd_std_rand, + mbedtls_mpi_fill_random( NULL, 42, mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) ); @@ -1195,7 +1195,7 @@ void mbedtls_mpi_is_prime( int radix_X, char * input_X, int div_result ) mbedtls_mpi_init( &X ); TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - res = mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL ); + res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( res == div_result ); exit: @@ -1244,7 +1244,7 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) mbedtls_mpi_init( &X ); - my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, rnd_std_rand, NULL ); + my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( my_ret == ref_ret ); if( ref_ret == 0 ) @@ -1254,13 +1254,13 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) TEST_ASSERT( actual_bits >= (size_t) bits ); TEST_ASSERT( actual_bits <= (size_t) bits + 1 ); - TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL ) + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ) == 0 ); if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) { /* X = ( X - 1 ) / 2 */ TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL ) + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ) == 0 ); } } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5a30f0f4d..3d77a6ba7 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -49,7 +49,7 @@ static int pk_genkey( mbedtls_pk_context *pk, int parameter ) #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA ) return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, parameter, 3 ); #endif #if defined(MBEDTLS_ECP_C) @@ -63,7 +63,7 @@ static int pk_genkey( mbedtls_pk_context *pk, int parameter ) return( ret ); return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d, - &mbedtls_pk_ec( *pk )->Q, rnd_std_rand, NULL ); + &mbedtls_pk_ec( *pk )->Q, mbedtls_test_rnd_std_rand, NULL ); } #endif return( -1 ); @@ -75,7 +75,7 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, size_t output_max_len ) { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, - rnd_std_rand, NULL, mode, olen, + mbedtls_test_rnd_std_rand, NULL, mode, olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, @@ -85,7 +85,7 @@ int mbedtls_rsa_sign_func( void *ctx, { ((void) f_rng); ((void) p_rng); - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode, + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, mbedtls_test_rnd_std_rand, NULL, mode, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) @@ -235,7 +235,7 @@ void valid_parameters( ) MBEDTLS_MD_NONE, NULL, 0, buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -243,7 +243,7 @@ void valid_parameters( ) MBEDTLS_MD_NONE, NULL, 0, buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -251,7 +251,7 @@ void valid_parameters( ) MBEDTLS_MD_NONE, NULL, 0, buf, &len, - rnd_std_rand, NULL ) == + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, @@ -277,13 +277,13 @@ void valid_parameters( ) TEST_ASSERT( mbedtls_pk_encrypt( &pk, NULL, 0, NULL, &len, 0, - rnd_std_rand, NULL ) == + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_pk_decrypt( &pk, NULL, 0, NULL, &len, 0, - rnd_std_rand, NULL ) == + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_PK_PARSE_C) @@ -435,28 +435,28 @@ void invalid_parameters( ) MBEDTLS_MD_NONE, buf, sizeof( buf ), buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, @@ -464,67 +464,67 @@ void invalid_parameters( ) MBEDTLS_MD_NONE, buf, sizeof( buf ), buf, &len, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), buf, &len, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_check_pair( NULL, &pk ) ); @@ -945,7 +945,7 @@ void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret ) TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, sig, &sig_len, - rnd_std_rand, NULL, rs_ctx ) == sign_ret ); + mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret ); if( sign_ret == 0 ) TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); else @@ -968,7 +968,7 @@ void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret ) } TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, - sig, &sig_len, rnd_std_rand, NULL ) == sign_ret ); + sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == sign_ret ); if( sign_ret == 0 ) TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); else @@ -1005,12 +1005,12 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, data_t * result, int ret ) { unsigned char output[300]; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_rsa_context *rsa; mbedtls_pk_context pk; size_t olen; - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( output, 0, sizeof( output ) ); @@ -1024,7 +1024,7 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, output, &olen, sizeof( output ), - rnd_pseudo_rand, &rnd_info ) == ret ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); TEST_ASSERT( olen == result->len ); TEST_ASSERT( memcmp( output, result->x, olen ) == 0 ); @@ -1040,7 +1040,7 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, char * input_E, data_t * clear, int ret ) { unsigned char output[256]; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, P, Q, E; mbedtls_rsa_context *rsa; mbedtls_pk_context pk; @@ -1050,7 +1050,7 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); /* init pk-rsa context */ @@ -1073,7 +1073,7 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, olen = 0; TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len, output, &olen, sizeof( output ), - rnd_pseudo_rand, &rnd_info ) == ret ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); if( ret == 0 ) { TEST_ASSERT( olen == clear->len ); @@ -1093,13 +1093,13 @@ void pk_ec_nocrypt( int type ) mbedtls_pk_context pk; unsigned char output[100]; unsigned char input[100]; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; size_t olen = 0; int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; mbedtls_pk_init( &pk ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( output, 0, sizeof( output ) ); memset( input, 0, sizeof( input ) ); @@ -1107,11 +1107,11 @@ void pk_ec_nocrypt( int type ) TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ), output, &olen, sizeof( output ), - rnd_pseudo_rand, &rnd_info ) == ret ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ), output, &olen, sizeof( output ), - rnd_pseudo_rand, &rnd_info ) == ret ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); exit: mbedtls_pk_free( &pk ); @@ -1146,7 +1146,7 @@ void pk_rsa_overflow( ) sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len, - rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); exit: mbedtls_pk_free( &pk ); @@ -1200,11 +1200,11 @@ void pk_rsa_alt( ) /* Test signature */ #if SIZE_MAX > UINT_MAX TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, - sig, &sig_len, rnd_std_rand, NULL ) == + sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* SIZE_MAX > UINT_MAX */ TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, - sig, &sig_len, rnd_std_rand, NULL ) == 0 ); + sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( sig_len == RSA_KEY_LEN ); TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, hash, sizeof hash, sig, sig_len ) == 0 ); @@ -1212,17 +1212,17 @@ void pk_rsa_alt( ) /* Test decrypt */ TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg, ciph, &ciph_len, sizeof ciph, - rnd_std_rand, NULL ) == 0 ); + mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len, test, &test_len, sizeof test, - rnd_std_rand, NULL ) == 0 ); + mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( test_len == sizeof msg ); TEST_ASSERT( memcmp( test, msg, test_len ) == 0 ); /* Test forbidden operations */ TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg, ciph, &ciph_len, sizeof ciph, - rnd_std_rand, NULL ) == ret ); + mbedtls_test_rnd_std_rand, NULL ) == ret ); TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig, sig_len ) == ret ); TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret ); @@ -1267,7 +1267,7 @@ void pk_psa_sign( int grpid_arg, mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_gen_key( grpid, (mbedtls_ecp_keypair*) pk.pk_ctx, - rnd_std_rand, NULL ) == 0 ); + mbedtls_test_rnd_std_rand, NULL ) == 0 ); /* Export underlying public key for re-importing in a legacy context. */ ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy, diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index d4f31f9b2..8d2192f46 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -16,7 +16,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, { unsigned char output[128]; mbedtls_rsa_context ctx; - rnd_buf_info info; + mbedtls_test_rnd_buf_info info; mbedtls_mpi N, E; info.buf = rnd_buf->x; @@ -34,7 +34,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, if( message_str->len == 0 ) message_str->x = NULL; - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -58,7 +58,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, unsigned char output[128]; mbedtls_rsa_context ctx; size_t output_len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, P, Q, E; ((void) seed); @@ -67,7 +67,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -81,11 +81,11 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, if( result_hex_str->len == 0 ) { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); } else { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -110,7 +110,7 @@ void pkcs1_v15_decode( int mode, { size_t expected_plaintext_length = expected_plaintext_length_arg; size_t output_size = output_size_arg; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi; mbedtls_rsa_context ctx; static unsigned char N[128] = { @@ -176,7 +176,7 @@ void pkcs1_v15_decode( int mode, unsigned char final[128]; size_t output_length = 0x7EA0; - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi ); mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); @@ -196,12 +196,12 @@ void pkcs1_v15_decode( int mode, if( mode == MBEDTLS_RSA_PRIVATE ) TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 ); else - TEST_ASSERT( mbedtls_rsa_private( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, original, intermediate ) == 0 ); memcpy( final, default_content, sizeof( final ) ); TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, - &rnd_pseudo_rand, &rnd_info, + &mbedtls_test_rnd_pseudo_rand, &rnd_info, mode, &output_length, intermediate, @@ -260,7 +260,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, unsigned char output[128]; mbedtls_rsa_context ctx; mbedtls_mpi N, P, Q, E; - rnd_buf_info info; + mbedtls_test_rnd_buf_info info; info.buf = rnd_buf->x; info.length = rnd_buf->len; @@ -286,7 +286,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 86dfd5c4d..2b7d16fe7 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -16,7 +16,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, { unsigned char output[256]; mbedtls_rsa_context ctx; - rnd_buf_info info; + mbedtls_test_rnd_buf_info info; mbedtls_mpi N, E; info.buf = rnd_buf->x; @@ -34,7 +34,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, if( message_str->len == 0 ) message_str->x = NULL; - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -58,7 +58,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, unsigned char output[64]; mbedtls_rsa_context ctx; size_t output_len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, P, Q, E; ((void) seed); @@ -68,7 +68,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -82,13 +82,13 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, if( result_hex_str->len == 0 ) { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); } else { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, sizeof( output ) ) == result ); @@ -117,7 +117,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; unsigned char output[256]; mbedtls_rsa_context ctx; - rnd_buf_info info; + mbedtls_test_rnd_buf_info info; mbedtls_mpi N, P, Q, E; info.buf = rnd_buf->x; @@ -144,7 +144,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 59d688dd7..4096e4d4d 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -67,7 +67,7 @@ void rsa_invalid_param( ) invalid_padding, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_gen_key( NULL, rnd_std_rand, + mbedtls_rsa_gen_key( NULL, mbedtls_test_rnd_std_rand, NULL, 0, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_gen_key( &ctx, NULL, @@ -476,7 +476,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, unsigned char output[256]; mbedtls_rsa_context ctx; mbedtls_mpi N, P, Q, E; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); @@ -484,7 +484,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, memset( hash_result, 0x00, sizeof( hash_result ) ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -500,7 +500,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); if( result == 0 ) @@ -561,14 +561,14 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, unsigned char output[256]; mbedtls_rsa_context ctx; mbedtls_mpi N, P, Q, E; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_rsa_init( &ctx, padding_mode, 0 ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -581,7 +581,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, output ) == 0 ); @@ -598,7 +598,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, memset( output, 0x00, sizeof( output) ); res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, - &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, + &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, hash_result->len, hash_result->x, output ); #if !defined(MBEDTLS_RSA_ALT) @@ -694,12 +694,12 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, { unsigned char output[256]; mbedtls_rsa_context ctx; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( output, 0x00, sizeof( output ) ); @@ -712,7 +712,7 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) @@ -751,7 +751,7 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, NULL, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) @@ -778,7 +778,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, unsigned char output[32]; mbedtls_rsa_context ctx; size_t output_len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, P, Q, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); @@ -787,7 +787,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); @@ -802,7 +802,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, output_len = 0; - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result ); if( result == 0 ) { @@ -882,7 +882,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, unsigned char output[256]; mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ mbedtls_mpi N, P, Q, E; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; int i; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); @@ -890,7 +890,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -907,7 +907,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, for( i = 0; i < 3; i++ ) { memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand, &rnd_info, message_str->x, output ) == result ); if( result == 0 ) { @@ -926,7 +926,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand, &rnd_info, message_str->x, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 639e8c370..1389e336d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1174,8 +1174,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in, unsigned char cid0[ SSL_CID_LEN_MIN ]; unsigned char cid1[ SSL_CID_LEN_MIN ]; - rnd_std_rand( NULL, cid0, sizeof( cid0 ) ); - rnd_std_rand( NULL, cid1, sizeof( cid1 ) ); + mbedtls_test_rnd_std_rand( NULL, cid0, sizeof( cid0 ) ); + mbedtls_test_rnd_std_rand( NULL, cid1, sizeof( cid1 ) ); #else ((void) cid0_len); ((void) cid1_len); @@ -3185,7 +3185,7 @@ void ssl_crypt_record( int cipher_type, int hash_id, /* Encrypt record */ ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, - rnd_std_rand, NULL ); + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); if( ret != 0 ) { @@ -3339,7 +3339,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL ); + ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, mbedtls_test_rnd_std_rand, NULL ); if( ( mode == 1 || mode == 2 ) && seen_success ) { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 0db2b0e94..a893b4e58 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -94,9 +94,9 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, int der_len = -1; FILE *f; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_pk_init( &key ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); @@ -111,7 +111,7 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -125,14 +125,14 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: @@ -153,10 +153,10 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, int ret; size_t pem_len = 0; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; psa_crypto_init(); - memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type ); TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); @@ -175,7 +175,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1, - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -208,9 +208,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, size_t olen = 0, pem_len = 0; int der_len = -1; FILE *f; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_mpi_init( &serial ); mbedtls_pk_init( &subject_key ); @@ -269,7 +269,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, } ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -284,14 +284,14 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: From 6c5bd7fd51208ef6e30331114e2e61a2c3e7c1a6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 14:08:26 +0200 Subject: [PATCH 161/247] tests: Reformating due to rnd_* renaming Command to find the files in which lines have gone larger than 79 characters due to the renaming: grep '.\{80\}' \ `git diff-tree --no-commit-id --name-only -r HEAD` \ | grep "\ --- tests/suites/test_suite_ctr_drbg.function | 3 +- tests/suites/test_suite_dhm.function | 43 +++-- tests/suites/test_suite_ecdh.function | 132 +++++++------- tests/suites/test_suite_ecdsa.function | 145 ++++++++-------- tests/suites/test_suite_ecjpake.function | 95 ++++------ tests/suites/test_suite_ecp.function | 72 ++++---- tests/suites/test_suite_hmac_drbg.function | 5 +- tests/suites/test_suite_mpi.function | 16 +- tests/suites/test_suite_pk.function | 192 +++++++++------------ tests/suites/test_suite_pkcs1_v15.function | 37 ++-- tests/suites/test_suite_pkcs1_v21.function | 29 +++- tests/suites/test_suite_rsa.function | 52 +++--- tests/suites/test_suite_ssl.function | 3 +- tests/suites/test_suite_x509write.function | 13 +- 14 files changed, 435 insertions(+), 402 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index d8301bf95..5e4cd26b6 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -316,7 +316,8 @@ void ctr_drbg_seed_file( char * path, int ret ) mbedtls_ctr_drbg_init( &ctx ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_rnd_std_rand, NULL, NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_rnd_std_rand, + NULL, NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret ); TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index e00849a4e..0a5c61757 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -83,16 +83,16 @@ void dhm_invalid_params( ) NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( NULL, buf, buflen, - &len, mbedtls_test_rnd_std_rand, + mbedtls_dhm_calc_secret( NULL, buf, buflen, &len, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( &ctx, NULL, buflen, - &len, mbedtls_test_rnd_std_rand, + mbedtls_dhm_calc_secret( &ctx, NULL, buflen, &len, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( &ctx, buf, buflen, - NULL, mbedtls_test_rnd_std_rand, + mbedtls_dhm_calc_secret( &ctx, buf, buflen, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); #if defined(MBEDTLS_ASN1_PARSE_C) @@ -151,7 +151,9 @@ void dhm_do_dhm( int radix_P, char *input_P, /* * First key exchange */ - TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == result ); + TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == result ); if ( result != 0 ) goto exit; @@ -159,10 +161,15 @@ void dhm_do_dhm( int radix_P, char *input_P, ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), + &sec_srv_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); @@ -173,7 +180,10 @@ void dhm_do_dhm( int radix_P, char *input_P, for( i = 0; i < 3; i++ ) { sec_srv_len = 1000; - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, + sizeof( sec_srv ), &sec_srv_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len != 0 ); @@ -185,15 +195,22 @@ void dhm_do_dhm( int radix_P, char *input_P, */ p = ske; - TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); ske[ske_len++] = 0; ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), + &sec_srv_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 4155a862b..0caf09121 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -29,7 +29,8 @@ static int load_private_key( int grp_id, data_t *private_key, /* Calculate the public key from the private key. */ TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, - &mbedtls_test_rnd_pseudo_rand, rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + rnd_info ) == 0 ); ok = 1; exit: return( ok ); @@ -72,49 +73,54 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( NULL, &m, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, NULL, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, &m, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, &m, &P, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( NULL, &m, &P, &m, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_setup( NULL, valid_grp ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( NULL, &olen, - buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_ecdh_make_params( NULL, &olen, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( &ctx, NULL, - buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_ecdh_make_params( &ctx, NULL, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( &ctx, &olen, - NULL, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_ecdh_make_params( &ctx, &olen, NULL, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( &ctx, &olen, - buf, buflen, - NULL, NULL ) ); + mbedtls_ecdh_make_params( &ctx, &olen, buf, buflen, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_read_params( NULL, @@ -141,25 +147,19 @@ void ecdh_invalid_param( ) invalid_side ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( NULL, &olen, - buf, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_make_public( NULL, &olen, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( &ctx, NULL, - buf, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_make_public( &ctx, NULL, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( &ctx, &olen, - NULL, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_make_public( &ctx, &olen, NULL, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( &ctx, &olen, - buf, buflen, - NULL, - NULL ) ); + mbedtls_ecdh_make_public( &ctx, &olen, buf, buflen, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_read_public( NULL, buf, buflen ) ); @@ -167,17 +167,16 @@ void ecdh_invalid_param( ) mbedtls_ecdh_read_public( &ctx, NULL, buflen ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); exit: return; @@ -200,12 +199,15 @@ void ecdh_primitive_random( int id ) TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) - == 0 ); - TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) - == 0 ); + TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 ); @@ -269,7 +271,8 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, } TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, - mbedtls_test_rnd_buffer_rand, &rnd_info_A ) == 0 ); + mbedtls_test_rnd_buffer_rand, + &rnd_info_A ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 ); @@ -277,7 +280,8 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 ); TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, - mbedtls_test_rnd_buffer_rand, &rnd_info_B ) == 0 ); + mbedtls_test_rnd_buffer_rand, + &rnd_info_B ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 ); @@ -317,16 +321,19 @@ void ecdh_exchange( int id ) memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000, NULL, NULL ) == 0 ); TEST_ASSERT( len == res_len ); @@ -393,7 +400,8 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, cnt_restart = 0; do { ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ), - mbedtls_test_rnd_buffer_rand, &rnd_info_A ); + mbedtls_test_rnd_buffer_rand, + &rnd_info_A ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -411,7 +419,8 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, cnt_restart = 0; do { ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ), - mbedtls_test_rnd_buffer_rand, &rnd_info_B ); + mbedtls_test_rnd_buffer_rand, + &rnd_info_B ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -480,16 +489,19 @@ void ecdh_exchange_legacy( int id ) memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 ); diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index afee710e4..76f72e249 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -31,23 +31,28 @@ void ecdsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( NULL, &m, &m, &m, buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, NULL, &m, &m, buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, NULL, &m, buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, NULL, buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, &m, NULL, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, &m, buf, sizeof( buf ), @@ -58,27 +63,32 @@ void ecdsa_invalid_param( ) mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m, buf, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m, buf, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m, buf, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL, buf, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m, NULL, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -103,62 +113,48 @@ void ecdsa_invalid_param( ) &P, &m, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( NULL, - valid_md, - buf, sizeof( buf ), - buf, &slen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( &ctx, - valid_md, - NULL, sizeof( buf ), - buf, &slen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( &ctx, - valid_md, - buf, sizeof( buf ), - NULL, &slen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( &ctx, - valid_md, - buf, sizeof( buf ), - buf, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ), + buf, &slen, mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( NULL, - valid_md, - buf, sizeof( buf ), - buf, &slen, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); + mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ), + buf, &slen, mbedtls_test_rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( &ctx, - valid_md, - NULL, sizeof( buf ), - buf, &slen, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); + mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), + NULL, &slen, mbedtls_test_rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( &ctx, - valid_md, - buf, sizeof( buf ), - NULL, &slen, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); + mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), + buf, NULL, mbedtls_test_rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( &ctx, - valid_md, - buf, sizeof( buf ), - buf, NULL, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); + mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf, + sizeof( buf ), buf, &slen, + mbedtls_test_rnd_std_rand, + NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL, + sizeof( buf ), buf, &slen, + mbedtls_test_rnd_std_rand, + NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, + sizeof( buf ), NULL, &slen, + mbedtls_test_rnd_std_rand, + NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, + sizeof( buf ), buf, NULL, + mbedtls_test_rnd_std_rand, + NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_read_signature( NULL, @@ -191,7 +187,8 @@ void ecdsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_genkey( NULL, valid_group, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_genkey( &ctx, valid_group, NULL, NULL ) ); @@ -223,13 +220,16 @@ void ecdsa_prim_random( int id ) memset( buf, 0, sizeof( buf ) ); /* prepare material for signature */ - TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 ); + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, + buf, sizeof( buf ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) - == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); exit: @@ -332,7 +332,8 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, TEST_ASSERT( mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen, - md_alg, mbedtls_test_rnd_std_rand, NULL ) + md_alg, mbedtls_test_rnd_std_rand, + NULL ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); @@ -360,15 +361,19 @@ void ecdsa_write_read_random( int id ) memset( sig, 0x2a, sizeof( sig ) ); /* prepare material for signature */ - TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 ); + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, + hash, sizeof( hash ) ) == 0 ); /* generate signing key */ - TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); /* generate and write signature, then read and verify it */ TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, hash, sizeof( hash ), - sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len ) == 0 ); diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index 0c223a3b3..ab672a8dc 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -136,54 +136,33 @@ void ecjpake_invalid_param( ) mbedtls_ecjpake_check( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( NULL, - buf, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( &ctx, - NULL, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( &ctx, - buf, len, - NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( &ctx, - buf, len, - &olen, - NULL, - NULL ) ); + mbedtls_ecjpake_write_round_one( NULL, buf, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( NULL, - buf, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_write_round_one( &ctx, NULL, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( &ctx, - NULL, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_write_round_one( &ctx, buf, len, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( &ctx, - buf, len, - NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_write_round_one( &ctx, buf, len, &olen, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( &ctx, - buf, len, - &olen, - NULL, - NULL ) ); + mbedtls_ecjpake_write_round_two( NULL, buf, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( &ctx, NULL, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( &ctx, buf, len, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( &ctx, buf, len, &olen, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_read_round_one( NULL, @@ -200,29 +179,19 @@ void ecjpake_invalid_param( ) NULL, len ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( NULL, - buf, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_derive_secret( NULL, buf, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( &ctx, - NULL, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_derive_secret( &ctx, NULL, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( &ctx, - buf, len, - NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_derive_secret( &ctx, buf, len, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( &ctx, - buf, len, - &olen, - NULL, - NULL ) ); + mbedtls_ecjpake_derive_secret( &ctx, buf, len, &olen, NULL, NULL ) ); exit: return; diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index bed1bd7e3..07b3eea76 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -222,29 +222,37 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( NULL, &P, &m, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, NULL, &m, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, &P, NULL, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, &P, &m, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( NULL, &P, &m, &P, - mbedtls_test_rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, + NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P, - mbedtls_test_rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, + NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P, - mbedtls_test_rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, + NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL, - mbedtls_test_rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, + NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_muladd( NULL, &P, &m, &P, @@ -300,30 +308,23 @@ void ecp_invalid_param( ) mbedtls_ecp_check_privkey( &grp, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( NULL, &P, - &m, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecp_gen_keypair_base( NULL, &P, &m, &P, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, NULL, - &m, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecp_gen_keypair_base( &grp, NULL, &m, &P, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, &P, - NULL, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecp_gen_keypair_base( &grp, &P, NULL, &P, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, &P, - &m, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecp_gen_keypair_base( &grp, &P, &m, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, &P, - &m, &P, - NULL, - NULL ) ); + mbedtls_ecp_gen_keypair_base( &grp, &P, &m, &P, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( NULL, @@ -348,7 +349,8 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_key( valid_group, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_key( valid_group, &kp, NULL, NULL ) ); @@ -740,7 +742,8 @@ void ecp_test_mul_rng( int id, data_t * d_hex) TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 ); - TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &mbedtls_test_rnd_zero_rand, NULL ) + TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, + &mbedtls_test_rnd_zero_rand, NULL ) == MBEDTLS_ERR_ECP_RANDOM_FAILED ); exit: @@ -1061,8 +1064,9 @@ void mbedtls_ecp_gen_keypair( int id ) TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) - == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &Q ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == 0 ); @@ -1083,7 +1087,9 @@ void mbedtls_ecp_gen_key( int id ) mbedtls_ecp_keypair_init( &key ); memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &key.grp, &key.Q ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_privkey( &key.grp, &key.d ) == 0 ); diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index b84826697..512eeb89c 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -129,8 +129,9 @@ void hmac_drbg_seed_file( int md_alg, char * path, int ret ) md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_rnd_std_rand, NULL, - NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, + mbedtls_test_rnd_std_rand, NULL, + NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_write_seed_file( &ctx, path ) == ret ); TEST_ASSERT( mbedtls_hmac_drbg_update_seed_file( &ctx, path ) == ret ); diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 02cd1a9ca..e54aaffe6 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -240,7 +240,8 @@ void mpi_invalid_param( ) mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_fill_random( NULL, 42, mbedtls_test_rnd_std_rand, + mbedtls_mpi_fill_random( NULL, 42, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) ); @@ -1244,7 +1245,8 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) mbedtls_mpi_init( &X ); - my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, mbedtls_test_rnd_std_rand, NULL ); + my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( my_ret == ref_ret ); if( ref_ret == 0 ) @@ -1254,14 +1256,16 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) TEST_ASSERT( actual_bits >= (size_t) bits ); TEST_ASSERT( actual_bits <= (size_t) bits + 1 ); - TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ) - == 0 ); + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, + mbedtls_test_rnd_std_rand, + NULL ) == 0 ); if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) { /* X = ( X - 1 ) / 2 */ TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ) - == 0 ); + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, + mbedtls_test_rnd_std_rand, + NULL ) == 0 ); } } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 3d77a6ba7..dbc52e5d0 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -62,8 +62,10 @@ static int pk_genkey( mbedtls_pk_context *pk, int parameter ) parameter ) ) != 0 ) return( ret ); - return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d, - &mbedtls_pk_ec( *pk )->Q, mbedtls_test_rnd_std_rand, NULL ); + return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, + &mbedtls_pk_ec( *pk )->d, + &mbedtls_pk_ec( *pk )->Q, + mbedtls_test_rnd_std_rand, NULL ); } #endif return( -1 ); @@ -75,8 +77,8 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, size_t output_max_len ) { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, - mbedtls_test_rnd_std_rand, NULL, mode, olen, - input, output, output_max_len ) ); + mbedtls_test_rnd_std_rand, NULL, mode, + olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, @@ -85,8 +87,9 @@ int mbedtls_rsa_sign_func( void *ctx, { ((void) f_rng); ((void) p_rng); - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, mbedtls_test_rnd_std_rand, NULL, mode, - md_alg, hashlen, hash, sig ) ); + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, + mbedtls_test_rnd_std_rand, NULL, mode, + md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) { @@ -431,100 +434,71 @@ void invalid_parameters( ) NULL, sizeof( buf ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( NULL, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - buf, &len, - mbedtls_test_rnd_std_rand, NULL, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( &pk, - MBEDTLS_MD_NONE, - NULL, sizeof( buf ), - buf, &len, - mbedtls_test_rnd_std_rand, NULL, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( &pk, - valid_md, - NULL, 0, - buf, &len, - mbedtls_test_rnd_std_rand, NULL, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( &pk, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - NULL, &len, - mbedtls_test_rnd_std_rand, NULL, - NULL ) ); + mbedtls_pk_sign_restartable( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ), + buf, &len, mbedtls_test_rnd_std_rand, + NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( NULL, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - buf, &len, - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( &pk, - MBEDTLS_MD_NONE, - NULL, sizeof( buf ), - buf, &len, - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( &pk, - valid_md, - NULL, 0, - buf, &len, - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( &pk, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - NULL, &len, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), + buf, &len, mbedtls_test_rnd_std_rand, + NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( NULL, - buf, sizeof( buf ), - buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( &pk, - NULL, sizeof( buf ), - buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( &pk, - buf, sizeof( buf ), - NULL, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( &pk, - buf, sizeof( buf ), - buf, NULL, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( NULL, - buf, sizeof( buf ), - buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), + NULL, &len, mbedtls_test_rnd_std_rand, + NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( &pk, - NULL, sizeof( buf ), - buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ), + buf, &len, mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( &pk, - buf, sizeof( buf ), - NULL, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), + buf, &len, mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( &pk, - buf, sizeof( buf ), - buf, NULL, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len, + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len, + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_check_pair( NULL, &pk ) ); @@ -968,7 +942,9 @@ void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret ) } TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, - sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == sign_ret ); + sig, &sig_len, + mbedtls_test_rnd_std_rand, + NULL ) == sign_ret ); if( sign_ret == 0 ) TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); else @@ -1023,8 +999,8 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, - output, &olen, sizeof( output ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + output, &olen, sizeof( output ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); TEST_ASSERT( olen == result->len ); TEST_ASSERT( memcmp( output, result->x, olen ) == 0 ); @@ -1072,8 +1048,8 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, memset( output, 0, sizeof( output ) ); olen = 0; TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len, - output, &olen, sizeof( output ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + output, &olen, sizeof( output ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); if( ret == 0 ) { TEST_ASSERT( olen == clear->len ); @@ -1106,12 +1082,12 @@ void pk_ec_nocrypt( int type ) TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ), - output, &olen, sizeof( output ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + output, &olen, sizeof( output ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ), - output, &olen, sizeof( output ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + output, &olen, sizeof( output ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); exit: mbedtls_pk_free( &pk ); @@ -1145,8 +1121,9 @@ void pk_rsa_overflow( ) TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len, - mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, + &sig_len, mbedtls_test_rnd_std_rand, NULL ) + == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); exit: mbedtls_pk_free( &pk ); @@ -1199,12 +1176,13 @@ void pk_rsa_alt( ) /* Test signature */ #if SIZE_MAX > UINT_MAX - TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, - sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == - MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, sig, + &sig_len, mbedtls_test_rnd_std_rand, NULL ) + == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* SIZE_MAX > UINT_MAX */ - TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, - sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == 0 ); + TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig, + &sig_len, mbedtls_test_rnd_std_rand, NULL ) + == 0 ); TEST_ASSERT( sig_len == RSA_KEY_LEN ); TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, hash, sizeof hash, sig, sig_len ) == 0 ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 8d2192f46..8a4218090 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -34,7 +34,12 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, if( message_str->len == 0 ) message_str->x = NULL; - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, + &mbedtls_test_rnd_buffer_rand, + &info, MBEDTLS_RSA_PUBLIC, + message_str->len, message_str->x, + output ) == result ); + if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -81,11 +86,20 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, if( result_hex_str->len == 0 ) { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, + MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, + NULL, 0 ) == result ); } else { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, + output, 1000 ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -196,16 +210,15 @@ void pkcs1_v15_decode( int mode, if( mode == MBEDTLS_RSA_PRIVATE ) TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 ); else - TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - original, intermediate ) == 0 ); + TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand, + &rnd_info, original, + intermediate ) == 0 ); memcpy( final, default_content, sizeof( final ) ); TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, - &mbedtls_test_rnd_pseudo_rand, &rnd_info, - mode, - &output_length, - intermediate, - final, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, mode, &output_length, + intermediate, final, output_size ) == expected_result ); if( expected_result == 0 ) { @@ -286,7 +299,9 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, + &info, MBEDTLS_RSA_PRIVATE, digest, + 0, hash_result, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 2b7d16fe7..c9e91c87c 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -34,7 +34,11 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, if( message_str->len == 0 ) message_str->x = NULL; - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, + &mbedtls_test_rnd_buffer_rand, + &info, MBEDTLS_RSA_PUBLIC, + message_str->len, message_str->x, + output ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -82,15 +86,21 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, if( result_hex_str->len == 0 ) { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, - message_str->x, NULL, 0 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, + MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, + NULL, 0 ) == result ); } else { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, - message_str->x, output, + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, + MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, + output, sizeof( output ) ) == result ); if( result == 0 ) { @@ -144,8 +154,9 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, - digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, + &info, MBEDTLS_RSA_PRIVATE, digest, 0, + hash_result, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 4096e4d4d..90335dbc7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -67,7 +67,8 @@ void rsa_invalid_param( ) invalid_padding, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_gen_key( NULL, mbedtls_test_rnd_std_rand, + mbedtls_rsa_gen_key( NULL, + mbedtls_test_rnd_std_rand, NULL, 0, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_gen_key( &ctx, NULL, @@ -500,9 +501,9 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, digest, 0, - hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PRIVATE, digest, + 0, hash_result, output ) == result ); if( result == 0 ) { @@ -581,10 +582,10 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, - hash_result->len, hash_result->x, - output ) == 0 ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PRIVATE, + MBEDTLS_MD_NONE, hash_result->len, + hash_result->x, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -598,8 +599,9 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, memset( output, 0x00, sizeof( output) ); res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, - &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, - hash_result->len, hash_result->x, output ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, hash_result->len, + hash_result->x, output ); #if !defined(MBEDTLS_RSA_ALT) TEST_ASSERT( res == 0 ); @@ -712,9 +714,11 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PUBLIC, message_str->len, - message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PUBLIC, + message_str->len, message_str->x, + output ) == result ); if( result == 0 ) { @@ -751,9 +755,10 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, NULL, - MBEDTLS_RSA_PUBLIC, message_str->len, - message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, + NULL, MBEDTLS_RSA_PUBLIC, + message_str->len, message_str->x, + output ) == result ); if( result == 0 ) { @@ -802,7 +807,10 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, output_len = 0; - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, output, + max_output ) == result ); if( result == 0 ) { @@ -907,8 +915,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, for( i = 0; i < 3; i++ ) { memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand, &rnd_info, - message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand, + &rnd_info, message_str->x, + output ) == result ); if( result == 0 ) { @@ -926,8 +935,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand, &rnd_info, - message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand, + &rnd_info, message_str->x, + output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1389e336d..9c6a57a86 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3339,7 +3339,8 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, mbedtls_test_rnd_std_rand, NULL ); + ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, + mbedtls_test_rnd_std_rand, NULL ); if( ( mode == 1 || mode == 2 ) && seen_success ) { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index a893b4e58..be9e0ae52 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -111,7 +111,7 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -125,14 +125,15 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, + &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: @@ -175,7 +176,8 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1, - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); + TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -284,7 +286,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, + &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) From ff1825ec19feebf90c2d7d45f1dfa2dbfe63cf9e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 14:52:21 +0200 Subject: [PATCH 162/247] Add changelog entry Signed-off-by: Ronald Cron --- ChangeLog.d/tests-common-code.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/tests-common-code.txt diff --git a/ChangeLog.d/tests-common-code.txt b/ChangeLog.d/tests-common-code.txt new file mode 100644 index 000000000..0af2da526 --- /dev/null +++ b/ChangeLog.d/tests-common-code.txt @@ -0,0 +1,5 @@ +Changes + * The unit tests now rely on header files in tests/include/test and source + files in tests/src. When building with make or cmake, the files in + tests/src are compiled and the resulting object linked into each test + executable. From 65d8c2651d89ff2d0e9a5a35f95d2c9b45e54046 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 4 Jun 2019 13:05:36 +0300 Subject: [PATCH 163/247] Show failure in ssl-opts.sh when key export fails 1. When `ssl_server2` export key functionality fails, don't exit the server, but reset it, to have the server recover for next connection. 2. Add text filters for `export keys functionality` test in ssl-opt.sh to check for additional output, to verify if the export suceeded. This was discovered in the `ssl-opt.sh` script, where the server exited, before the test tried to kill the server priocess, resulting in a `kill: No such process` message. Fixes #2662 Signed-off-by: Ron Eldor --- programs/ssl/ssl_server2.c | 4 ++-- tests/ssl-opt.sh | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 5dd18715f..3fd065ef0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3718,7 +3718,7 @@ handshake: { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", (unsigned int) -ret ); - goto exit; + goto reset; } mbedtls_printf( " EAP-TLS key material is:" ); @@ -3739,7 +3739,7 @@ handshake: { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", (unsigned int) -ret ); - goto exit; + goto reset; } mbedtls_printf( " EAP-TLS IV is:" ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index df3f53b3b..3c185e068 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9141,7 +9141,11 @@ run_test "export keys functionality" \ -s "exported ivlen is " \ -c "exported maclen is " \ -c "exported keylen is " \ - -c "exported ivlen is " + -c "exported ivlen is " \ + -c "EAP-TLS key material is:"\ + -s "EAP-TLS key material is:"\ + -c "EAP-TLS IV is:" \ + -s "EAP-TLS IV is:" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_MEMORY_DEBUG From f4e3fc91336296f97ce89c7b144c28b3056550e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 12 Jun 2020 11:14:35 +0200 Subject: [PATCH 164/247] Use starts/finish around Lucky 13 dummy compressions MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #3246 Signed-off-by: Manuel Pégourié-Gonnard --- ChangeLog.d/l13-hw-accel.txt | 7 +++++++ library/ssl_msg.c | 11 +++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/l13-hw-accel.txt diff --git a/ChangeLog.d/l13-hw-accel.txt b/ChangeLog.d/l13-hw-accel.txt new file mode 100644 index 000000000..53c79243b --- /dev/null +++ b/ChangeLog.d/l13-hw-accel.txt @@ -0,0 +1,7 @@ +Security + * Fix issue in Lucky 13 counter-measure that could make it ineffective when + hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT + macros). This would cause the original Lucky 13 attack to be possible in + those configurations, allowing an active network attacker to recover + plaintext after repeated timing measurements under some conditions. + Reported and fix suggested by Luc Perneel in #3246. diff --git a/library/ssl_msg.c b/library/ssl_msg.c index ae8d07653..7fc4bf01d 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -1578,6 +1578,8 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, * linking an extra division function in some builds). */ size_t j, extra_run = 0; + /* This size is enough to server either as input to + * md_process() or as output to md_finish() */ unsigned char tmp[MBEDTLS_MD_MAX_BLOCK_SIZE]; /* @@ -1633,10 +1635,15 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, ssl_read_memory( data + rec->data_len, padlen ); mbedtls_md_hmac_finish( &transform->md_ctx_dec, mac_expect ); - /* Call mbedtls_md_process at least once due to cache attacks - * that observe whether md_process() was called of not */ + /* Dummy calls to compression function. + * Call mbedtls_md_process at least once due to cache attacks + * that observe whether md_process() was called of not. + * Respect the usual start-(process|update)-finish sequence for + * the sake of hardware accelerators that might require it. */ + mbedtls_md_starts( &transform->md_ctx_dec ); for( j = 0; j < extra_run + 1; j++ ) mbedtls_md_process( &transform->md_ctx_dec, tmp ); + mbedtls_md_finish( &transform->md_ctx_dec, tmp ); mbedtls_md_hmac_reset( &transform->md_ctx_dec ); From 700ee44545b5557b0bf6472290819afda805c6f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 26 May 2020 00:33:31 +0200 Subject: [PATCH 165/247] Add missing copyright dates to scripts and sources MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To find any files with a missing copyright declaration, use the following script: # ======================== #!/bin/sh # Find files with copyright declarations, and list their file extensions exts=$(grep -Ril --exclude-dir .git --exclude-dir 3rdparty\ --exclude-dir programs/fuzz 'Copyright.*Arm' | sed ' s/.*\/// s/.*\./*./ s/.*/-name "&"/ ' | sort -u | sed -n ' :l N $!bl s/\n/ -o /gp ') # Find files with file extensions that ususally include copyright extensions, # but don't include a copyright declaration themselves. eval "find\ '(' -path './.git' -o -path './3rdparty' -o -path './programs/fuzz' ')' -prune\ -o ! -path './tests/data_files/format_pkcs12.fmt'\ ! -path './programs/psa/psa_constant_names_generated.c'\ '(' $exts ')' -print" | xargs grep -Li 'Copyright.*Arm' # ======================== Signed-off-by: Bence Szépkúti --- programs/psa/crypto_examples.c | 6 ++++++ programs/psa/key_ladder_demo.sh | 5 +++++ programs/psa/psa_constant_names.c | 6 ++++++ programs/test/udp_proxy_wrapper.sh | 4 ++++ scripts/apidoc_full.sh | 4 ++++ scripts/ecc-heap.sh | 4 ++++ scripts/generate_errors.pl | 4 ++++ scripts/generate_features.pl | 3 +++ scripts/generate_psa_constants.py | 4 ++++ scripts/generate_query_config.pl | 4 ++++ scripts/generate_visualc_files.pl | 4 ++++ scripts/massif_max.pl | 4 ++++ scripts/memory.sh | 4 ++++ scripts/tmp_ignore_makefiles.sh | 4 ++++ tests/data_files/dir-maxpath/long.sh | 4 ++++ tests/data_files/print_c.pl | 5 +++++ tests/scripts/check-doxy-blocks.pl | 4 ++++ tests/scripts/doxygen.sh | 4 ++++ tests/scripts/gen_ctr_drbg.pl | 4 ++++ tests/scripts/gen_gcm_decrypt.pl | 4 ++++ tests/scripts/gen_gcm_encrypt.pl | 4 ++++ tests/scripts/gen_pkcs1_v21_sign_verify.pl | 3 +++ tests/scripts/generate-afl-tests.sh | 4 ++++ tests/scripts/list-enum-consts.pl | 4 ++++ tests/scripts/list-identifiers.sh | 4 ++++ tests/scripts/list-macros.sh | 4 ++++ tests/scripts/list-symbols.sh | 4 ++++ tests/scripts/psa_collect_statuses.py | 4 ++++ tests/scripts/recursion.pl | 4 ++++ tests/scripts/tcp_client.pl | 4 ++++ tests/scripts/test_psa_constant_names.py | 4 ++++ 31 files changed, 128 insertions(+) diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index f156b7b26..88e34d1fd 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -1,3 +1,9 @@ +/* + * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + #include "psa/crypto.h" #include #include diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index 2cec945f5..3ffbd8b01 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -1,4 +1,9 @@ #!/bin/sh +# +# Copyright (C) 2018, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + set -e -u program="${0%/*}"/key_ladder_demo diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index d8ffd46cf..e22791c4a 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -1,3 +1,9 @@ +/* + * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + #include #include #include diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 29033d5d1..85f4423d3 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -1,6 +1,10 @@ #!/bin/sh # -*-sh-basic-offset: 4-*- # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] +# +# Copyright (C) 2017, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -u diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh index dfe117710..a8e48455b 100755 --- a/scripts/apidoc_full.sh +++ b/scripts/apidoc_full.sh @@ -6,6 +6,10 @@ # # /!\ This must not be a Makefile target, as it would create a race condition # when multiple targets are invoked in the same parallel build. +# +# Copyright (C) 2016, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh index 69777a62c..3231f7c94 100755 --- a/scripts/ecc-heap.sh +++ b/scripts/ecc-heap.sh @@ -6,6 +6,10 @@ # Usage (preferably on a 32-bit platform): # cmake -D CMAKE_BUILD_TYPE=Release . # scripts/ecc-heap.sh | tee ecc-heap.log +# +# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 150e10e46..81e5c468d 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -4,6 +4,10 @@ # # Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments, # or generate_errors.pl include_dir data_dir error_file +# +# Copyright (C) 2011-2020, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index 1bd82ca2a..3c049915e 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -1,5 +1,8 @@ #!/usr/bin/env perl # +# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 175cd9ffc..9fbccd333 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -11,6 +11,10 @@ file is written: * OUTPUT_FILE_DIR passed: writes to OUTPUT_FILE_DIR/ """ +# Copyright (C) 2018-2020, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + import os import re import sys diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index d94fdad62..26778d3bf 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -15,6 +15,10 @@ # function by using the template in scripts/data_files/query_config.fmt. # # Usage: ./scripts/generate_query_config.pl without arguments +# +# Copyright (C) 2018-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 1f67055e6..268597074 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -5,6 +5,10 @@ # # Must be run from mbedTLS root or scripts directory. # Takes no argument. +# +# Copyright (C) 2013-2020, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl index 4e3342a2c..f7fa919b4 100755 --- a/scripts/massif_max.pl +++ b/scripts/massif_max.pl @@ -1,6 +1,10 @@ #!/usr/bin/env perl # Parse a massif.out.xxx file and output peak total memory usage +# +# Copyright (C) 2014, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/scripts/memory.sh b/scripts/memory.sh index c415f92d5..513549598 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -5,6 +5,10 @@ # # Use different build options for measuring executable size and memory usage, # since for memory we want debug information. +# +# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh index df9450e14..543e44abc 100755 --- a/scripts/tmp_ignore_makefiles.sh +++ b/scripts/tmp_ignore_makefiles.sh @@ -2,6 +2,10 @@ # Temporarily (de)ignore Makefiles generated by CMake to allow easier # git development +# +# Copyright (C) 2014, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) IGNORE="" diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh index 22f3bf548..19794980f 100755 --- a/tests/data_files/dir-maxpath/long.sh +++ b/tests/data_files/dir-maxpath/long.sh @@ -1,4 +1,8 @@ #!/bin/sh +# +# Copyright (C) 2017, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl index d0ec13705..af8a2c1b4 100755 --- a/tests/data_files/print_c.pl +++ b/tests/data_files/print_c.pl @@ -1,4 +1,9 @@ #!/usr/bin/env perl +# +# Copyright (C) 2017, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + use strict; use warnings; diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl index 496769992..70fab6896 100755 --- a/tests/scripts/check-doxy-blocks.pl +++ b/tests/scripts/check-doxy-blocks.pl @@ -7,6 +7,10 @@ # sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen - # but that would warn about any undocumented item, while our goal is to find # items that are documented, but not marked as such by mistake. +# +# Copyright (C) 2012-2016, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index e7758c9e8..4fb8b7f1b 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -1,6 +1,10 @@ #!/bin/sh # Make sure the doxygen documentation builds without warnings +# +# Copyright (C) 2016, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) # Abort on errors (and uninitiliased variables) set -eu diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index 3c074be19..624da22e5 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -3,6 +3,10 @@ # Based on NIST CTR_DRBG.rsp validation file # Only uses AES-256-CTR cases that use a Derivation function # and concats nonce and personalization for initialization. +# +# Copyright (C) 2011, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl index 03809cb94..1739c9b06 100755 --- a/tests/scripts/gen_gcm_decrypt.pl +++ b/tests/scripts/gen_gcm_decrypt.pl @@ -2,6 +2,10 @@ # # Based on NIST gcmDecryptxxx.rsp validation files # Only first 3 of every set used for compile time saving +# +# Copyright (C) 2012-2013, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl index 29ec677da..602d85aa4 100755 --- a/tests/scripts/gen_gcm_encrypt.pl +++ b/tests/scripts/gen_gcm_encrypt.pl @@ -2,6 +2,10 @@ # # Based on NIST gcmEncryptIntIVxxx.rsp validation files # Only first 3 of every set used for compile time saving +# +# Copyright (C) 2012-2013, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index 110cb4b07..fbdf751a8 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -1,5 +1,8 @@ #!/usr/bin/env perl # +# Copyright (C) 2011-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index cbc2f5906..6cd3f6140 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -7,6 +7,10 @@ # Usage: generate-afl-tests.sh # - should be the path to one of the test suite files # such as 'test_suite_mpi.data' +# +# Copyright (C) 2016, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) # Abort on errors set -e diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl index e59517b88..d60a0fb16 100755 --- a/tests/scripts/list-enum-consts.pl +++ b/tests/scripts/list-enum-consts.pl @@ -1,4 +1,8 @@ #!/usr/bin/env perl +# +# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index 24e74043b..c48c249cc 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -5,6 +5,10 @@ # Outputs the line count of the file to stdout. # # Usage: list-identifiers.sh [ -i | --internal ] +# +# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh index 3540b8e52..17107aaeb 100755 --- a/tests/scripts/list-macros.sh +++ b/tests/scripts/list-macros.sh @@ -1,4 +1,8 @@ #!/bin/sh +# +# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index 1c348a79c..004912479 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -1,4 +1,8 @@ #!/bin/sh +# +# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index e38beeac3..78b5c19ac 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -12,6 +12,10 @@ The build command is "make -DRECORD_PSA_STATUS_COVERAGE_LOG", which is only supported with make (as opposed to CMake or other build methods). """ +# Copyright (C) 2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + import argparse import os import subprocess diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl index 431e59211..c80666ec8 100755 --- a/tests/scripts/recursion.pl +++ b/tests/scripts/recursion.pl @@ -7,6 +7,10 @@ # an unbounded way, those functions should use interation instead. # # Typical usage: scripts/recursion.pl library/*.c +# +# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl index 11cbf1b1b..eb531a585 100755 --- a/tests/scripts/tcp_client.pl +++ b/tests/scripts/tcp_client.pl @@ -4,6 +4,10 @@ # Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1 # DATA: hex-encoded data to send to the server # RESPONSE: regexp that must match the server's response +# +# Copyright (C) 2017, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 2c9f058ea..4497dad57 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -7,6 +7,10 @@ Return 0 if all test cases pass, 1 if the output was not always as expected, or 1 (with a Python backtrace) if there was an operational error. """ +# Copyright (C) 2018-2020, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + import argparse from collections import namedtuple import itertools From c7da1fe3812ce0d3ee0e351e67118d46af540519 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 26 May 2020 01:54:15 +0200 Subject: [PATCH 166/247] Add Apache-2.0 headers to all scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit was generated using the following script: # ======================== #!/bin/sh # Find scripts find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i ' # Remove Mbed TLS declaration if it occurs before the copyright line 1,/Copyright.*Arm/I { /This file is part of/,$ { /Copyright.*Arm/I! d } } # Convert non-standard header in scripts/abi_check.py to the format used in the other scripts /"""/,/"""/ { # Cut copyright declaration /Copyright.*Arm/I { h N d } # Paste copyright declaration /"""/ { x /./ { s/^/# / # Add # x # Replace orignal buffer with Copyright declaration p # Print original buffer, insert newline i\ s/.*// # Clear original buffer } x } } /Copyright.*Arm/I { # Print copyright declaration p # Read the two lines immediately following the copyright declaration N N # Insert Apache header if it is missing /SPDX/! { i\ # SPDX-License-Identifier: Apache-2.0\ #\ # Licensed under the Apache License, Version 2.0 (the "License"); you may\ # not use this file except in compliance with the License.\ # You may obtain a copy of the License at\ #\ # http://www.apache.org/licenses/LICENSE-2.0\ #\ # Unless required by applicable law or agreed to in writing, software\ # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\ # See the License for the specific language governing permissions and\ # limitations under the License. # Insert Mbed TLS declaration if it is missing /This file is part of/! i\ #\ # This file is part of Mbed TLS (https://tls.mbed.org) } # Clear copyright declaration from buffer D } ' # ======================== Signed-off-by: Bence Szépkúti --- programs/psa/key_ladder_demo.sh | 13 +++++++++++++ programs/test/udp_proxy_wrapper.sh | 13 +++++++++++++ scripts/abi_check.py | 21 +++++++++++++++++---- scripts/apidoc_full.sh | 13 +++++++++++++ scripts/bump_version.sh | 17 +++++++++++++++-- scripts/ecc-heap.sh | 13 +++++++++++++ scripts/footprint.sh | 17 +++++++++++++++-- scripts/generate_errors.pl | 13 +++++++++++++ scripts/generate_features.pl | 13 +++++++++++++ scripts/generate_psa_constants.py | 13 +++++++++++++ scripts/generate_query_config.pl | 13 +++++++++++++ scripts/generate_visualc_files.pl | 13 +++++++++++++ scripts/massif_max.pl | 13 +++++++++++++ scripts/memory.sh | 13 +++++++++++++ scripts/output_env.sh | 17 +++++++++++++++-- scripts/rename.pl | 17 +++++++++++++++-- scripts/tmp_ignore_makefiles.sh | 13 +++++++++++++ tests/compat.sh | 17 +++++++++++++++-- tests/context-info.sh | 17 +++++++++++++++-- tests/data_files/dir-maxpath/long.sh | 13 +++++++++++++ tests/data_files/print_c.pl | 13 +++++++++++++ tests/git-scripts/pre-push.sh | 17 +++++++++++++++-- tests/scripts/all.sh | 17 +++++++++++++++-- tests/scripts/basic-build-test.sh | 17 +++++++++++++++-- tests/scripts/check-doxy-blocks.pl | 13 +++++++++++++ tests/scripts/check-files.py | 16 +++++++++++++++- tests/scripts/check-generated-files.sh | 17 +++++++++++++++-- tests/scripts/check-names.sh | 17 +++++++++++++++-- tests/scripts/check-python-files.sh | 17 +++++++++++++++-- tests/scripts/curves.pl | 15 +++++++++++++++ tests/scripts/depends-hashes.pl | 15 +++++++++++++++ tests/scripts/depends-pkalgs.pl | 15 +++++++++++++++ tests/scripts/doxygen.sh | 13 +++++++++++++ tests/scripts/gen_ctr_drbg.pl | 13 +++++++++++++ tests/scripts/gen_gcm_decrypt.pl | 13 +++++++++++++ tests/scripts/gen_gcm_encrypt.pl | 13 +++++++++++++ tests/scripts/gen_pkcs1_v21_sign_verify.pl | 13 +++++++++++++ tests/scripts/generate-afl-tests.sh | 13 +++++++++++++ tests/scripts/key-exchanges.pl | 15 +++++++++++++++ tests/scripts/list-enum-consts.pl | 13 +++++++++++++ tests/scripts/list-identifiers.sh | 13 +++++++++++++ tests/scripts/list-macros.sh | 13 +++++++++++++ tests/scripts/list-symbols.sh | 13 +++++++++++++ tests/scripts/psa_collect_statuses.py | 13 +++++++++++++ tests/scripts/recursion.pl | 13 +++++++++++++ tests/scripts/run-test-suites.pl | 17 +++++++++++++++-- tests/scripts/tcp_client.pl | 13 +++++++++++++ tests/scripts/test-ref-configs.pl | 17 +++++++++++++++-- tests/scripts/test_psa_constant_names.py | 13 +++++++++++++ tests/scripts/test_zeroize.gdb | 17 +++++++++++++++-- tests/scripts/travis-log-failure.sh | 17 +++++++++++++++-- tests/ssl-opt.sh | 17 +++++++++++++++-- 52 files changed, 724 insertions(+), 39 deletions(-) diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index 3ffbd8b01..fc2ef336f 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -1,6 +1,19 @@ #!/bin/sh # # Copyright (C) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 85f4423d3..cfc269a61 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -3,6 +3,19 @@ # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] # # Copyright (C) 2017, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index c2aca501d..b8fc9b800 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -1,9 +1,5 @@ #!/usr/bin/env python3 """ -This file is part of Mbed TLS (https://tls.mbed.org) - -Copyright (c) 2018, Arm Limited, All Rights Reserved - Purpose This script is a small wrapper around the abi-compliance-checker and @@ -15,6 +11,23 @@ Returns 0 on success, 1 on ABI/API non-compliance, and 2 if there is an error while running the script. Note: must be run from Mbed TLS root. """ +# Copyright (c) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) + import os import sys import traceback diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh index a8e48455b..f270bf4a8 100755 --- a/scripts/apidoc_full.sh +++ b/scripts/apidoc_full.sh @@ -8,6 +8,19 @@ # when multiple targets are invoked in the same parallel build. # # Copyright (C) 2016, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index cf875c88d..88e3a46ee 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -1,8 +1,21 @@ #!/bin/bash # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2012-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh index 3231f7c94..1a2a6d141 100755 --- a/scripts/ecc-heap.sh +++ b/scripts/ecc-heap.sh @@ -8,6 +8,19 @@ # scripts/ecc-heap.sh | tee ecc-heap.log # # Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 961a0d60b..de7b68fc4 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -1,8 +1,21 @@ #!/bin/sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 81e5c468d..f3814f475 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -6,6 +6,19 @@ # or generate_errors.pl include_dir data_dir error_file # # Copyright (C) 2011-2020, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index 3c049915e..e60bb88fb 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -1,6 +1,19 @@ #!/usr/bin/env perl # # Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 9fbccd333..3d2e6815a 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -12,6 +12,19 @@ file is written: """ # Copyright (C) 2018-2020, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 26778d3bf..c9ef83801 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -17,6 +17,19 @@ # Usage: ./scripts/generate_query_config.pl without arguments # # Copyright (C) 2018-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 268597074..d72d19dad 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -7,6 +7,19 @@ # Takes no argument. # # Copyright (C) 2013-2020, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl index f7fa919b4..f5d870f5a 100755 --- a/scripts/massif_max.pl +++ b/scripts/massif_max.pl @@ -3,6 +3,19 @@ # Parse a massif.out.xxx file and output peak total memory usage # # Copyright (C) 2014, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/memory.sh b/scripts/memory.sh index 513549598..15693a0af 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -7,6 +7,19 @@ # since for memory we want debug information. # # Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 35452795d..0044a222a 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -2,9 +2,22 @@ # output_env.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/scripts/rename.pl b/scripts/rename.pl index fb428098c..1e8dbf4f7 100755 --- a/scripts/rename.pl +++ b/scripts/rename.pl @@ -1,8 +1,21 @@ #!/usr/bin/env perl # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh index 543e44abc..1a165408e 100755 --- a/scripts/tmp_ignore_makefiles.sh +++ b/scripts/tmp_ignore_makefiles.sh @@ -4,6 +4,19 @@ # git development # # Copyright (C) 2014, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/compat.sh b/tests/compat.sh index 54bc0b7d1..6aa35d21a 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -2,9 +2,22 @@ # compat.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2012-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/context-info.sh b/tests/context-info.sh index 78aeb70f7..344dd4ea9 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -2,9 +2,22 @@ # context-info.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2012-2020, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # This program is intended for testing the ssl_context_info program # diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh index 19794980f..60813d823 100755 --- a/tests/data_files/dir-maxpath/long.sh +++ b/tests/data_files/dir-maxpath/long.sh @@ -1,6 +1,19 @@ #!/bin/sh # # Copyright (C) 2017, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl index af8a2c1b4..4c15be2d3 100755 --- a/tests/data_files/print_c.pl +++ b/tests/data_files/print_c.pl @@ -1,6 +1,19 @@ #!/usr/bin/env perl # # Copyright (C) 2017, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index 86edf5a30..d3b462996 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -1,9 +1,22 @@ #!/bin/sh # pre-push.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d911d493a..865c73d42 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2,9 +2,22 @@ # all.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2014-2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 0be870587..4fb924784 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -2,9 +2,22 @@ # basic-build-tests.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl index 70fab6896..c4746541c 100755 --- a/tests/scripts/check-doxy-blocks.pl +++ b/tests/scripts/check-doxy-blocks.pl @@ -9,6 +9,19 @@ # items that are documented, but not marked as such by mistake. # # Copyright (C) 2012-2016, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 62b526ab9..1cef2d5f1 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -1,7 +1,21 @@ #!/usr/bin/env python3 -# This file is part of Mbed TLS (https://tls.mbed.org) # Copyright (c) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) """ This script checks the current state of the source code for minor issues, diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index f41e465c3..e39b66182 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -1,8 +1,21 @@ #! /usr/bin/env sh -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2018, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index dc097ee8e..e2019ccad 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -1,8 +1,21 @@ #!/bin/sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2015-2019, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index cd18518ca..c5597f16e 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -1,8 +1,21 @@ #! /usr/bin/env sh -# This file is part of Mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose: # diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 8119a46e6..cd6ea0d9a 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -3,6 +3,21 @@ # curves.pl # # Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index 898ae497c..08d99ab83 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -3,6 +3,21 @@ # depends-hashes.pl # # Copyright (c) 2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 0cc01f241..1577fee38 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -3,6 +3,21 @@ # depends-pkalgs.pl # # Copyright (c) 2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index 4fb8b7f1b..ed8a9ef2a 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -3,6 +3,19 @@ # Make sure the doxygen documentation builds without warnings # # Copyright (C) 2016, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index 624da22e5..715eac358 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -5,6 +5,19 @@ # and concats nonce and personalization for initialization. # # Copyright (C) 2011, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl index 1739c9b06..6e4cb1fbb 100755 --- a/tests/scripts/gen_gcm_decrypt.pl +++ b/tests/scripts/gen_gcm_decrypt.pl @@ -4,6 +4,19 @@ # Only first 3 of every set used for compile time saving # # Copyright (C) 2012-2013, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl index 602d85aa4..c58f3f1ee 100755 --- a/tests/scripts/gen_gcm_encrypt.pl +++ b/tests/scripts/gen_gcm_encrypt.pl @@ -4,6 +4,19 @@ # Only first 3 of every set used for compile time saving # # Copyright (C) 2012-2013, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index fbdf751a8..bbdeb8bbb 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -1,6 +1,19 @@ #!/usr/bin/env perl # # Copyright (C) 2011-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index 6cd3f6140..e3ae01550 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -9,6 +9,19 @@ # such as 'test_suite_mpi.data' # # Copyright (C) 2016, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl index 851de1b36..be9567f52 100755 --- a/tests/scripts/key-exchanges.pl +++ b/tests/scripts/key-exchanges.pl @@ -3,6 +3,21 @@ # key-exchanges.pl # # Copyright (c) 2015-2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl index d60a0fb16..46de3039d 100755 --- a/tests/scripts/list-enum-consts.pl +++ b/tests/scripts/list-enum-consts.pl @@ -1,6 +1,19 @@ #!/usr/bin/env perl # # Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index c48c249cc..128455221 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -7,6 +7,19 @@ # Usage: list-identifiers.sh [ -i | --internal ] # # Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh index 17107aaeb..786aef925 100755 --- a/tests/scripts/list-macros.sh +++ b/tests/scripts/list-macros.sh @@ -1,6 +1,19 @@ #!/bin/sh # # Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index 004912479..f4c20b24c 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -1,6 +1,19 @@ #!/bin/sh # # Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index 78b5c19ac..767323687 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -13,6 +13,19 @@ only supported with make (as opposed to CMake or other build methods). """ # Copyright (C) 2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl index c80666ec8..693703132 100755 --- a/tests/scripts/recursion.pl +++ b/tests/scripts/recursion.pl @@ -9,6 +9,19 @@ # Typical usage: scripts/recursion.pl library/*.c # # Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index d06badd23..45823c0a0 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -2,9 +2,22 @@ # run-test-suites.pl # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2015-2018, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) =head1 SYNOPSIS diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl index eb531a585..6e576d63f 100755 --- a/tests/scripts/tcp_client.pl +++ b/tests/scripts/tcp_client.pl @@ -6,6 +6,19 @@ # RESPONSE: regexp that must match the server's response # # Copyright (C) 2017, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index e33aca7dd..0e36dd617 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -2,9 +2,22 @@ # test-ref-configs.pl # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2013-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 4497dad57..2d6e3826e 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -8,6 +8,19 @@ or 1 (with a Python backtrace) if there was an operational error. """ # Copyright (C) 2018-2020, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 8164acb9b..43fde759c 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,8 +1,21 @@ # test_zeroize.gdb # -# This file is part of Mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh index 9866ca7da..c6de12ca9 100755 --- a/tests/scripts/travis-log-failure.sh +++ b/tests/scripts/travis-log-failure.sh @@ -2,9 +2,22 @@ # travis-log-failure.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index df3f53b3b..74e2056f0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2,9 +2,22 @@ # ssl-opt.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # From 6a81eb610699688cc093ec51f24ac7e39bd81233 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 15 Jun 2020 16:21:33 +0100 Subject: [PATCH 167/247] Remove Dangerous Parameter Passing Another coverity bug - #350039 When this test discovers a key of the wrong type, it still throws it through the export function in order to check that it too will detect this as a not permitted action. For the buffer and buffer length arguments it passes in a local pointer (which will most likely be NULL), and the sizeof that pointer, as it knows that they will never be used. Coverity rightly (imho) flagged this as suspicious - if we are going to pass in incorrect parameters, at least make them obviously incorrect, and ones that will not potentially cause errors if the code later changes. There is, for example safety checks for zero length buffer, but less protection for an insufficiently sized one. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto_slot_management.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index a9c7f0459..3a14b1211 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -270,7 +270,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, else { TEST_EQUAL( psa_export_key( handle, - reexported, sizeof( reexported ), + NULL, 0, &reexported_length ), PSA_ERROR_NOT_PERMITTED ); } From 869746577a00d6fab26ff0e7e76887f5bc726158 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 15 Jun 2020 11:59:37 +0200 Subject: [PATCH 168/247] Add Apache-2.0 headers to all source files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also normalize the first line of the copyright headers. This commit was generated using the following script: # ======================== #!/bin/sh # Find scripts find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i ' # Normalize the first line of the copyright headers (no text on the first line of a block comment) /^\/\*.*Copyright.*Arm/I { i\ /* s/^\// / } /Copyright.*Arm/I { # Print copyright declaration p # Read the two lines immediately following the copyright declaration N N # Insert Apache header if it is missing /SPDX/! i\ * SPDX-License-Identifier: Apache-2.0\ *\ * Licensed under the Apache License, Version 2.0 (the "License"); you may\ * not use this file except in compliance with the License.\ * You may obtain a copy of the License at\ *\ * http://www.apache.org/licenses/LICENSE-2.0\ *\ * Unless required by applicable law or agreed to in writing, software\ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\ * See the License for the specific language governing permissions and\ * limitations under the License. # Clear copyright declaration from buffer D } ' # ======================== Signed-off-by: Bence Szépkúti --- include/mbedtls/aes.h | 3 ++- include/mbedtls/aria.h | 3 ++- include/mbedtls/chacha20.h | 3 ++- include/mbedtls/chachapoly.h | 3 ++- include/mbedtls/poly1305.h | 3 ++- library/psa_crypto.c | 3 ++- library/psa_crypto_core.h | 3 ++- library/psa_crypto_its.h | 3 ++- library/psa_crypto_se.c | 3 ++- library/psa_crypto_se.h | 3 ++- library/psa_crypto_service_integration.h | 3 ++- library/psa_crypto_slot_management.c | 3 ++- library/psa_crypto_slot_management.h | 3 ++- library/psa_crypto_storage.c | 3 ++- library/psa_its_file.c | 3 ++- programs/psa/crypto_examples.c | 13 +++++++++++++ programs/psa/key_ladder_demo.c | 3 ++- programs/psa/psa_constant_names.c | 13 +++++++++++++ tests/include/test/helpers.h | 3 ++- tests/include/test/macros.h | 3 ++- tests/include/test/psa_crypto_helpers.h | 3 ++- tests/include/test/psa_helpers.h | 3 ++- tests/include/test/random.h | 3 ++- tests/src/helpers.c | 3 ++- tests/src/random.c | 3 ++- 25 files changed, 72 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 63c0f672b..151affdb2 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -20,7 +20,8 @@ * . */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index a72a8c22a..f99e76fb6 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -9,7 +9,8 @@ * Korean, but see http://210.104.33.10/ARIA/index-e.html in English) * and also described by the IETF in RFC 5794. */ -/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index 243ae63af..696d400ea 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -12,7 +12,8 @@ * \author Daniel King */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index 3d842ef19..97f1c58c0 100644 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -12,7 +12,8 @@ * \author Daniel King */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index 05866a2da..4a3e35448 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -12,7 +12,8 @@ * \author Daniel King */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 69323184d..3dc3b8673 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1,7 +1,8 @@ /* * PSA crypto layer on top of Mbed TLS crypto */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index edf3ab603..ef40f7994 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -1,7 +1,8 @@ /* * PSA crypto core internal interfaces */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h index 380978760..e2b7466bc 100644 --- a/library/psa_crypto_its.h +++ b/library/psa_crypto_its.h @@ -1,7 +1,8 @@ /** \file psa_crypto_its.h * \brief Interface of trusted storage that crypto is built on. */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 087c768f4..53a260007 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -1,7 +1,8 @@ /* * PSA crypto support for secure element drivers */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index c1450656c..3c29b1289 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -1,7 +1,8 @@ /* * PSA crypto support for secure element drivers */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_service_integration.h b/library/psa_crypto_service_integration.h index 938bfe1de..c129c8ee2 100644 --- a/library/psa_crypto_service_integration.h +++ b/library/psa_crypto_service_integration.h @@ -1,4 +1,5 @@ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 6cd6a1135..8ffb5a0e1 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -1,7 +1,8 @@ /* * PSA crypto layer on top of Mbed TLS crypto */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 472253dd9..6cb02f5b2 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -1,7 +1,8 @@ /* * PSA crypto layer on top of Mbed TLS crypto */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index fa1214c86..f12fe0034 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -1,7 +1,8 @@ /* * PSA persistent key storage */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 0935b2780..86e2c42a9 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -1,7 +1,8 @@ /* * PSA ITS simulator over stdio files. */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 88e34d1fd..97beb0eb4 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -1,5 +1,18 @@ /* * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) */ diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index 1dbbc8145..b633f7578 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -30,7 +30,8 @@ * `key_ladder_demo.sh` for an example run. */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index e22791c4a..964e7b347 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -1,5 +1,18 @@ /* * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) */ diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 36b9e72e2..36ec8e687 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -5,7 +5,8 @@ * purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 25f831208..aaf13add0 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -4,7 +4,8 @@ * \brief This file contains generic macros for the purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 1dd608433..8cd361fb6 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -1,7 +1,8 @@ /* * Helper functions for tests that use the PSA Crypto API. */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h index 79f683707..352ae67ae 100644 --- a/tests/include/test/psa_helpers.h +++ b/tests/include/test/psa_helpers.h @@ -1,7 +1,8 @@ /* * Helper functions for tests that use any PSA API. */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/include/test/random.h b/tests/include/test/random.h index dfdefa688..e085f16b5 100644 --- a/tests/include/test/random.h +++ b/tests/include/test/random.h @@ -5,7 +5,8 @@ * random numbers for the purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/src/helpers.c b/tests/src/helpers.c index f0c27c3ff..08d88a5dc 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -1,4 +1,5 @@ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/src/random.c b/tests/src/random.c index 25fa4cf33..3345f78be 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -5,7 +5,8 @@ * for the purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may From b657783269058f10d6e6c2e32067e5200f7af77a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 8 Jun 2020 07:08:03 -0400 Subject: [PATCH 169/247] Update iv and len context pointers manually when reallocating buffers These fields might be shifted accordingly in `ssl_parse_record_header()` when receiving a connection with CID, so they require a manual update after calling the generic `mbedtls_ssl_reset_in_out_pointers()`. This commit also adds a regression test which is run by all.sh. Signed-off-by: Andrzej Kurek --- ChangeLog.d/bugfix_PR3405 | 5 +++++ library/ssl_tls.c | 31 ++++++++++++++++++++++++------- tests/ssl-opt.sh | 26 ++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 7 deletions(-) create mode 100644 ChangeLog.d/bugfix_PR3405 diff --git a/ChangeLog.d/bugfix_PR3405 b/ChangeLog.d/bugfix_PR3405 new file mode 100644 index 000000000..73c57c081 --- /dev/null +++ b/ChangeLog.d/bugfix_PR3405 @@ -0,0 +1,5 @@ +Bugfix + * Update iv and len context pointers manually when reallocating buffers + using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues + when receiving a connection with CID, when these fields were shifted + in ssl_parse_record_header(). diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 30c917bb1..a202bd838 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3686,11 +3686,13 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) /* If the buffers are too small - reallocate */ { int modified = 0; - size_t written_in = 0; - size_t written_out = 0; + size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; + size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; if( ssl->in_buf != NULL ) { written_in = ssl->in_msg - ssl->in_buf; + iv_offset_in = ssl->in_iv - ssl->in_buf; + len_offset_in = ssl->in_len - ssl->in_buf; if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN ) { if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN, @@ -3709,6 +3711,8 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) if( ssl->out_buf != NULL ) { written_out = ssl->out_msg - ssl->out_buf; + iv_offset_out = ssl->out_iv - ssl->out_buf; + len_offset_out = ssl->out_len - ssl->out_buf; if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN ) { if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN, @@ -3728,9 +3732,14 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) /* Update pointers here to avoid doing it twice. */ mbedtls_ssl_reset_in_out_pointers( ssl ); /* Fields below might not be properly updated with record - * splitting, so they are manually updated here. */ + * splitting or with CID, so they are manually updated here. */ ssl->out_msg = ssl->out_buf + written_out; + ssl->out_len = ssl->out_buf + len_offset_out; + ssl->out_iv = ssl->out_buf + iv_offset_out; + ssl->in_msg = ssl->in_buf + written_in; + ssl->in_len = ssl->in_buf + len_offset_in; + ssl->in_iv = ssl->in_buf + iv_offset_in; } } #endif @@ -5960,14 +5969,15 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) { int modified = 0; uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl ); - size_t written_in = 0; - size_t written_out = 0; + size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; + size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; if( ssl->in_buf != NULL ) { written_in = ssl->in_msg - ssl->in_buf; + iv_offset_in = ssl->in_iv - ssl->in_buf; + len_offset_in = ssl->in_len - ssl->in_buf; if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len ) { - written_in = ssl->in_msg - ssl->in_buf; if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); @@ -5985,6 +5995,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) if(ssl->out_buf != NULL ) { written_out = ssl->out_msg - ssl->out_buf; + iv_offset_out = ssl->out_iv - ssl->out_buf; + len_offset_out = ssl->out_len - ssl->out_buf; if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) && ssl->out_left < buf_len ) { @@ -6004,9 +6016,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) /* Update pointers here to avoid doing it twice. */ mbedtls_ssl_reset_in_out_pointers( ssl ); /* Fields below might not be properly updated with record - * splitting, so they are manually updated here. */ + * splitting or with CID, so they are manually updated here. */ ssl->out_msg = ssl->out_buf + written_out; + ssl->out_len = ssl->out_buf + len_offset_out; + ssl->out_iv = ssl->out_buf + iv_offset_out; + ssl->in_msg = ssl->in_buf + written_in; + ssl->in_len = ssl->in_buf + len_offset_in; + ssl->in_iv = ssl->in_buf + iv_offset_in; } } #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index df3f53b3b..2c95549a9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2201,6 +2201,32 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" -c "ignoring unexpected CID" \ -s "ignoring unexpected CID" +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH +run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \ + "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ + "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \ + 0 \ + -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ + -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ + -s "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(initial handshake) Use of Connection ID has been negotiated" \ + -s "Reallocating in_buf" \ + -s "Reallocating out_buf" + +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH +run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \ + "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ + "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \ + 0 \ + -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ + -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ + -s "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(initial handshake) Use of Connection ID has been negotiated" \ + -s "Reallocating in_buf" \ + -s "Reallocating out_buf" + # Tests for Encrypt-then-MAC extension run_test "Encrypt then MAC: default" \ From a50f28338b8daa5ed22669598e1c9883de9e7972 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Jun 2020 18:35:57 +0200 Subject: [PATCH 170/247] Add test to check key ID's from the vendor range are accepted Signed-off-by: Steven Cooreman --- .../test_suite_psa_crypto_se_driver_hal.data | 20 ++++++++++++------- ...st_suite_psa_crypto_se_driver_hal.function | 3 ++- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 5333e570d..023024d39 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -130,22 +130,28 @@ Key generation smoke test: HMAC-SHA-256 generate_key_smoke:PSA_KEY_TYPE_HMAC:256:PSA_ALG_HMAC( PSA_ALG_SHA_256 ) Key registration: smoke test -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:PSA_SUCCESS +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:1:PSA_SUCCESS -Key registration: invalid lifetime (volatile) -register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:PSA_ERROR_INVALID_ARGUMENT +Key registration: invalid lifetime (volatile internal storage) +register_key_smoke_test:PSA_KEY_LIFETIME_VOLATILE:1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (internal storage) -register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_PERSISTENT:1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: invalid lifetime (no registered driver) -register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:PSA_ERROR_INVALID_ARGUMENT +register_key_smoke_test:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION + 1 ):1:1:PSA_ERROR_INVALID_ARGUMENT Key registration: rejected -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:0:PSA_ERROR_NOT_PERMITTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:0:PSA_ERROR_NOT_PERMITTED Key registration: not supported -register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:-1:PSA_ERROR_NOT_SUPPORTED +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:1:-1:PSA_ERROR_NOT_SUPPORTED + +Key registration: key id out of range +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX+1:-1:PSA_ERROR_INVALID_ARGUMENT + +Key registration: key id in vendor range +register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX:1:PSA_SUCCESS Import-sign-verify: sign in driver, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 9b0cf45f3..ead8b5ab2 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -1410,6 +1410,7 @@ exit: /* BEGIN_CASE */ void register_key_smoke_test( int lifetime_arg, + int id_arg, int validate, int expected_status_arg ) { @@ -1419,7 +1420,7 @@ void register_key_smoke_test( int lifetime_arg, psa_drv_se_t driver; psa_drv_se_key_management_t key_management; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; - psa_key_id_t id = 1; + psa_key_id_t id = id_arg; size_t bit_size = 48; psa_key_slot_number_t wanted_slot = 0x123456789; psa_key_handle_t handle = 0; From 81fe7c311ac18321f66c5949be7b8312c7d4aa59 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Jun 2020 18:37:19 +0200 Subject: [PATCH 171/247] Split 'validate persistent key parameters' into independent validation Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 17 ++++--- library/psa_crypto_slot_management.c | 69 +++++++++++++++++----------- library/psa_crypto_slot_management.h | 51 ++++++++++---------- 3 files changed, 72 insertions(+), 65 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index a0851c7f7..aea4924d3 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1498,16 +1498,15 @@ static psa_status_t psa_validate_key_attributes( const psa_key_attributes_t *attributes, psa_se_drv_table_entry_t **p_drv ) { - psa_status_t status; + psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - if( ! PSA_KEY_LIFETIME_IS_VOLATILE( attributes->core.lifetime ) ) - { - status = psa_validate_persistent_key_parameters( - attributes->core.lifetime, attributes->core.id, - p_drv, 1 ); - if( status != PSA_SUCCESS ) - return( status ); - } + status = psa_validate_key_location( attributes, p_drv ); + if( status != PSA_SUCCESS ) + return( status ); + + status = psa_validate_key_persistence( attributes ); + if( status != PSA_SUCCESS ) + return( status ); status = psa_validate_key_policy( &attributes->core.policy ); if( status != PSA_SUCCESS ) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 193959aba..01fd04816 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -183,39 +183,54 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id, } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ -psa_status_t psa_validate_persistent_key_parameters( - psa_key_lifetime_t lifetime, - psa_key_file_id_t id, - psa_se_drv_table_entry_t **p_drv, - int creating ) +psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, + psa_se_drv_table_entry_t **p_drv ) { - if( p_drv != NULL ) - *p_drv = NULL; -#if defined(MBEDTLS_PSA_CRYPTO_SE_C) - if( psa_key_lifetime_is_external( lifetime ) ) + psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); + if ( psa_key_lifetime_is_external( lifetime ) ) { - *p_drv = psa_get_se_driver_entry( lifetime ); - if( *p_drv == NULL ) +#if defined(MBEDTLS_PSA_CRYPTO_SE_C) + psa_se_drv_table_entry_t *p_drv_e = psa_get_se_driver_entry( lifetime ); + if( p_drv_e == NULL ) return( PSA_ERROR_INVALID_ARGUMENT ); + else + { + if (p_drv != NULL) + *p_drv = p_drv_e; + return( PSA_SUCCESS ); + } +#else + (void) p_drv; + return( PSA_ERROR_INVALID_ARGUMENT ); +#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ } else -#endif /* MBEDTLS_PSA_CRYPTO_SE_C */ - if( ( PSA_KEY_LIFETIME_GET_LOCATION( lifetime ) - != PSA_KEY_LOCATION_LOCAL_STORAGE ) || - ( PSA_KEY_LIFETIME_GET_PERSISTENCE( lifetime ) - != PSA_KEY_PERSISTENCE_DEFAULT ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); + /* Local/internal keys are always valid */ + return( PSA_SUCCESS ); +} +psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes ) +{ + psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); + + if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) + { + /* Volatile keys are always supported */ + return( PSA_SUCCESS ); + } + else + { + /* Persistent keys require storage support */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( ! psa_is_key_id_valid( id, ! creating ) ) - return( PSA_ERROR_INVALID_ARGUMENT ); - return( PSA_SUCCESS ); - + if( psa_is_key_id_valid( psa_get_key_id( attributes ), + psa_key_lifetime_is_external( lifetime ) ) ) + return( PSA_SUCCESS ); + else + return( PSA_ERROR_INVALID_ARGUMENT ); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ - (void) id; - (void) creating; - return( PSA_ERROR_NOT_SUPPORTED ); + return( PSA_ERROR_NOT_SUPPORTED ); #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */ + } } psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle ) @@ -226,10 +241,8 @@ psa_status_t psa_open_key( psa_key_file_id_t id, psa_key_handle_t *handle ) *handle = 0; - status = psa_validate_persistent_key_parameters( - PSA_KEY_LIFETIME_PERSISTENT, id, NULL, 0 ); - if( status != PSA_SUCCESS ) - return( status ); + if( ! psa_is_key_id_valid( id, 1 ) ) + return( PSA_ERROR_INVALID_ARGUMENT ); status = psa_get_empty_key_slot( handle, &slot ); if( status != PSA_SUCCESS ) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index db2aa964c..8841284cd 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -92,38 +92,33 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) != PSA_KEY_LOCATION_LOCAL_STORAGE ); } -/** Test whether the given parameters are acceptable for a persistent key. +/** Validate that a key's attributes point to a known location. * - * This function does not access the storage in any way. It only tests - * whether the parameters are meaningful and permitted by general policy. - * It does not test whether the a file by the given id exists or could be - * created. + * This function checks whether the key's attributes point to a location that + * is known to the PSA Core, and returns the driver function table if the key + * is to be found in an external location. * - * If the key is in external storage, this function returns the corresponding - * driver. + * \param[in] attributes The key attributes. + * \param[out] p_drv On success, when a key is located in external + * storage, returns a pointer to the driver table + * associated with the key's storage location. * - * \param lifetime The lifetime to test. - * \param id The key id to test. - * \param[out] p_drv On output, if \p lifetime designates a key - * in an external processor, \c *p_drv is a pointer - * to the driver table entry fot this lifetime. - * If \p lifetime designates a transparent key, - * \c *p_drv is \c NULL. - * \param creating 0 if attempting to open an existing key. - * Nonzero if attempting to create a key. - * - * \retval PSA_SUCCESS - * The given parameters are valid. - * \retval PSA_ERROR_INVALID_ARGUMENT - * \p lifetime is volatile or is invalid. - * \retval PSA_ERROR_INVALID_ARGUMENT - * \p id is invalid. + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_ARGUMENT */ -psa_status_t psa_validate_persistent_key_parameters( - psa_key_lifetime_t lifetime, - psa_key_file_id_t id, - psa_se_drv_table_entry_t **p_drv, - int creating ); +psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, + psa_se_drv_table_entry_t **p_drv ); + +/** Validate that a key's persistence is consistent. + * + * This function checks whether a key's persistence attribute is consistent. + * + * \param[in] attributes The key attributes. + * + * \retval #PSA_SUCCESS + * \retval #PSA_ERROR_INVALID_ARGUMENT + */ +psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes ); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ From de183388653f91136536b3a0476a141274ad3e31 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Jun 2020 18:48:01 +0200 Subject: [PATCH 172/247] Add changelog entry for #3382 Signed-off-by: Steven Cooreman --- ChangeLog.d/do_not_persist_volatile_external_keys.txt | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ChangeLog.d/do_not_persist_volatile_external_keys.txt diff --git a/ChangeLog.d/do_not_persist_volatile_external_keys.txt b/ChangeLog.d/do_not_persist_volatile_external_keys.txt new file mode 100644 index 000000000..c10b22ca2 --- /dev/null +++ b/ChangeLog.d/do_not_persist_volatile_external_keys.txt @@ -0,0 +1,4 @@ +Default behavior changes + * Stop storing persistent information about externally stored keys created + through PSA Crypto with a volatile lifetime. Reported in #3288 and + contributed by Steven Cooreman in #3382. \ No newline at end of file From f5a5e45ed1eceb45f9c537c200d592b48d8237af Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Jun 2020 18:53:13 +0200 Subject: [PATCH 173/247] Refactor equality-testing asserts in SE driver tests to TEST_EQUAL Signed-off-by: Steven Cooreman --- .../test_suite_psa_crypto_se_driver_hal.function | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index ead8b5ab2..80c50e329 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -620,7 +620,7 @@ static int check_no_persistent_data( psa_key_location_t location ) struct psa_storage_info_t info; int ok = 0; - TEST_ASSERT( psa_its_get_info( uid, &info ) == PSA_ERROR_DOES_NOT_EXIST ); + TEST_EQUAL( psa_its_get_info( uid, &info ), PSA_ERROR_DOES_NOT_EXIST ); ok = 1; exit: @@ -900,7 +900,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) } /* Test that the key was created in the expected slot. */ - TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA ); + TEST_EQUAL( ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA ); /* Maybe restart, to check that the information is saved correctly. */ if( restart ) @@ -938,7 +938,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) } /* Test that the key was created in the expected slot. */ - TEST_ASSERT( ram_slots[min_slot].type == PSA_KEY_TYPE_RAW_DATA ); + TEST_EQUAL( ram_slots[min_slot].type, PSA_KEY_TYPE_RAW_DATA ); /* Test the key attributes, including the reported slot number. */ psa_set_key_bits( &attributes, @@ -964,7 +964,7 @@ void key_creation_import_export( int lifetime_arg, int min_slot, int restart ) PSA_ERROR_DOES_NOT_EXIST ); /* Test that the key has been erased from the designated slot. */ - TEST_ASSERT( ram_slots[min_slot].type == 0 ); + TEST_EQUAL( ram_slots[min_slot].type, 0 ); exit: PSA_DONE( ); @@ -1318,7 +1318,7 @@ void sign_verify( int flow, * generate material, store the desired result of generation in * the mock secure element storage. */ PSA_ASSERT( psa_get_key_attributes( drv_handle, &drv_attributes ) ); - TEST_ASSERT( key_material->len == PSA_BITS_TO_BYTES( bits ) ); + TEST_EQUAL( key_material->len, PSA_BITS_TO_BYTES( bits ) ); memcpy( ram_slots[ram_min_slot].content, key_material->x, key_material->len ); } From 00106a12c9ff7fca4cc1ece3a2152254e9079093 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Jun 2020 18:54:23 +0200 Subject: [PATCH 174/247] Minor edit to comply with pointer naming standard Signed-off-by: Steven Cooreman --- library/psa_crypto_slot_management.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 01fd04816..0cab75779 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -190,13 +190,13 @@ psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, if ( psa_key_lifetime_is_external( lifetime ) ) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) - psa_se_drv_table_entry_t *p_drv_e = psa_get_se_driver_entry( lifetime ); - if( p_drv_e == NULL ) + psa_se_drv_table_entry_t *driver = psa_get_se_driver_entry( lifetime ); + if( driver == NULL ) return( PSA_ERROR_INVALID_ARGUMENT ); else { if (p_drv != NULL) - *p_drv = p_drv_e; + *p_drv = driver; return( PSA_SUCCESS ); } #else From 74161ceaca1dbf98b965ef0188840aa594826a4d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 8 Jun 2020 19:04:38 +0200 Subject: [PATCH 175/247] Clarify behaviour of psa_validate_key_location Signed-off-by: Steven Cooreman --- library/psa_crypto_slot_management.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 8841284cd..46a73257b 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -109,9 +109,10 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, psa_se_drv_table_entry_t **p_drv ); -/** Validate that a key's persistence is consistent. +/** Validate that a key's persistence is valid. * - * This function checks whether a key's persistence attribute is consistent. + * This function checks whether a key's declared persistence and key ID are + * valid and supported by the PSA Core in its actual configuration. * * \param[in] attributes The key attributes. * From 14b8184db1e61fcc878531dd8b9cbb7194152704 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Mon, 15 Jun 2020 11:33:41 +0200 Subject: [PATCH 176/247] Added missing newline in changelog entry Signed-off-by: Steven Cooreman --- ChangeLog.d/do_not_persist_volatile_external_keys.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog.d/do_not_persist_volatile_external_keys.txt b/ChangeLog.d/do_not_persist_volatile_external_keys.txt index c10b22ca2..b27292c90 100644 --- a/ChangeLog.d/do_not_persist_volatile_external_keys.txt +++ b/ChangeLog.d/do_not_persist_volatile_external_keys.txt @@ -1,4 +1,4 @@ Default behavior changes * Stop storing persistent information about externally stored keys created through PSA Crypto with a volatile lifetime. Reported in #3288 and - contributed by Steven Cooreman in #3382. \ No newline at end of file + contributed by Steven Cooreman in #3382. From 8c1e759e1d5b64d7c8cd074ab73e0e6292a920d1 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Wed, 17 Jun 2020 14:52:05 +0200 Subject: [PATCH 177/247] Documentation and new function signature update Inline with review comments. Signed-off-by: Steven Cooreman --- library/psa_crypto.c | 6 ++++-- library/psa_crypto_slot_management.c | 10 ++++------ library/psa_crypto_slot_management.h | 18 ++++++++++-------- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index aea4924d3..a511c2774 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1500,11 +1500,13 @@ static psa_status_t psa_validate_key_attributes( { psa_status_t status = PSA_ERROR_INVALID_ARGUMENT; - status = psa_validate_key_location( attributes, p_drv ); + status = psa_validate_key_location( psa_get_key_lifetime( attributes ), + p_drv ); if( status != PSA_SUCCESS ) return( status ); - status = psa_validate_key_persistence( attributes ); + status = psa_validate_key_persistence( psa_get_key_lifetime( attributes ), + psa_get_key_id( attributes ) ); if( status != PSA_SUCCESS ) return( status ); diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 0cab75779..ab66b1213 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -183,10 +183,9 @@ static int psa_is_key_id_valid( psa_key_file_id_t file_id, } #endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */ -psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, +psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv ) { - psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); if ( psa_key_lifetime_is_external( lifetime ) ) { #if defined(MBEDTLS_PSA_CRYPTO_SE_C) @@ -209,10 +208,9 @@ psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, return( PSA_SUCCESS ); } -psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes ) +psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, + psa_key_id_t key_id ) { - psa_key_lifetime_t lifetime = psa_get_key_lifetime( attributes ); - if ( PSA_KEY_LIFETIME_IS_VOLATILE( lifetime ) ) { /* Volatile keys are always supported */ @@ -222,7 +220,7 @@ psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attribute { /* Persistent keys require storage support */ #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) - if( psa_is_key_id_valid( psa_get_key_id( attributes ), + if( psa_is_key_id_valid( key_id, psa_key_lifetime_is_external( lifetime ) ) ) return( PSA_SUCCESS ); else diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 46a73257b..e65de2e6a 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -92,13 +92,13 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) != PSA_KEY_LOCATION_LOCAL_STORAGE ); } -/** Validate that a key's attributes point to a known location. +/** Validate a key's location. * * This function checks whether the key's attributes point to a location that * is known to the PSA Core, and returns the driver function table if the key * is to be found in an external location. * - * \param[in] attributes The key attributes. + * \param[in] lifetime The key lifetime attribute. * \param[out] p_drv On success, when a key is located in external * storage, returns a pointer to the driver table * associated with the key's storage location. @@ -106,20 +106,22 @@ static inline int psa_key_lifetime_is_external( psa_key_lifetime_t lifetime ) * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_ARGUMENT */ -psa_status_t psa_validate_key_location( const psa_key_attributes_t *attributes, +psa_status_t psa_validate_key_location( psa_key_lifetime_t lifetime, psa_se_drv_table_entry_t **p_drv ); -/** Validate that a key's persistence is valid. +/** Validate that a key's persistence attributes are valid. * - * This function checks whether a key's declared persistence and key ID are - * valid and supported by the PSA Core in its actual configuration. + * This function checks whether a key's declared persistence level and key ID + * attributes are valid and known to the PSA Core in its actual configuration. * - * \param[in] attributes The key attributes. + * \param[in] lifetime The key lifetime attribute. + * \param[in] key_id The key ID attribute * * \retval #PSA_SUCCESS * \retval #PSA_ERROR_INVALID_ARGUMENT */ -psa_status_t psa_validate_key_persistence( const psa_key_attributes_t *attributes ); +psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, + psa_key_id_t key_id ); #endif /* PSA_CRYPTO_SLOT_MANAGEMENT_H */ From c84b1e6aa042b9e877ba30ac6dcba759a72d5aa2 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Sat, 13 Jun 2020 11:08:16 +0200 Subject: [PATCH 178/247] Pass "certificate policies" extension to callback Pass the "certificate policies" extension to the callback supplied to mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported policies. This allows the callback to fully replicate the behaviour of the deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION configuration. Signed-off-by: Nicola Di Lieto --- .../pass-unsupported-policies-to-callback.txt | 4 + include/mbedtls/x509_crt.h | 8 +- library/x509_crt.c | 10 ++- tests/suites/test_suite_x509parse.data | 16 ++++ tests/suites/test_suite_x509parse.function | 84 +++++++++++++++++-- 5 files changed, 114 insertions(+), 8 deletions(-) create mode 100644 ChangeLog.d/pass-unsupported-policies-to-callback.txt diff --git a/ChangeLog.d/pass-unsupported-policies-to-callback.txt b/ChangeLog.d/pass-unsupported-policies-to-callback.txt new file mode 100644 index 000000000..d139b4c18 --- /dev/null +++ b/ChangeLog.d/pass-unsupported-policies-to-callback.txt @@ -0,0 +1,4 @@ +Features + * Pass the "certificate policies" extension to the callback supplied to + mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported + policies (#3419). diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 9a9b397d9..038d2114e 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -308,7 +308,9 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * * Callbacks of this type are passed to and used by the * mbedtls_x509_crt_parse_der_with_ext_cb() routine when - * it encounters an unsupported extension. + * it encounters either an unsupported extension or a + * "certificate policies" extension containing any + * unsupported certificate policies. * * \param p_ctx An opaque context passed to the callback. * \param crt The certificate being parsed. @@ -360,7 +362,9 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, * mbedtls_x509_crt_parse_der(), and/or * mbedtls_x509_crt_parse_der_nocopy() * but it calls the callback with every unsupported - * certificate extension. + * certificate extension and additionally the + * "certificate policies" extension if it contains any + * unsupported certificate policies. * The callback must return a negative error code if it * does not know how to handle such an extension. * When the callback fails to parse a critical extension diff --git a/library/x509_crt.c b/library/x509_crt.c index ee3b48dc9..04822e8ab 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -894,7 +894,7 @@ static int x509_get_crt_ext( unsigned char **p, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - unsigned char *end_ext_data, *end_ext_octet; + unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; if( *p == end ) return( 0 ); @@ -940,6 +940,7 @@ static int x509_get_crt_ext( unsigned char **p, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + start_ext_octet = *p; end_ext_octet = *p + len; if( end_ext_octet != end_ext_data ) @@ -1025,6 +1026,13 @@ static int x509_get_crt_ext( unsigned char **p, if( ( ret = x509_get_certificate_policies( p, end_ext_octet, &crt->certificate_policies ) ) != 0 ) { + /* Give the callback (if any) a chance to handle the extension + * if it contains unsupported policies */ + if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && + cb( p_ctx, crt, &extn_oid, is_critical, + start_ext_octet, end_ext_octet ) == 0 ) + break; + #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) if( is_critical ) return( ret ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 0ba3b2c75..d5f538b22 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2032,6 +2032,22 @@ X509 CRT ASN1 (Unsupported non critical extension not recognized by callback) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 +X509 CRT ASN1 (Unsupported critical policy recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 + +X509 CRT ASN1 (Unsupported critical policy not recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + +X509 CRT ASN1 (Unsupported non critical policy recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 + +X509 CRT ASN1 (Unsupported non critical policy not recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 54e515673..a72532f01 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -303,17 +303,91 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, } int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, - int critical, const unsigned char *p, const unsigned char *end ) + int critical, const unsigned char *cp, const unsigned char *end ) { ( void ) crt; - ( void ) p; + ( void ) cp; ( void ) end; ( void ) critical; mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx; - if( new_oid == NULL || new_oid->tag != oid->tag || new_oid->len != oid->len || - memcmp(new_oid->p, oid->p, oid->len) != 0 ) + if( oid->tag == MBEDTLS_ASN1_OID && + MBEDTLS_OID_CMP( MBEDTLS_OID_CERTIFICATE_POLICIES, oid ) == 0 ) + { + /* Handle unknown certificate policy */ + int ret, parse_ret = 0; + size_t len; + unsigned char **p = (unsigned char **)&cp; + + /* Get main sequence tag */ + ret = mbedtls_asn1_get_tag( p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + if( *p + len != end ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + /* + * Cannot be an empty sequence. + */ + if( len == 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + while( *p < end ) + { + const unsigned char *policy_end; + + /* + * Get the policy sequence + */ + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + policy_end = *p + len; + + if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, + MBEDTLS_ASN1_OID ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + if( len != 1 || *p[0] != 1 ) + parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + + *p += len; + + /* + * If there is an optional qualifier, then *p < policy_end + * Check the Qualifier len to verify it doesn't exceed policy_end. + */ + if( *p < policy_end ) + { + if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + /* + * Skip the optional policy qualifiers. + */ + *p += len; + } + + if( *p != policy_end ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + + if( *p != end ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + return( parse_ret ); + } + else if( new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len && + memcmp( new_oid->p, oid->p, oid->len ) == 0 ) + return( 0 ); + else return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); - return( 0 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* END_HEADER */ From b77fad8ebe60d5eb2966e4ab20de51c1770d2a1a Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Wed, 17 Jun 2020 17:57:36 +0200 Subject: [PATCH 179/247] test_suite_x509parse.function improvement as suggested in https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r441433697 also removed two no longer necessary void casts Signed-off-by: Nicola Di Lieto --- tests/suites/test_suite_x509parse.function | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index a72532f01..9cac2ec54 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -306,8 +306,6 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf int critical, const unsigned char *cp, const unsigned char *end ) { ( void ) crt; - ( void ) cp; - ( void ) end; ( void ) critical; mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx; if( oid->tag == MBEDTLS_ASN1_OID && @@ -352,6 +350,9 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf MBEDTLS_ASN1_OID ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + /* + * Recognize exclusively the policy with OID 1 + */ if( len != 1 || *p[0] != 1 ) parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; From 4539a45cbff9dbf273121addb505ee2d0e75a557 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 18 Jun 2020 12:27:56 +0200 Subject: [PATCH 180/247] Use fixed-length encoding for internal RNG seed MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CTR-DRBG and HMAC-DRBG may used the seed differently depending on its length. To avoid leaks, pass them a constant-length seed. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 43 +++++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/library/ecp.c b/library/ecp.c index 13408799e..be9e42d91 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -172,16 +172,24 @@ static inline int ecp_drbg_random( void *p_rng, } /* DRBG context seeding */ -static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_mpi *secret ) +static int ecp_drbg_seed( ecp_drbg_context *ctx, + const mbedtls_mpi *secret, size_t secret_len ) { - const unsigned char *secret_p = (const unsigned char *) secret->p; - const size_t secret_size = secret->n * sizeof( mbedtls_mpi_uint ); - + int ret; + unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; /* The list starts with strong hashes */ const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); - return( mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_p, secret_size ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, + secret_bytes, secret_len ) ); + + ret = mbedtls_hmac_drbg_seed_buf( ctx, md_info, secret_bytes, secret_len ); + +cleanup: + mbedtls_platform_zeroize( secret_bytes, secret_len ); + + return( ret ); } #elif defined(MBEDTLS_CTR_DRBG_C) @@ -223,13 +231,22 @@ static int ecp_ctr_drbg_null_entropy(void *ctx, unsigned char *out, size_t len) } /* DRBG context seeding */ -static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_mpi *secret ) +static int ecp_drbg_seed( ecp_drbg_context *ctx, + const mbedtls_mpi *secret, size_t secret_len ) { - const unsigned char *secret_p = (const unsigned char *) secret->p; - const size_t secret_size = secret->n * sizeof( mbedtls_mpi_uint ); + int ret; + unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; - return( mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL, - secret_p, secret_size ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, + secret_bytes, secret_len ) ); + + ret = mbedtls_ctr_drbg_seed( ctx, ecp_ctr_drbg_null_entropy, NULL, + secret_bytes, secret_len ); + +cleanup: + mbedtls_platform_zeroize( secret_bytes, secret_len ); + + return( ret ); } #else @@ -2267,7 +2284,8 @@ static int ecp_mul_comb( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, rs_ctx->rsm->drbg_seeded == 0 ) #endif { - MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m ) ); + const size_t m_len = ( grp->nbits + 7 ) / 8; + MBEDTLS_MPI_CHK( ecp_drbg_seed( p_rng, m, m_len ) ); } #if defined(MBEDTLS_ECP_RESTARTABLE) if( rs_ctx != NULL && rs_ctx->rsm != NULL ) @@ -2551,7 +2569,8 @@ static int ecp_mul_mxz( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG) if( f_rng == NULL ) { - MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m ) ); + const size_t m_len = ( grp->nbits + 7 ) / 8; + MBEDTLS_MPI_CHK( ecp_drbg_seed( &drbg_ctx, m, m_len ) ); f_rng = &ecp_drbg_random; p_rng = &drbg_ctx; } From fa6860933d94f99c040fc2f4c054dad5b240370f Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Thu, 18 Jun 2020 14:37:31 +0200 Subject: [PATCH 181/247] Declare unused parameter Signed-off-by: Steven Cooreman --- library/psa_crypto_slot_management.c | 1 + 1 file changed, 1 insertion(+) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index ab66b1213..b312ff624 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -226,6 +226,7 @@ psa_status_t psa_validate_key_persistence( psa_key_lifetime_t lifetime, else return( PSA_ERROR_INVALID_ARGUMENT ); #else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ + (void) key_id; return( PSA_ERROR_NOT_SUPPORTED ); #endif /* !MBEDTLS_PSA_CRYPTO_STORAGE_C */ } From 1215c54754bc3a40efafc74d65c5155923934c22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Fri, 19 Jun 2020 11:59:49 +0200 Subject: [PATCH 182/247] Add length check in ecp_drbg_seed() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While this is a static function, so right now we know we don't need the check, things may change in the future, so better be on the safe side. Signed-off-by: Manuel Pégourié-Gonnard --- library/ecp.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/library/ecp.c b/library/ecp.c index be9e42d91..7b205160a 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -181,6 +181,12 @@ static int ecp_drbg_seed( ecp_drbg_context *ctx, const mbedtls_md_type_t md_type = mbedtls_md_list()[0]; const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_type ); + if( secret_len > MBEDTLS_ECP_MAX_BYTES ) + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, secret_bytes, secret_len ) ); @@ -237,6 +243,12 @@ static int ecp_drbg_seed( ecp_drbg_context *ctx, int ret; unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES]; + if( secret_len > MBEDTLS_ECP_MAX_BYTES ) + { + ret = MBEDTLS_ERR_ECP_RANDOM_FAILED; + goto cleanup; + } + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( secret, secret_bytes, secret_len ) ); From f4d9f21b9b9b39715b708599af8d5fd2bdd1495b Mon Sep 17 00:00:00 2001 From: nia Date: Fri, 19 Jun 2020 16:14:27 +0100 Subject: [PATCH 183/247] entropy: Rename sysctl_wrapper to sysctl_arnd_wrapper Signed-off-by: nia --- library/entropy_poll.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 203034eb4..69d06af48 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -129,7 +129,7 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #if defined(KERN_ARND) #define HAVE_SYSCTL_ARND -static int sysctl_wrapper ( void *buf, size_t buflen ) +static int sysctl_arnd_wrapper( void *buf, size_t buflen ) { int name[2]; size_t len; @@ -177,7 +177,7 @@ int mbedtls_platform_entropy_poll( void *data, #if defined(HAVE_SYSCTL_ARND) ((void) file); ((void) read_len); - if( sysctl_wrapper( output, len ) == -1 ) + if( sysctl_arnd_wrapper( output, len ) == -1 ) return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); *olen = len; return( 0 ); From 5430447a6efcac2f43120ea162e53e08b606386a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Jun 2020 10:11:47 +0200 Subject: [PATCH 184/247] Adjust comments about SEED synchronisation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 6 +++++- tests/scripts/basic-build-test.sh | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 00bf997f5..a22f7b960 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -123,7 +123,11 @@ pre_initialize_variables () { KEEP_GOING=0 # Seed value used with the --release-test option. - # !!! Keep this in sync with SEED in basic-build-test.sh !!! + # + # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if + # both values are kept in sync. If you change the value here because it + # breaks some tests, you'll definitely want to change it in + # basic-build-test.sh as well. RELEASE_SEED=1 : ${MBEDTLS_TEST_OUTCOME_FILE=} diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index f91b14466..8d71bbaea 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -44,7 +44,10 @@ fi : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} # Used to make ssl-opt.sh deterministic. -# !!! Keep this in sync with RELEASE_SEED in all.sh !!! +# +# See also RELEASE_SEED in all.sh. Debugging is easier if both values are kept +# in sync. If you change the value here because it breaks some tests, you'll +# definitely want to change it in all.sh as well. : ${SEED:=1} export SEED From 72d849d4b67c9b54f7e171d677a44fd88be84216 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 15 May 2020 17:07:16 +0200 Subject: [PATCH 185/247] cmake: Align declaration of include directory Align declaration of ./include include directory among libraries, static and shared. Signed-off-by: Ronald Cron --- library/CMakeLists.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index f6a186fae..960e232ae 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -168,10 +168,14 @@ if(USE_STATIC_MBEDTLS_LIBRARY) add_library(${mbedx509_static_target} STATIC ${src_x509}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target}) + target_include_directories(${mbedx509_static_target} + PUBLIC ${MBEDTLS_DIR}/include/) add_library(${mbedtls_static_target} STATIC ${src_tls}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target}) + target_include_directories(${mbedtls_static_target} + PUBLIC ${MBEDTLS_DIR}/include/) install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target} DESTINATION ${LIB_INSTALL_DIR} From 00f5b8cd63dca45d3045e72cb4ead2111ebbbdce Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 25 May 2020 09:39:09 +0200 Subject: [PATCH 186/247] cmake: Compile everest code only if necessary Compile everest code only if MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED is defined in config.h Signed-off-by: Ronald Cron --- 3rdparty/CMakeLists.txt | 6 +++++- 3rdparty/everest/CMakeLists.txt | 20 +++++++------------- 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt index dca4bd76b..4c5b5599d 100644 --- a/3rdparty/CMakeLists.txt +++ b/3rdparty/CMakeLists.txt @@ -3,7 +3,11 @@ list (APPEND thirdparty_lib) list (APPEND thirdparty_inc) list (APPEND thirdparty_def) -add_subdirectory(everest) +execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) + +if(${result} EQUAL 0) + add_subdirectory(everest) +endif() set(thirdparty_src ${thirdparty_src} PARENT_SCOPE) set(thirdparty_lib ${thirdparty_lib} PARENT_SCOPE) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index c27a8e5ee..a900e4b63 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -10,21 +10,15 @@ set(everest_src list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) -execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) +if(INSTALL_MBEDTLS_HEADERS) -if(${result} EQUAL 0) + install(DIRECTORY include/everest + DESTINATION include + FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ + DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE + FILES_MATCHING PATTERN "*.h") - if(INSTALL_MBEDTLS_HEADERS) - - install(DIRECTORY include/everest - DESTINATION include - FILE_PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ - DIRECTORY_PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE - FILES_MATCHING PATTERN "*.h") - - endif(INSTALL_MBEDTLS_HEADERS) - -endif() +endif(INSTALL_MBEDTLS_HEADERS) set(thirdparty_src ${thirdparty_src} ${everest_src} PARENT_SCOPE) set(thirdparty_inc ${thirdparty_inc} ${everest_inc} PARENT_SCOPE) From f19f312aa6e7ff6b75f62e07ac9bb1cd6aa10ad3 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 25 May 2020 10:26:37 +0200 Subject: [PATCH 187/247] cmake: Add 3rd party public include directories Add the possibility to distinguish between public and non-public include directories. Public directories are the one to use to access definitions of 3rd party code interfaces. Signed-off-by: Ronald Cron --- 3rdparty/CMakeLists.txt | 2 ++ 3rdparty/everest/CMakeLists.txt | 5 ++++- CMakeLists.txt | 1 + 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/3rdparty/CMakeLists.txt b/3rdparty/CMakeLists.txt index 4c5b5599d..18945e52e 100644 --- a/3rdparty/CMakeLists.txt +++ b/3rdparty/CMakeLists.txt @@ -1,5 +1,6 @@ list (APPEND thirdparty_src) list (APPEND thirdparty_lib) +list (APPEND thirdparty_inc_public) list (APPEND thirdparty_inc) list (APPEND thirdparty_def) @@ -11,5 +12,6 @@ endif() set(thirdparty_src ${thirdparty_src} PARENT_SCOPE) set(thirdparty_lib ${thirdparty_lib} PARENT_SCOPE) +set(thirdparty_inc_public ${thirdparty_inc_public} PARENT_SCOPE) set(thirdparty_inc ${thirdparty_inc} PARENT_SCOPE) set(thirdparty_def ${thirdparty_def} PARENT_SCOPE) diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index a900e4b63..d81d995f1 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -1,4 +1,5 @@ list (APPEND everest_src) +list (APPEND everest_inc_public) list (APPEND everest_inc) list (APPEND everest_def) @@ -8,7 +9,8 @@ set(everest_src ${CMAKE_CURRENT_SOURCE_DIR}/library/Hacl_Curve25519_joined.c ) -list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) +list(APPEND everest_inc_public ${CMAKE_CURRENT_SOURCE_DIR}/include) +list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) if(INSTALL_MBEDTLS_HEADERS) @@ -21,5 +23,6 @@ if(INSTALL_MBEDTLS_HEADERS) endif(INSTALL_MBEDTLS_HEADERS) set(thirdparty_src ${thirdparty_src} ${everest_src} PARENT_SCOPE) +set(thirdparty_inc_public ${thirdparty_inc_public} ${everest_inc_public} PARENT_SCOPE) set(thirdparty_inc ${thirdparty_inc} ${everest_inc} PARENT_SCOPE) set(thirdparty_def ${thirdparty_def} ${everest_def} PARENT_SCOPE) diff --git a/CMakeLists.txt b/CMakeLists.txt index 1f675c1ee..9c3c86ce1 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -219,6 +219,7 @@ endif(ENABLE_ZLIB_SUPPORT) add_subdirectory(include) add_subdirectory(3rdparty) +include_directories(${thirdparty_inc_public}) include_directories(${thirdparty_inc}) list(APPEND libs ${thirdparty_lib}) add_definitions(${thirdparty_def}) From 67d4b555b8e31a93eb6466c77cdd81fc78d613fe Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 22 May 2020 21:59:53 +0200 Subject: [PATCH 188/247] cmake: Limit scope of 3rd party definitions Don't define anymore globally third party include directories and compile definitions. Declare them within the scope of the crypto library target as per the third party source files. Note that targets linking to the crypto library inherit from the third party public include directories. Signed-off-by: Ronald Cron --- CMakeLists.txt | 3 --- library/CMakeLists.txt | 12 ++++++++++-- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9c3c86ce1..de50c72aa 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -219,10 +219,7 @@ endif(ENABLE_ZLIB_SUPPORT) add_subdirectory(include) add_subdirectory(3rdparty) -include_directories(${thirdparty_inc_public}) -include_directories(${thirdparty_inc}) list(APPEND libs ${thirdparty_lib}) -add_definitions(${thirdparty_def}) add_subdirectory(library) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 960e232ae..0a8b87cc7 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -163,7 +163,11 @@ if(USE_STATIC_MBEDTLS_LIBRARY) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) target_link_libraries(${mbedcrypto_static_target} ${libs}) target_include_directories(${mbedcrypto_static_target} - PUBLIC ${MBEDTLS_DIR}/include/) + PUBLIC ${MBEDTLS_DIR}/include/ + PUBLIC ${thirdparty_inc_public} + PRIVATE ${thirdparty_inc}) + target_compile_definitions(${mbedcrypto_static_target} + PRIVATE ${thirdparty_def}) add_library(${mbedx509_static_target} STATIC ${src_x509}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) @@ -188,7 +192,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY) set_target_properties(mbedcrypto PROPERTIES VERSION 2.22.0 SOVERSION 4) target_link_libraries(mbedcrypto ${libs}) target_include_directories(mbedcrypto - PUBLIC ${MBEDTLS_DIR}/include/) + PUBLIC ${MBEDTLS_DIR}/include/ + PUBLIC ${thirdparty_inc_public} + PRIVATE ${thirdparty_inc}) + target_compile_definitions(mbedcrypto + PRIVATE ${thirdparty_def}) add_library(mbedx509 SHARED ${src_x509}) set_target_properties(mbedx509 PROPERTIES VERSION 2.22.0 SOVERSION 1) From 855274113ac8b49a6d9d72e08d2f06e7d0c17b0a Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 15 May 2020 17:20:47 +0200 Subject: [PATCH 189/247] cmake: Remove global include directories Remove the declaration of ./include and ./library as include directories for all targets. Prefer being more local and declare include directories at the target level using target_include_directories(). Note that there is no need to declare explicitely ./include as an include directory for tests as they inherit it from the "mbed librairies". Signed-off-by: Ronald Cron --- CMakeLists.txt | 3 --- tests/CMakeLists.txt | 10 ++++++++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index de50c72aa..61f149f46 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -205,9 +205,6 @@ else() set(LIB_INSTALL_DIR lib) endif() -include_directories(include/) -include_directories(library/) - if(ENABLE_ZLIB_SUPPORT) find_package(ZLIB) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 39a7a2cd0..182109b51 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -48,7 +48,10 @@ function(add_test_suite suite_name) add_executable(test_suite_${data_name} test_suite_${data_name}.c $) target_link_libraries(test_suite_${data_name} ${libs}) - target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include) + target_include_directories(test_suite_${data_name} + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library) + if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX}) message(STATUS "The test suite ${data_name} will not be executed.") else() @@ -68,7 +71,10 @@ endif(MSVC) file(GLOB MBEDTESTS_FILES ${CMAKE_CURRENT_SOURCE_DIR}/src/*.c) add_library(mbedtests OBJECT ${MBEDTESTS_FILES}) -target_include_directories(mbedtests PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include) +target_include_directories(mbedtests + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library) add_test_suite(aes aes.cbc) add_test_suite(aes aes.cfb) From b1790af64802fa0a2f58cff1c3f2f464a82e3815 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 20 May 2020 15:34:47 +0200 Subject: [PATCH 190/247] cmake: Add include directory policy documentation Signed-off-by: Ronald Cron --- CMakeLists.txt | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 61f149f46..783852549 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,3 +1,21 @@ +# +# CMake build system design considerations: +# +# - Include directories: +# + Do not define include directories globally using the include_directories +# command but rather at the target level using the +# target_include_directories command. That way, it is easier to guarantee +# that targets are built using the proper list of include directories. +# + Use the PUBLIC and PRIVATE keywords to specifiy the scope of include +# directories. That way, a target linking to a library (using the +# target_link_librairies command) inherits from the library PUBLIC include +# directories and not from the PRIVATE ones. +# + Note: there is currently one remaining include_directories command in the +# CMake files. It is related to ZLIB support which is planned to be removed. +# When the support is removed, the associated include_directories command +# will be removed as well as this note. +# + cmake_minimum_required(VERSION 2.6) if(TEST_CPP) project("mbed TLS" C CXX) From 511bc8c57b2f1e89cce28440fa97cf49860646be Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Tue, 23 Jun 2020 00:15:28 +0200 Subject: [PATCH 191/247] add comment about potential future extension as requested, see https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r443836568 Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 038d2114e..ab0d0cdbc 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -311,6 +311,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * it encounters either an unsupported extension or a * "certificate policies" extension containing any * unsupported certificate policies. + * Future versions of the library may invoke the callback + * in other cases, if and when the need arises. * * \param p_ctx An opaque context passed to the callback. * \param crt The certificate being parsed. @@ -372,6 +374,8 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, * When the callback fails to parse a non critical extension * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips * the extension and continues parsing. + * Future versions of the library may invoke the callback + * in other cases, if and when the need arises. * * \return \c 0 if successful. * \return A negative error code on failure. From e3fdcfa45cfec2f38fe27bacd5470a4bf8c77bc1 Mon Sep 17 00:00:00 2001 From: nia Date: Tue, 23 Jun 2020 21:03:01 +0100 Subject: [PATCH 192/247] entropy: Avoid arithmetic on void pointer Signed-off-by: nia --- library/entropy_poll.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 69d06af48..aaff26f48 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -131,6 +131,7 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) static int sysctl_arnd_wrapper( void *buf, size_t buflen ) { + unsigned char *output = buf; int name[2]; size_t len; @@ -140,10 +141,10 @@ static int sysctl_arnd_wrapper( void *buf, size_t buflen ) while( buflen > 0 ) { len = buflen > 256 ? 256 : buflen; - if( sysctl(name, 2, buf, &len, NULL, 0) == -1 ) + if( sysctl(name, 2, output, &len, NULL, 0) == -1 ) return( -1 ); buflen -= len; - buf += len; + output += len; } return( 0 ); } From 8373c86628bbde28ed7dadf32e7dec80e7045aa2 Mon Sep 17 00:00:00 2001 From: nia Date: Wed, 24 Jun 2020 17:15:02 +0100 Subject: [PATCH 193/247] entropy: Adjust parameter type of internal function to avoid a cast Signed-off-by: nia --- library/entropy_poll.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index aaff26f48..dc621836e 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -129,9 +129,8 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #if defined(KERN_ARND) #define HAVE_SYSCTL_ARND -static int sysctl_arnd_wrapper( void *buf, size_t buflen ) +static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen ) { - unsigned char *output = buf; int name[2]; size_t len; @@ -141,10 +140,10 @@ static int sysctl_arnd_wrapper( void *buf, size_t buflen ) while( buflen > 0 ) { len = buflen > 256 ? 256 : buflen; - if( sysctl(name, 2, output, &len, NULL, 0) == -1 ) + if( sysctl(name, 2, buf, &len, NULL, 0) == -1 ) return( -1 ); buflen -= len; - output += len; + buf += len; } return( 0 ); } From 68a98516f61b2e48ad91cbd74210d9503419d19b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 14:19:09 +0200 Subject: [PATCH 194/247] basic-in-docker: call all.sh for sanity checks Call all.sh for sanity checks, rather than maintain an explicit list. This was done in .travis.yml in 3c7ffd7a4091916db501d41c8e9ce6bc7e2f0586 Travis has diverged from basic-in-docker. This commit updates the description of basic-in-docker to no longer refer to Travis. Alignment with Travis may be desirable but that is beyond the scope of this commit. Signed-off-by: Gilles Peskine --- tests/scripts/basic-in-docker.sh | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/tests/scripts/basic-in-docker.sh b/tests/scripts/basic-in-docker.sh index 37ed5ea50..83d665598 100755 --- a/tests/scripts/basic-in-docker.sh +++ b/tests/scripts/basic-in-docker.sh @@ -4,8 +4,10 @@ # # Purpose # ------- -# This runs a rough equivalent of the travis.yml in a Docker container. -# The tests are run for both clang and gcc. +# This runs sanity checks and library tests in a Docker container. The tests +# are run for both clang and gcc. The testing includes a full test run +# in the default configuration, partial test runs in the reference +# configurations, and some dependency tests. # # Notes for users # --------------- @@ -30,12 +32,7 @@ source tests/scripts/docker_env.sh -run_in_docker tests/scripts/recursion.pl library/*.c -run_in_docker tests/scripts/check-generated-files.sh -run_in_docker tests/scripts/check-doxy-blocks.pl -run_in_docker tests/scripts/check-names.sh -run_in_docker tests/scripts/check-files.py -run_in_docker tests/scripts/doxygen.sh +run_in_docker tests/scripts/all.sh 'check_*' for compiler in clang gcc; do run_in_docker -e CC=${compiler} cmake -D CMAKE_BUILD_TYPE:String="Check" . From fb4f933f8e47c86bad133a3a5bb6c492f89267e1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 14:18:34 +0200 Subject: [PATCH 195/247] Rename Python scripts to use '_' and not '-' You can't import a Python script whose name includes '-'. Signed-off-by: Gilles Peskine --- docs/architecture/testing/test-framework.md | 4 ++-- tests/scripts/all.sh | 4 ++-- tests/scripts/{check-files.py => check_files.py} | 0 tests/scripts/{check-test-cases.py => check_test_cases.py} | 0 4 files changed, 4 insertions(+), 4 deletions(-) rename tests/scripts/{check-files.py => check_files.py} (100%) rename tests/scripts/{check-test-cases.py => check_test_cases.py} (100%) diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md index e0e960f87..c4178fa17 100644 --- a/docs/architecture/testing/test-framework.md +++ b/docs/architecture/testing/test-framework.md @@ -22,7 +22,7 @@ Each test case has a description which succinctly describes for a human audience * Make the description descriptive. “foo: x=2, y=4” is more descriptive than “foo #2”. “foo: 0 Date: Thu, 25 Jun 2020 11:48:11 +0100 Subject: [PATCH 196/247] Add ChangeLog entry for #3147: MSVC flags Signed-off-by: Janos Follath --- ChangeLog.d/align-msvc-flags.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/align-msvc-flags.txt diff --git a/ChangeLog.d/align-msvc-flags.txt b/ChangeLog.d/align-msvc-flags.txt new file mode 100644 index 000000000..02de3fd34 --- /dev/null +++ b/ChangeLog.d/align-msvc-flags.txt @@ -0,0 +1,3 @@ +Changes + * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes + Martinho. #3147 From 8a43bd1d20b438344ea0448847989483087c5fcb Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 25 Jun 2020 11:48:27 +0100 Subject: [PATCH 197/247] Add ChangeLog entry for #3217: avoid re-assignment Signed-off-by: Janos Follath --- ChangeLog.d/remove-extra-assignment.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/remove-extra-assignment.txt diff --git a/ChangeLog.d/remove-extra-assignment.txt b/ChangeLog.d/remove-extra-assignment.txt new file mode 100644 index 000000000..a98c42347 --- /dev/null +++ b/ChangeLog.d/remove-extra-assignment.txt @@ -0,0 +1,3 @@ +Changes + * Remove superfluous assignment in mbedtls_ssl_parse_certificate(). Reported + in #3182 and fix submitted by irwir. #3217 From 3ec2e4a464df942c14b369acf5f7913d8ff94ad1 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 25 Jun 2020 11:53:33 +0100 Subject: [PATCH 198/247] Add ChangeLog entry for #3239: win2k net support Signed-off-by: Janos Follath --- ChangeLog.d/add_win2k_net_socket.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/add_win2k_net_socket.txt diff --git a/ChangeLog.d/add_win2k_net_socket.txt b/ChangeLog.d/add_win2k_net_socket.txt new file mode 100644 index 000000000..9842c5d87 --- /dev/null +++ b/ChangeLog.d/add_win2k_net_socket.txt @@ -0,0 +1,2 @@ +Features + * Add support for Windows 2000 in net_sockets. Contributed by opatomic. #3239 From 0b849818d38918415d1c9a735fb79d0d90f544e4 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 25 Jun 2020 13:08:25 +0100 Subject: [PATCH 199/247] Add ChangeLog entry for #3311: fix uninitialised variable Signed-off-by: Janos Follath --- ChangeLog.d/make-cpp-check-happy.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 ChangeLog.d/make-cpp-check-happy.txt diff --git a/ChangeLog.d/make-cpp-check-happy.txt b/ChangeLog.d/make-cpp-check-happy.txt new file mode 100644 index 000000000..2ae74cb0a --- /dev/null +++ b/ChangeLog.d/make-cpp-check-happy.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix false positive uninitialised variable reported by cpp-check. + Contributed by Sander Visser in #3311. From a805c4d3288facd050851924d39c41f3fac9e373 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 25 Jun 2020 13:21:15 +0100 Subject: [PATCH 200/247] Add ChangeLog entry for #3319: fix typo in test Signed-off-by: Janos Follath --- ChangeLog.d/fix-typo-in-xts-test.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/fix-typo-in-xts-test.txt diff --git a/ChangeLog.d/fix-typo-in-xts-test.txt b/ChangeLog.d/fix-typo-in-xts-test.txt new file mode 100644 index 000000000..4711b8cf9 --- /dev/null +++ b/ChangeLog.d/fix-typo-in-xts-test.txt @@ -0,0 +1,2 @@ +Changes + * Fix typo in XTS tests. Reported and fix submitted by Kxuan. #3319 From d34e9e450f984605d2fbb04e605efe55c6ecd288 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 16:16:25 +0200 Subject: [PATCH 201/247] check_test_cases: parametrize iteration functions by the action Parametrize the code that iterates over test case descriptions by the function to apply on each description. No behavior change. Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 50 ++++++++++++++++++++----------- 1 file changed, 32 insertions(+), 18 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 35a998749..f25b602c7 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -76,10 +76,13 @@ def check_description(results, seen, file_name, line_number, description): len(description)) seen[description] = line_number -def check_test_suite(results, data_file_name): - """Check the test cases in the given unit test data file.""" +def walk_test_suite(function, results, descriptions, data_file_name): + """Iterate over the test cases in the given unit test data file. + +Call function(results, descriptions, data_file_name, line_number, description) +on each description. +""" in_paragraph = False - descriptions = {} with open(data_file_name, 'rb') as data_file: for line_number, line in enumerate(data_file, 1): line = line.rstrip(b'\r\n') @@ -90,13 +93,16 @@ def check_test_suite(results, data_file_name): continue if not in_paragraph: # This is a test case description line. - check_description(results, descriptions, - data_file_name, line_number, line) + function(results, descriptions, + data_file_name, line_number, line) in_paragraph = True -def check_ssl_opt_sh(results, file_name): - """Check the test cases in ssl-opt.sh or a file with a similar format.""" - descriptions = {} +def walk_ssl_opt_sh(function, results, descriptions, file_name): + """Iterate over the test cases in ssl-opt.sh or a file with a similar format. + +Call function(results, descriptions, file_name, line_number, description) +on each description. +""" with open(file_name, 'rb') as file_contents: for line_number, line in enumerate(file_contents, 1): # Assume that all run_test calls have the same simple form @@ -106,8 +112,23 @@ def check_ssl_opt_sh(results, file_name): if not m: continue description = m.group(1) - check_description(results, descriptions, - file_name, line_number, description) + function(results, descriptions, + file_name, line_number, description) + +def walk_all(function, results): + """Iterate over all named test cases. + +Call function(results, {}, file_name, line_number, description) +on each description. +""" + test_directories = collect_test_directories() + for directory in test_directories: + for data_file_name in glob.glob(os.path.join(directory, 'suites', + '*.data')): + walk_test_suite(function, results, {}, data_file_name) + ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') + if os.path.exists(ssl_opt_sh): + walk_ssl_opt_sh(function, results, {}, ssl_opt_sh) def main(): parser = argparse.ArgumentParser(description=__doc__) @@ -118,15 +139,8 @@ def main(): action='store_false', dest='quiet', help='Show warnings (default: on; undoes --quiet)') options = parser.parse_args() - test_directories = collect_test_directories() results = Results(options) - for directory in test_directories: - for data_file_name in glob.glob(os.path.join(directory, 'suites', - '*.data')): - check_test_suite(results, data_file_name) - ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') - if os.path.exists(ssl_opt_sh): - check_ssl_opt_sh(results, ssl_opt_sh) + walk_all(check_description, results) if (results.warnings or results.errors) and not options.quiet: sys.stderr.write('{}: {} errors, {} warnings\n' .format(sys.argv[0], results.errors, results.warnings)) From f5ea29adcb42c3edcb88629148590c35f7da85d1 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Jun 2020 10:42:29 +0200 Subject: [PATCH 202/247] tests: Improve naming of build common test variables Use the mbedtls_test_ prefix for (c)make variables related to test common code. This aligns with the prefix used for the common test functions. Signed-off-by: Ronald Cron --- tests/CMakeLists.txt | 8 ++++---- tests/Makefile | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 182109b51..ce608c3a2 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -46,7 +46,7 @@ function(add_test_suite suite_name) DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) - add_executable(test_suite_${data_name} test_suite_${data_name}.c $) + add_executable(test_suite_${data_name} test_suite_${data_name}.c $) target_link_libraries(test_suite_${data_name} ${libs}) target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include @@ -69,9 +69,9 @@ if(MSVC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) -file(GLOB MBEDTESTS_FILES ${CMAKE_CURRENT_SOURCE_DIR}/src/*.c) -add_library(mbedtests OBJECT ${MBEDTESTS_FILES}) -target_include_directories(mbedtests +file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/src/*.c) +add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) +target_include_directories(mbedtls_test PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library) diff --git a/tests/Makefile b/tests/Makefile index 6f3179cff..68f85d2d3 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -77,7 +77,7 @@ all: $(BINARIES) $(MBEDLIBS): $(MAKE) -C ../library -MBEDTESTS_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c)) +MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c)) # Rule to compile common test C files in src folder src/%.o : src/%.c @@ -112,9 +112,9 @@ C_FILES := $(addsuffix .c,$(APPS)) -o . -$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(MBEDTESTS_OBJS) +$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(MBEDTLS_TEST_OBJS) echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(MBEDTESTS_OBJS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(MBEDTLS_TEST_OBJS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ # Some test suites require additional header files. $(filter test_suite_psa_crypto%, $(BINARIES)): include/test/psa_crypto_helpers.h From 5df1be91f3c32db2e2fb827a518eb592840f6611 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 5 Jun 2020 11:47:07 +0200 Subject: [PATCH 203/247] programs: ssl: cmake: Reorder declaration of executables Reorder declaration of executables in alphabetic order. Signed-off-by: Ronald Cron --- programs/ssl/CMakeLists.txt | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index 32fb3c44f..b6b657c7a 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -30,6 +30,9 @@ target_link_libraries(dtls_client ${libs}) add_executable(dtls_server dtls_server.c) target_link_libraries(dtls_server ${libs}) +add_executable(mini_client mini_client.c) +target_link_libraries(mini_client ${libs}) + add_executable(ssl_client1 ssl_client1.c) target_link_libraries(ssl_client1 ${libs}) @@ -37,13 +40,6 @@ add_executable(ssl_client2 ssl_client2.c) target_sources(ssl_client2 PUBLIC ../test/query_config.c) target_link_libraries(ssl_client2 ${libs}) -add_executable(ssl_server ssl_server.c) -target_link_libraries(ssl_server ${libs}) - -add_executable(ssl_server2 ssl_server2.c) -target_sources(ssl_server2 PUBLIC ../test/query_config.c) -target_link_libraries(ssl_server2 ${libs}) - add_executable(ssl_context_info ssl_context_info.c) target_link_libraries(ssl_context_info ${libs}) @@ -53,8 +49,12 @@ target_link_libraries(ssl_fork_server ${libs}) add_executable(ssl_mail_client ssl_mail_client.c) target_link_libraries(ssl_mail_client ${libs}) -add_executable(mini_client mini_client.c) -target_link_libraries(mini_client ${libs}) +add_executable(ssl_server ssl_server.c) +target_link_libraries(ssl_server ${libs}) + +add_executable(ssl_server2 ssl_server2.c) +target_sources(ssl_server2 PUBLIC ../test/query_config.c) +target_link_libraries(ssl_server2 ${libs}) if(THREADS_FOUND) add_executable(ssl_pthread_server ssl_pthread_server.c) From 27731130cf4003ed1df641141b5b4c7bcb9bf63d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 5 Jun 2020 11:51:28 +0200 Subject: [PATCH 204/247] programs: ssl: cmake: Add missing executables Add the executables missing in the list of executables to install. Signed-off-by: Ronald Cron --- programs/ssl/CMakeLists.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index b6b657c7a..aaa9a0ac9 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -11,9 +11,11 @@ set(targets mini_client ssl_client1 ssl_client2 + ssl_context_info ssl_fork_server ssl_mail_client ssl_server + ssl_server2 ) if(USE_PKCS11_HELPER_LIBRARY) From 0b90c9d7472fe7d82d82cb2aabd9be6dba29edba Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 5 Jun 2020 14:02:43 +0200 Subject: [PATCH 205/247] programs: cmake: Fix relative path warnings The path to source files were relative which triggered warnings when generating the build system. Move to absolute paths based on CMAKE_CURRENT_SOURCE_DIR. Signed-off-by: Ronald Cron --- programs/ssl/CMakeLists.txt | 4 ++-- programs/test/CMakeLists.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index aaa9a0ac9..d6ba2ac2f 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -39,7 +39,7 @@ add_executable(ssl_client1 ssl_client1.c) target_link_libraries(ssl_client1 ${libs}) add_executable(ssl_client2 ssl_client2.c) -target_sources(ssl_client2 PUBLIC ../test/query_config.c) +target_sources(ssl_client2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) target_link_libraries(ssl_client2 ${libs}) add_executable(ssl_context_info ssl_context_info.c) @@ -55,7 +55,7 @@ add_executable(ssl_server ssl_server.c) target_link_libraries(ssl_server ${libs}) add_executable(ssl_server2 ssl_server2.c) -target_sources(ssl_server2 PUBLIC ../test/query_config.c) +target_sources(ssl_server2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) target_link_libraries(ssl_server2 ${libs}) if(THREADS_FOUND) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index a26c096de..ec36d67e6 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -28,7 +28,7 @@ add_executable(zeroize zeroize.c) target_link_libraries(zeroize mbedcrypto) add_executable(query_compile_time_config query_compile_time_config.c) -target_sources(query_compile_time_config PUBLIC query_config.c) +target_sources(query_compile_time_config PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c) target_link_libraries(query_compile_time_config mbedcrypto) install(TARGETS selftest benchmark udp_proxy query_compile_time_config From bfd45f1f11384232399fb9e2d7d1701b637e57dc Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 5 Jun 2020 11:15:31 +0200 Subject: [PATCH 206/247] programs: cmake: Use list of executables Use list of executables to: - factorize the code to define executables - highlight the similarities and differences of the executable definitions - avoid list duplication Use alphabetic order for executables in lists. Signed-off-by: Ronald Cron --- programs/aes/CMakeLists.txt | 14 +++-- programs/fuzz/CMakeLists.txt | 101 ++++++++++++--------------------- programs/hash/CMakeLists.txt | 14 +++-- programs/pkey/CMakeLists.txt | 90 +++++++++++------------------ programs/psa/CMakeLists.txt | 20 +++---- programs/random/CMakeLists.txt | 18 +++--- programs/ssl/CMakeLists.txt | 54 +++++------------- programs/test/CMakeLists.txt | 34 ++++++----- programs/util/CMakeLists.txt | 14 +++-- programs/x509/CMakeLists.txt | 26 ++++----- 10 files changed, 165 insertions(+), 220 deletions(-) diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 6c4c7e10f..761531dae 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -1,9 +1,13 @@ -add_executable(aescrypt2 aescrypt2.c) -target_link_libraries(aescrypt2 mbedcrypto) +set(executables + aescrypt2 + crypt_and_hash +) -add_executable(crypt_and_hash crypt_and_hash.c) -target_link_libraries(crypt_and_hash mbedcrypto) +foreach(exe IN LISTS executables) + add_executable(${exe} ${exe}.c) + target_link_libraries(${exe} mbedcrypto) +endforeach() -install(TARGETS aescrypt2 crypt_and_hash +install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 17ec3f64c..9d4043a40 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -11,70 +11,41 @@ if(ENABLE_ZLIB_SUPPORT) endif(ENABLE_ZLIB_SUPPORT) find_library(FUZZINGENGINE_LIB FuzzingEngine) - -if(NOT FUZZINGENGINE_LIB) - add_executable(fuzz_x509csr fuzz_x509csr.c onefile.c) - target_link_libraries(fuzz_x509csr ${libs}) - - add_executable(fuzz_x509crl fuzz_x509crl.c onefile.c) - target_link_libraries(fuzz_x509crl ${libs}) - - add_executable(fuzz_x509crt fuzz_x509crt.c onefile.c) - target_link_libraries(fuzz_x509crt ${libs}) - - add_executable(fuzz_privkey fuzz_privkey.c onefile.c) - target_link_libraries(fuzz_privkey ${libs}) - - add_executable(fuzz_pubkey fuzz_pubkey.c onefile.c) - target_link_libraries(fuzz_pubkey ${libs}) - - add_executable(fuzz_client fuzz_client.c common.c onefile.c) - target_link_libraries(fuzz_client ${libs}) - - add_executable(fuzz_server fuzz_server.c common.c onefile.c) - target_link_libraries(fuzz_server ${libs}) - - add_executable(fuzz_dtlsclient fuzz_dtlsclient.c common.c onefile.c) - target_link_libraries(fuzz_dtlsclient ${libs}) - - add_executable(fuzz_dtlsserver fuzz_dtlsserver.c common.c onefile.c) - target_link_libraries(fuzz_dtlsserver ${libs}) -else() +if(FUZZINGENGINE_LIB) project(fuzz CXX) - - add_executable(fuzz_x509csr fuzz_x509csr.c) - target_link_libraries(fuzz_x509csr ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(fuzz_x509csr PROPERTIES LINKER_LANGUAGE CXX) - - add_executable(fuzz_x509crl fuzz_x509crl.c) - target_link_libraries(fuzz_x509crl ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(fuzz_x509crl PROPERTIES LINKER_LANGUAGE CXX) - - add_executable(fuzz_x509crt fuzz_x509crt.c) - target_link_libraries(fuzz_x509crt ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(fuzz_x509crt PROPERTIES LINKER_LANGUAGE CXX) - - add_executable(fuzz_privkey fuzz_privkey.c) - target_link_libraries(fuzz_privkey ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(fuzz_privkey PROPERTIES LINKER_LANGUAGE CXX) - - add_executable(fuzz_pubkey fuzz_pubkey.c) - target_link_libraries(fuzz_pubkey ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(fuzz_pubkey PROPERTIES LINKER_LANGUAGE CXX) - - add_executable(fuzz_client fuzz_client.c common.c) - target_link_libraries(fuzz_client ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(fuzz_client PROPERTIES LINKER_LANGUAGE CXX) - - add_executable(fuzz_server fuzz_server.c common.c) - target_link_libraries(fuzz_server ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(fuzz_server PROPERTIES LINKER_LANGUAGE CXX) - - add_executable(fuzz_dtlsclient fuzz_dtlsclient.c common.c) - target_link_libraries(fuzz_dtlsclient ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(fuzz_dtlsclient PROPERTIES LINKER_LANGUAGE CXX) - - add_executable(fuzz_dtlsserver fuzz_dtlsserver.c common.c) - target_link_libraries(fuzz_dtlsserver ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(fuzz_dtlsserver PROPERTIES LINKER_LANGUAGE CXX) endif() + +set(executables_no_common_c + fuzz_privkey + fuzz_pubkey + fuzz_x509crl + fuzz_x509crt + fuzz_x509csr +) + +set(executables_with_common_c + fuzz_client + fuzz_dtlsclient + fuzz_dtlsserver + fuzz_server +) + +foreach(exe IN LISTS executables_no_common_c executables_with_common_c) + + add_executable(${exe} ${exe}.c) + + if (NOT FUZZINGENGINE_LIB) + target_link_libraries(${exe} ${libs}) + target_sources(${exe} PRIVATE onefile.c) + else() + target_link_libraries(${exe} ${libs} FuzzingEngine) + SET_TARGET_PROPERTIES(${exe} PROPERTIES LINKER_LANGUAGE CXX) + endif() + + # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 + list(FIND executables_with_common_c ${exe} exe_index) + if (${exe_index} GREATER -1) + target_sources(${exe} PRIVATE common.c) + endif() + +endforeach() diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index 3c6cca9d4..0b4a1c540 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -1,9 +1,13 @@ -add_executable(hello hello.c) -target_link_libraries(hello mbedcrypto) +set(executables + generic_sum + hello +) -add_executable(generic_sum generic_sum.c) -target_link_libraries(generic_sum mbedcrypto) +foreach(exe IN LISTS executables) + add_executable(${exe} ${exe}.c) + target_link_libraries(${exe} mbedcrypto) +endforeach() -install(TARGETS hello generic_sum +install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index 8456228db..17a252d88 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -1,63 +1,39 @@ -add_executable(dh_client dh_client.c) -target_link_libraries(dh_client mbedtls) +set(executables_mbedtls + dh_client + dh_server +) -add_executable(dh_genprime dh_genprime.c) -target_link_libraries(dh_genprime mbedcrypto) +foreach(exe IN LISTS executables_mbedtls) + add_executable(${exe} ${exe}.c) + target_link_libraries(${exe} mbedtls) +endforeach() -add_executable(dh_server dh_server.c) -target_link_libraries(dh_server mbedtls) +set(executables_mbedcrypto + dh_genprime + ecdh_curve25519 + ecdsa + gen_key + key_app + key_app_writer + mpi_demo + pk_encrypt + pk_decrypt + pk_sign + pk_verify + rsa_decrypt + rsa_encrypt + rsa_genkey + rsa_sign + rsa_sign_pss + rsa_verify + rsa_verify_pss +) -add_executable(ecdh_curve25519 ecdh_curve25519.c) -target_link_libraries(ecdh_curve25519 mbedcrypto) +foreach(exe IN LISTS executables_mbedcrypto) + add_executable(${exe} ${exe}.c) + target_link_libraries(${exe} mbedcrypto) +endforeach() -add_executable(ecdsa ecdsa.c) -target_link_libraries(ecdsa mbedcrypto) - -add_executable(gen_key gen_key.c) -target_link_libraries(gen_key mbedcrypto) - -add_executable(key_app key_app.c) -target_link_libraries(key_app mbedcrypto) - -add_executable(key_app_writer key_app_writer.c) -target_link_libraries(key_app_writer mbedcrypto) - -add_executable(mpi_demo mpi_demo.c) -target_link_libraries(mpi_demo mbedcrypto) - -add_executable(rsa_genkey rsa_genkey.c) -target_link_libraries(rsa_genkey mbedcrypto) - -add_executable(rsa_sign rsa_sign.c) -target_link_libraries(rsa_sign mbedcrypto) - -add_executable(rsa_verify rsa_verify.c) -target_link_libraries(rsa_verify mbedcrypto) - -add_executable(rsa_sign_pss rsa_sign_pss.c) -target_link_libraries(rsa_sign_pss mbedcrypto) - -add_executable(rsa_verify_pss rsa_verify_pss.c) -target_link_libraries(rsa_verify_pss mbedcrypto) - -add_executable(rsa_encrypt rsa_encrypt.c) -target_link_libraries(rsa_encrypt mbedcrypto) - -add_executable(rsa_decrypt rsa_decrypt.c) -target_link_libraries(rsa_decrypt mbedcrypto) - -add_executable(pk_sign pk_sign.c) -target_link_libraries(pk_sign mbedcrypto) - -add_executable(pk_verify pk_verify.c) -target_link_libraries(pk_verify mbedcrypto) - -add_executable(pk_encrypt pk_encrypt.c) -target_link_libraries(pk_encrypt mbedcrypto) - -add_executable(pk_decrypt pk_decrypt.c) -target_link_libraries(pk_decrypt mbedcrypto) - -install(TARGETS dh_client dh_genprime dh_server key_app mpi_demo rsa_genkey rsa_sign rsa_verify rsa_encrypt rsa_decrypt pk_encrypt pk_decrypt pk_sign pk_verify gen_key +install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index 4373cebc8..4fe795282 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -1,12 +1,15 @@ -add_executable(crypto_examples crypto_examples.c) -target_link_libraries(crypto_examples mbedtls) +set(executables + crypto_examples + key_ladder_demo + psa_constant_names +) -add_executable(key_ladder_demo key_ladder_demo.c) -target_link_libraries(key_ladder_demo mbedtls) +foreach(exe IN LISTS executables) + add_executable(${exe} ${exe}.c) + target_link_libraries(${exe} mbedtls) +endforeach() -add_executable(psa_constant_names psa_constant_names.c) target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) -target_link_libraries(psa_constant_names mbedtls) add_custom_target( psa_constant_names_generated @@ -15,10 +18,7 @@ add_custom_target( ) add_dependencies(psa_constant_names psa_constant_names_generated) -install(TARGETS - crypto_examples - key_ladder_demo - psa_constant_names +install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index 630c66e9d..6ef212cbd 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -1,12 +1,14 @@ -add_executable(gen_random_havege gen_random_havege.c) -target_link_libraries(gen_random_havege mbedcrypto) +set(executables + gen_entropy + gen_random_ctr_drbg + gen_random_havege +) -add_executable(gen_random_ctr_drbg gen_random_ctr_drbg.c) -target_link_libraries(gen_random_ctr_drbg mbedcrypto) +foreach(exe IN LISTS executables) + add_executable(${exe} ${exe}.c) + target_link_libraries(${exe} mbedcrypto) +endforeach() -add_executable(gen_entropy gen_entropy.c) -target_link_libraries(gen_entropy mbedcrypto) - -install(TARGETS gen_random_havege gen_random_ctr_drbg gen_entropy +install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index d6ba2ac2f..edd8b3542 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -5,7 +5,15 @@ set(libs mbedtls ) -set(targets +if(USE_PKCS11_HELPER_LIBRARY) + set(libs ${libs} pkcs11-helper) +endif(USE_PKCS11_HELPER_LIBRARY) + +if(ENABLE_ZLIB_SUPPORT) + set(libs ${libs} ${ZLIB_LIBRARIES}) +endif(ENABLE_ZLIB_SUPPORT) + +set(executables dtls_client dtls_server mini_client @@ -18,52 +26,20 @@ set(targets ssl_server2 ) -if(USE_PKCS11_HELPER_LIBRARY) - set(libs ${libs} pkcs11-helper) -endif(USE_PKCS11_HELPER_LIBRARY) +foreach(exe IN LISTS executables) + add_executable(${exe} ${exe}.c) + target_link_libraries(${exe} ${libs}) +endforeach() -if(ENABLE_ZLIB_SUPPORT) - set(libs ${libs} ${ZLIB_LIBRARIES}) -endif(ENABLE_ZLIB_SUPPORT) - -add_executable(dtls_client dtls_client.c) -target_link_libraries(dtls_client ${libs}) - -add_executable(dtls_server dtls_server.c) -target_link_libraries(dtls_server ${libs}) - -add_executable(mini_client mini_client.c) -target_link_libraries(mini_client ${libs}) - -add_executable(ssl_client1 ssl_client1.c) -target_link_libraries(ssl_client1 ${libs}) - -add_executable(ssl_client2 ssl_client2.c) target_sources(ssl_client2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) -target_link_libraries(ssl_client2 ${libs}) - -add_executable(ssl_context_info ssl_context_info.c) -target_link_libraries(ssl_context_info ${libs}) - -add_executable(ssl_fork_server ssl_fork_server.c) -target_link_libraries(ssl_fork_server ${libs}) - -add_executable(ssl_mail_client ssl_mail_client.c) -target_link_libraries(ssl_mail_client ${libs}) - -add_executable(ssl_server ssl_server.c) -target_link_libraries(ssl_server ${libs}) - -add_executable(ssl_server2 ssl_server2.c) target_sources(ssl_server2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) -target_link_libraries(ssl_server2 ${libs}) if(THREADS_FOUND) add_executable(ssl_pthread_server ssl_pthread_server.c) target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT}) - set(targets ${targets} ssl_pthread_server) + list(APPEND executables ssl_pthread_server) endif(THREADS_FOUND) -install(TARGETS ${targets} +install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index ec36d67e6..33a4ee207 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -10,27 +10,35 @@ if(ENABLE_ZLIB_SUPPORT) set(libs ${libs} ${ZLIB_LIBRARIES}) endif(ENABLE_ZLIB_SUPPORT) -add_executable(selftest selftest.c) -target_link_libraries(selftest ${libs}) +set(executables_libs + selftest + udp_proxy +) -add_executable(benchmark benchmark.c) -target_link_libraries(benchmark mbedcrypto) +set(executables_mbedcrypto + benchmark + query_compile_time_config + zeroize +) if(TEST_CPP) - add_executable(cpp_dummy_build cpp_dummy_build.cpp) - target_link_libraries(cpp_dummy_build mbedcrypto) + list(APPEND executables_mbedcrypto cpp_dummy_build) endif() -add_executable(udp_proxy udp_proxy.c) -target_link_libraries(udp_proxy ${libs}) +foreach(exe IN LISTS executables_libs executables_mbedcrypto) + add_executable(${exe} ${exe}.c) -add_executable(zeroize zeroize.c) -target_link_libraries(zeroize mbedcrypto) + # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 + list(FIND executables_libs ${exe} exe_index) + if (${exe_index} GREATER -1) + target_link_libraries(${exe} ${libs}) + else() + target_link_libraries(${exe} mbedcrypto) + endif() +endforeach() -add_executable(query_compile_time_config query_compile_time_config.c) target_sources(query_compile_time_config PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/query_config.c) -target_link_libraries(query_compile_time_config mbedcrypto) -install(TARGETS selftest benchmark udp_proxy query_compile_time_config +install(TARGETS ${executables_libs} ${executables_mbedcrypto} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index 4c3fb0dfa..0fd6ada00 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -2,12 +2,16 @@ set(libs mbedcrypto ) -add_executable(strerror strerror.c) -target_link_libraries(strerror ${libs}) +set(executables + pem2der + strerror +) -add_executable(pem2der pem2der.c) -target_link_libraries(pem2der ${libs}) +foreach(exe IN LISTS executables) + add_executable(${exe} ${exe}.c) + target_link_libraries(${exe} ${libs}) +endforeach() -install(TARGETS strerror pem2der +install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index 68dec99a0..02d783c27 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -10,21 +10,21 @@ if(ENABLE_ZLIB_SUPPORT) set(libs ${libs} ${ZLIB_LIBRARIES}) endif(ENABLE_ZLIB_SUPPORT) -add_executable(cert_app cert_app.c) -target_link_libraries(cert_app ${libs} mbedtls) +set(executables + cert_app + cert_req + cert_write + crl_app + req_app +) -add_executable(crl_app crl_app.c) -target_link_libraries(crl_app ${libs}) +foreach(exe IN LISTS executables) + add_executable(${exe} ${exe}.c) + target_link_libraries(${exe} ${libs}) +endforeach() -add_executable(req_app req_app.c) -target_link_libraries(req_app ${libs}) +target_link_libraries(cert_app mbedtls) -add_executable(cert_req cert_req.c) -target_link_libraries(cert_req ${libs}) - -add_executable(cert_write cert_write.c) -target_link_libraries(cert_write ${libs}) - -install(TARGETS cert_app crl_app req_app cert_req cert_write +install(TARGETS ${executables} DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) From ddaf99c9d4f6d2db4814459c09860a343b09e189 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 19 Jun 2020 11:27:26 +0200 Subject: [PATCH 207/247] build: Add top-level mbedtls_test target In preparation of linking common test objects in programs, add the top-level mbedtls_test target. This target consists of the common test objects. It is necessary to declare it at the top-level as both tests and programs will depend on it and it is necessary to synchronize the compilation of those objects for tests and programs for the case of parallel building. Signed-off-by: Ronald Cron --- CMakeLists.txt | 9 +++++++++ Makefile | 7 +++++-- tests/CMakeLists.txt | 7 ------- tests/Makefile | 2 ++ 4 files changed, 16 insertions(+), 9 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 783852549..af7400c9f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -238,6 +238,15 @@ list(APPEND libs ${thirdparty_lib}) add_subdirectory(library) +if(ENABLE_TESTING OR ENABLE_PROGRAMS) + file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c) + add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) + target_include_directories(mbedtls_test + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include + PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library) +endif() + if(ENABLE_PROGRAMS) add_subdirectory(programs) endif() diff --git a/Makefile b/Makefile index 5ac5a53f6..d00183e5a 100644 --- a/Makefile +++ b/Makefile @@ -10,15 +10,18 @@ all: programs tests no_test: programs -programs: lib +programs: lib mbedtls_test $(MAKE) -C programs lib: $(MAKE) -C library -tests: lib +tests: lib mbedtls_test $(MAKE) -C tests +mbedtls_test: + $(MAKE) -C tests mbedtls_test + ifndef WINDOWS install: no_test mkdir -p $(DESTDIR)/include/mbedtls diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index ce608c3a2..8a74c6bfb 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -69,13 +69,6 @@ if(MSVC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) -file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/src/*.c) -add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) -target_include_directories(mbedtls_test - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../include - PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library) - add_test_suite(aes aes.cbc) add_test_suite(aes aes.cfb) add_test_suite(aes aes.ecb) diff --git a/tests/Makefile b/tests/Makefile index 68f85d2d3..80c84fa19 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -79,6 +79,8 @@ $(MBEDLIBS): MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c)) +mbedtls_test: $(MBEDTLS_TEST_OBJS) + # Rule to compile common test C files in src folder src/%.o : src/%.c echo " CC $<" From 8dc0af2d4bbca3e09ad5ce5303a7fbe206cf5d1d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 5 Jun 2020 16:00:22 +0200 Subject: [PATCH 208/247] programs: Link to tests common code Signed-off-by: Ronald Cron --- programs/Makefile | 20 +++++++++++++------ programs/aes/CMakeLists.txt | 2 +- programs/fuzz/CMakeLists.txt | 2 +- programs/fuzz/Makefile | 7 +++++-- programs/hash/CMakeLists.txt | 2 +- programs/pkey/CMakeLists.txt | 4 ++-- programs/psa/CMakeLists.txt | 3 ++- programs/random/CMakeLists.txt | 2 +- programs/ssl/CMakeLists.txt | 5 +++-- programs/test/CMakeLists.txt | 2 +- programs/util/CMakeLists.txt | 2 +- programs/x509/CMakeLists.txt | 2 +- scripts/generate_visualc_files.pl | 7 +++++++ visualc/VS2010/aescrypt2.vcxproj | 8 ++++---- visualc/VS2010/benchmark.vcxproj | 8 ++++---- visualc/VS2010/cert_app.vcxproj | 8 ++++---- visualc/VS2010/cert_req.vcxproj | 8 ++++---- visualc/VS2010/cert_write.vcxproj | 8 ++++---- visualc/VS2010/crl_app.vcxproj | 8 ++++---- visualc/VS2010/crypt_and_hash.vcxproj | 8 ++++---- visualc/VS2010/crypto_examples.vcxproj | 8 ++++---- visualc/VS2010/dh_client.vcxproj | 8 ++++---- visualc/VS2010/dh_genprime.vcxproj | 8 ++++---- visualc/VS2010/dh_server.vcxproj | 8 ++++---- visualc/VS2010/dtls_client.vcxproj | 8 ++++---- visualc/VS2010/dtls_server.vcxproj | 8 ++++---- visualc/VS2010/ecdh_curve25519.vcxproj | 8 ++++---- visualc/VS2010/ecdsa.vcxproj | 8 ++++---- visualc/VS2010/gen_entropy.vcxproj | 8 ++++---- visualc/VS2010/gen_key.vcxproj | 8 ++++---- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 8 ++++---- visualc/VS2010/gen_random_havege.vcxproj | 8 ++++---- visualc/VS2010/generic_sum.vcxproj | 8 ++++---- visualc/VS2010/hello.vcxproj | 8 ++++---- visualc/VS2010/key_app.vcxproj | 8 ++++---- visualc/VS2010/key_app_writer.vcxproj | 8 ++++---- visualc/VS2010/key_ladder_demo.vcxproj | 8 ++++---- visualc/VS2010/mbedTLS.vcxproj | 15 ++++++++++---- visualc/VS2010/mini_client.vcxproj | 8 ++++---- visualc/VS2010/mpi_demo.vcxproj | 8 ++++---- visualc/VS2010/pem2der.vcxproj | 8 ++++---- visualc/VS2010/pk_decrypt.vcxproj | 8 ++++---- visualc/VS2010/pk_encrypt.vcxproj | 8 ++++---- visualc/VS2010/pk_sign.vcxproj | 8 ++++---- visualc/VS2010/pk_verify.vcxproj | 8 ++++---- visualc/VS2010/psa_constant_names.vcxproj | 8 ++++---- .../VS2010/query_compile_time_config.vcxproj | 8 ++++---- visualc/VS2010/req_app.vcxproj | 8 ++++---- visualc/VS2010/rsa_decrypt.vcxproj | 8 ++++---- visualc/VS2010/rsa_encrypt.vcxproj | 8 ++++---- visualc/VS2010/rsa_genkey.vcxproj | 8 ++++---- visualc/VS2010/rsa_sign.vcxproj | 8 ++++---- visualc/VS2010/rsa_sign_pss.vcxproj | 8 ++++---- visualc/VS2010/rsa_verify.vcxproj | 8 ++++---- visualc/VS2010/rsa_verify_pss.vcxproj | 8 ++++---- visualc/VS2010/selftest.vcxproj | 8 ++++---- visualc/VS2010/ssl_client1.vcxproj | 8 ++++---- visualc/VS2010/ssl_client2.vcxproj | 8 ++++---- visualc/VS2010/ssl_context_info.vcxproj | 8 ++++---- visualc/VS2010/ssl_fork_server.vcxproj | 8 ++++---- visualc/VS2010/ssl_mail_client.vcxproj | 8 ++++---- visualc/VS2010/ssl_server.vcxproj | 8 ++++---- visualc/VS2010/ssl_server2.vcxproj | 8 ++++---- visualc/VS2010/strerror.vcxproj | 8 ++++---- visualc/VS2010/udp_proxy.vcxproj | 8 ++++---- visualc/VS2010/zeroize.vcxproj | 8 ++++---- 66 files changed, 259 insertions(+), 232 deletions(-) diff --git a/programs/Makefile b/programs/Makefile index 31e431b6a..f9c260867 100644 --- a/programs/Makefile +++ b/programs/Makefile @@ -7,9 +7,13 @@ WARNING_CFLAGS ?= -Wall -Wextra WARNING_CXXFLAGS ?= -Wall -Wextra LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 +MBEDTLS_TEST_PATH:=../tests/src +MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c)) + +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../tests/include -I../include -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = -L../library \ +LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ + -L../library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) @@ -18,10 +22,11 @@ include ../3rdparty/Makefile.inc LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) ifndef SHARED -DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a else -DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) endif +DEP=${MBEDLIBS} ${MBEDTLS_TEST_OBJS} ifdef DEBUG LOCAL_CFLAGS += -g3 @@ -127,12 +132,15 @@ ifndef WINDOWS all: fuzz endif -fuzz: +fuzz: ${MBEDTLS_TEST_OBJS} $(MAKE) -C fuzz THIRDPARTY_INCLUDES=$(THIRDPARTY_INCLUDES) -$(DEP): +$(MBEDLIBS): $(MAKE) -C ../library +${MBEDTLS_TEST_OBJS}: + $(MAKE) -C ../tests mbedtls_test + ifdef WINDOWS EXTRA_GENERATED += psa\psa_constant_names_generated.c else diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt index 761531dae..2309789a6 100644 --- a/programs/aes/CMakeLists.txt +++ b/programs/aes/CMakeLists.txt @@ -4,7 +4,7 @@ set(executables ) foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} mbedcrypto) endforeach() diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 9d4043a40..e2b0eace2 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -32,7 +32,7 @@ set(executables_with_common_c foreach(exe IN LISTS executables_no_common_c executables_with_common_c) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) if (NOT FUZZINGENGINE_LIB) target_link_libraries(${exe} ${libs}) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 24dc7bad7..8196f3930 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -1,6 +1,9 @@ +MBEDTLS_TEST_PATH:=../../tests/src +MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c)) -LOCAL_CFLAGS = -I../../include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = -L../../library \ +LOCAL_CFLAGS = -I../../tests/include -I../../include -D_FILE_OFFSET_BITS=64 +LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ + -L../../library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt index 0b4a1c540..ae294798b 100644 --- a/programs/hash/CMakeLists.txt +++ b/programs/hash/CMakeLists.txt @@ -4,7 +4,7 @@ set(executables ) foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} mbedcrypto) endforeach() diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt index 17a252d88..b4b3d3042 100644 --- a/programs/pkey/CMakeLists.txt +++ b/programs/pkey/CMakeLists.txt @@ -4,7 +4,7 @@ set(executables_mbedtls ) foreach(exe IN LISTS executables_mbedtls) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} mbedtls) endforeach() @@ -30,7 +30,7 @@ set(executables_mbedcrypto ) foreach(exe IN LISTS executables_mbedcrypto) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} mbedcrypto) endforeach() diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index 4fe795282..6ad6dadc4 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -5,8 +5,9 @@ set(executables ) foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} mbedtls) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR}) diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt index 6ef212cbd..95acb7e10 100644 --- a/programs/random/CMakeLists.txt +++ b/programs/random/CMakeLists.txt @@ -5,7 +5,7 @@ set(executables ) foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} mbedcrypto) endforeach() diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt index edd8b3542..28fbfc5a7 100644 --- a/programs/ssl/CMakeLists.txt +++ b/programs/ssl/CMakeLists.txt @@ -27,15 +27,16 @@ set(executables ) foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${libs}) + target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() target_sources(ssl_client2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) target_sources(ssl_server2 PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.c) if(THREADS_FOUND) - add_executable(ssl_pthread_server ssl_pthread_server.c) + add_executable(ssl_pthread_server ssl_pthread_server.c $) target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT}) list(APPEND executables ssl_pthread_server) endif(THREADS_FOUND) diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt index 33a4ee207..0df0becd9 100644 --- a/programs/test/CMakeLists.txt +++ b/programs/test/CMakeLists.txt @@ -26,7 +26,7 @@ if(TEST_CPP) endif() foreach(exe IN LISTS executables_libs executables_mbedcrypto) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_libs ${exe} exe_index) diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt index 0fd6ada00..cb14a3ee6 100644 --- a/programs/util/CMakeLists.txt +++ b/programs/util/CMakeLists.txt @@ -8,7 +8,7 @@ set(executables ) foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${libs}) endforeach() diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt index 02d783c27..f7b5fe1d9 100644 --- a/programs/x509/CMakeLists.txt +++ b/programs/x509/CMakeLists.txt @@ -19,7 +19,7 @@ set(executables ) foreach(exe IN LISTS executables) - add_executable(${exe} ${exe}.c) + add_executable(${exe} ${exe}.c $) target_link_libraries(${exe} ${libs}) endforeach() diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index d72d19dad..8bf8de99e 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -39,6 +39,8 @@ my $programs_dir = 'programs'; my $mbedtls_header_dir = 'include/mbedtls'; my $psa_header_dir = 'include/psa'; my $source_dir = 'library'; +my $test_source_dir = 'tests/src'; +my $test_header_dir = 'tests/include/test'; my @thirdparty_header_dirs = qw( 3rdparty/everest/include/everest @@ -58,6 +60,7 @@ my @include_directories = qw( 3rdparty/everest/include/everest 3rdparty/everest/include/everest/vs2010 3rdparty/everest/include/everest/kremlib + tests/include ); my $include_directories = join(';', map {"../../$_"} @include_directories); @@ -104,6 +107,8 @@ sub check_dirs { && -d $mbedtls_header_dir && -d $psa_header_dir && -d $source_dir + && -d $test_source_dir + && -d $test_header_dir && -d $programs_dir; } @@ -249,12 +254,14 @@ sub main { my @header_dirs = ( $mbedtls_header_dir, $psa_header_dir, + $test_header_dir, $source_dir, @thirdparty_header_dirs, ); my @headers = (map { <$_/*.h> } @header_dirs); my @source_dirs = ( $source_dir, + $test_source_dir, @thirdparty_source_dirs, ); my @sources = (map { <$_/*.c> } @source_dirs); diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index 3ae59dcc3..0707e1245 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index 2836f1477..0be32fc5a 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index 84ec4b7a8..3fbcb52a5 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index c45125cb6..41fdf31a3 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index 982e4121b..f1f93ea37 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index 5a7c854dc..4b8b2168f 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index 0c955873f..885935bdf 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/crypto_examples.vcxproj b/visualc/VS2010/crypto_examples.vcxproj index 65826bd29..3899f0ec3 100644 --- a/visualc/VS2010/crypto_examples.vcxproj +++ b/visualc/VS2010/crypto_examples.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index c778e8ada..043ab1afc 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index 3b4fead52..f0366cb24 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index bf930def6..5a986bc57 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj index 5bd7a8a94..3fd65456d 100644 --- a/visualc/VS2010/dtls_client.vcxproj +++ b/visualc/VS2010/dtls_client.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj index ce0c6da18..b10ec4df5 100644 --- a/visualc/VS2010/dtls_server.vcxproj +++ b/visualc/VS2010/dtls_server.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj index 32eda340e..578e43b62 100644 --- a/visualc/VS2010/ecdh_curve25519.vcxproj +++ b/visualc/VS2010/ecdh_curve25519.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 49d54c6d8..f7ad2e922 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index 61942c995..b7e45f978 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index e6ce33ee8..fa026141c 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index b7a7823db..a385841a0 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 3c5eb67b5..d4c008acc 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index b04991643..faad77596 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index ecdabf1e9..6a81d914e 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index aca1a0307..bba584170 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index 64f2e27a0..0d7013796 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/key_ladder_demo.vcxproj b/visualc/VS2010/key_ladder_demo.vcxproj index a3b6b4a7a..8584aee75 100644 --- a/visualc/VS2010/key_ladder_demo.vcxproj +++ b/visualc/VS2010/key_ladder_demo.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 11c7e38f2..98b99138f 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -84,7 +84,7 @@ Disabled _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include CompileAsC @@ -98,7 +98,7 @@ Disabled _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include CompileAsC @@ -114,7 +114,7 @@ true NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Windows @@ -131,7 +131,7 @@ true WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Windows @@ -232,6 +232,11 @@ + + + + + @@ -330,6 +335,8 @@ + + diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index 50f4b22b4..e4ee166bf 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index 2fe56c5f1..b0fee89c3 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index 4c854a655..84c2e8c0a 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 360f2c361..da3e8d8e0 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index 20d663a53..829e07234 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index ad33afa1e..d93d11469 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index 8856dc210..5933b9258 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/psa_constant_names.vcxproj b/visualc/VS2010/psa_constant_names.vcxproj index 418c8fb33..d35dd19a1 100644 --- a/visualc/VS2010/psa_constant_names.vcxproj +++ b/visualc/VS2010/psa_constant_names.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj index de793db2c..d0e0a6df6 100644 --- a/visualc/VS2010/query_compile_time_config.vcxproj +++ b/visualc/VS2010/query_compile_time_config.vcxproj @@ -94,7 +94,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -112,7 +112,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -132,7 +132,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -151,7 +151,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 925987195..900e415fb 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index e7fe01b0f..188b17efd 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 6e1b96b10..a44f676d7 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index 1038db5da..35b27b7a3 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index b1bd170ac..90a7ac8cb 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index 500788199..5d2ac8208 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index 34097535c..a413ba8ca 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index 47699586f..369b14514 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 3dcc8c812..6feb5936f 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index cdf9ec86b..860334e4a 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index e9505509a..9021602b6 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -94,7 +94,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -112,7 +112,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -132,7 +132,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -151,7 +151,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/ssl_context_info.vcxproj b/visualc/VS2010/ssl_context_info.vcxproj index ff1ba985e..1c98d34bf 100644 --- a/visualc/VS2010/ssl_context_info.vcxproj +++ b/visualc/VS2010/ssl_context_info.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index 7a18c9903..6d44ef079 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index 37dad2197..e2253c665 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index f0038d7c1..23ad7ecc8 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index b8788ef01..61eedaaa0 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -94,7 +94,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -112,7 +112,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -132,7 +132,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -151,7 +151,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index 31e19bb9b..9e70decd9 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj index 6b2ed3677..69678f635 100644 --- a/visualc/VS2010/udp_proxy.vcxproj +++ b/visualc/VS2010/udp_proxy.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj index 4fa6bacc0..9e0746de9 100644 --- a/visualc/VS2010/zeroize.vcxproj +++ b/visualc/VS2010/zeroize.vcxproj @@ -93,7 +93,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -111,7 +111,7 @@ Disabled %(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -131,7 +131,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console @@ -150,7 +150,7 @@ true NDEBUG;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib +../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Console From e85a2c30bda68ea921ef7a132f2cb0a986636624 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Jun 2020 09:15:09 +0200 Subject: [PATCH 209/247] tests: aria: Prepare to char* to data_t* type change In preparation of changing the type of some parameters of some test functions from `char *` to `data_t` to get rid of the calls to mbedtls_test_unhexify(): - Align the name of source data length local variable with the name of the local variable containing the source data, respectively src_str and src_str_len. - Change the type of length, index local variables from int to size_t. Signed-off-by: Ronald Cron --- tests/suites/test_suite_aria.function | 64 +++++++++++++-------------- 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 89de82f93..d8a2971b4 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -214,7 +214,7 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - int key_len, data_len, i; + size_t key_len, src_str_len, i; memset( key_str, 0x00, sizeof( key_str ) ); memset( src_str, 0x00, sizeof( src_str ) ); @@ -223,18 +223,18 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, mbedtls_aria_init( &ctx ); key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - data_len = mbedtls_test_unhexify( src_str, hex_src_string ); + src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result ); if( setkey_result == 0 ) { - for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) + for( i = 0; i < src_str_len; i += MBEDTLS_ARIA_BLOCKSIZE ) { TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) == 0 ); } - mbedtls_test_hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -253,7 +253,7 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - int key_len, data_len, i; + size_t key_len, src_str_len, i; memset( key_str, 0x00, sizeof( key_str ) ); memset( src_str, 0x00, sizeof( src_str ) ); @@ -262,18 +262,18 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, mbedtls_aria_init( &ctx ); key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - data_len = mbedtls_test_unhexify( src_str, hex_src_string ); + src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result ); if( setkey_result == 0 ) { - for( i = 0; i < data_len; i += MBEDTLS_ARIA_BLOCKSIZE ) + for( i = 0; i < src_str_len; i += MBEDTLS_ARIA_BLOCKSIZE ) { TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) == 0 ); } - mbedtls_test_hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -294,7 +294,7 @@ void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - int key_len, data_len; + size_t key_len, src_str_len; memset( key_str, 0x00, sizeof( key_str ) ); memset( iv_str, 0x00, sizeof( iv_str ) ); @@ -305,15 +305,15 @@ void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, key_len = mbedtls_test_unhexify( key_str, hex_key_string ); mbedtls_test_unhexify( iv_str, hex_iv_string ); - data_len = mbedtls_test_unhexify( src_str, hex_src_string ); + src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len, + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, src_str_len, iv_str, src_str, output ) == cbc_result ); if( cbc_result == 0 ) { - mbedtls_test_hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -334,7 +334,7 @@ void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - int key_len, data_len; + size_t key_len, src_str_len; memset( key_str, 0x00, sizeof( key_str ) ); memset( iv_str, 0x00, sizeof( iv_str ) ); @@ -345,15 +345,15 @@ void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, key_len = mbedtls_test_unhexify( key_str, hex_key_string ); mbedtls_test_unhexify( iv_str, hex_iv_string ); - data_len = mbedtls_test_unhexify( src_str, hex_src_string ); + src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, data_len, + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, src_str_len, iv_str, src_str, output ) == cbc_result ); if( cbc_result == 0 ) { - mbedtls_test_hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -375,7 +375,7 @@ void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - int key_len, data_len; + size_t key_len, src_str_len; memset( key_str, 0x00, sizeof( key_str ) ); memset( iv_str, 0x00, sizeof( iv_str ) ); @@ -386,14 +386,14 @@ void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, key_len = mbedtls_test_unhexify( key_str, hex_key_string ); mbedtls_test_unhexify( iv_str, hex_iv_string ); - data_len = mbedtls_test_unhexify( src_str, hex_src_string ); + src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, - data_len, &iv_offset, iv_str, + src_str_len, &iv_offset, iv_str, src_str, output ) == result ); - mbedtls_test_hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -414,7 +414,7 @@ void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - int key_len, data_len; + size_t key_len, src_str_len; memset( key_str, 0x00, sizeof( key_str ) ); memset( iv_str, 0x00, sizeof( iv_str ) ); @@ -425,14 +425,14 @@ void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, key_len = mbedtls_test_unhexify( key_str, hex_key_string ); mbedtls_test_unhexify( iv_str, hex_iv_string ); - data_len = mbedtls_test_unhexify( src_str, hex_src_string ); + src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, - data_len, &iv_offset, iv_str, + src_str_len, &iv_offset, iv_str, src_str, output ) == result ); - mbedtls_test_hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -454,7 +454,7 @@ void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - int key_len, data_len; + size_t key_len, src_str_len; memset( key_str, 0x00, sizeof( key_str ) ); memset( iv_str, 0x00, sizeof( iv_str ) ); @@ -465,13 +465,13 @@ void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, key_len = mbedtls_test_unhexify( key_str, hex_key_string ); mbedtls_test_unhexify( iv_str, hex_iv_string ); - data_len = mbedtls_test_unhexify( src_str, hex_src_string ); + src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str_len, &iv_offset, iv_str, blk, src_str, output ) == result ); - mbedtls_test_hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -493,7 +493,7 @@ void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - int key_len, data_len; + size_t key_len, src_str_len; memset( key_str, 0x00, sizeof( key_str ) ); memset( iv_str, 0x00, sizeof( iv_str ) ); @@ -504,13 +504,13 @@ void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, key_len = mbedtls_test_unhexify( key_str, hex_key_string ); mbedtls_test_unhexify( iv_str, hex_iv_string ); - data_len = mbedtls_test_unhexify( src_str, hex_src_string ); + src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str_len, &iv_offset, iv_str, blk, src_str, output ) == result ); - mbedtls_test_hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, src_str_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); From 4030833bfe0c0b4dc7836c65b1a67ed501744735 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Jun 2020 10:26:42 +0200 Subject: [PATCH 210/247] tests: hkdf: Prepare to char* to data_t* type change In preparation of changing the type of some parameters of test_hkdf() from `char *` to `data_t` to get rid of the calls to mbedtls_test_unhexify(): - Align naming of variables related to the expected okm - Rename `okm_hex[]` to `okm_string[]` - Added TEST_ASSERT( expected_okm_len <= sizeof( okm ) ) to check that the okm[] buffer is large enough for the okm output. Signed-off-by: Ronald Cron --- tests/suites/test_suite_hkdf.function | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 47e8ee63f..0aefca561 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -10,20 +10,20 @@ /* BEGIN_CASE */ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, - char *hex_info_string, char *hex_okm_string ) + char *hex_info_string, char *hex_expected_okm_string ) { int ret; - size_t ikm_len, salt_len, info_len, okm_len; + size_t ikm_len, salt_len, info_len, expected_okm_len; unsigned char ikm[128] = { '\0' }; unsigned char salt[128] = { '\0' }; unsigned char info[128] = { '\0' }; unsigned char expected_okm[128] = { '\0' }; unsigned char okm[128] = { '\0' }; /* - * okm_hex is the string representation of okm, + * okm_string is the ASCII string representation of okm, * so its size is twice the size of okm, and an extra null-termination. */ - unsigned char okm_hex[257] = { '\0' }; + unsigned char okm_string[257] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); @@ -31,18 +31,21 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, ikm_len = mbedtls_test_unhexify( ikm, hex_ikm_string ); salt_len = mbedtls_test_unhexify( salt, hex_salt_string ); info_len = mbedtls_test_unhexify( info, hex_info_string ); - okm_len = mbedtls_test_unhexify( expected_okm, hex_okm_string ); + expected_okm_len = mbedtls_test_unhexify( expected_okm, + hex_expected_okm_string ); + + TEST_ASSERT( expected_okm_len <= sizeof( okm ) ); ret = mbedtls_hkdf( md, salt, salt_len, ikm, ikm_len, info, info_len, okm, - okm_len); + expected_okm_len); TEST_ASSERT( ret == 0 ); /* * Run mbedtls_test_hexify on it so that it looks nicer if the assertion * fails. */ - mbedtls_test_hexify( okm_hex, okm, okm_len ); - TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) ); + mbedtls_test_hexify( okm_string, okm, expected_okm_len ); + TEST_ASSERT( !strcmp( (char *)okm_string, hex_expected_okm_string ) ); } /* END_CASE */ From 7e512718fec19c8bceac73386262c5b8ef85429c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Jun 2020 11:33:01 +0200 Subject: [PATCH 211/247] tests: chacha20: Prepare to char* to data_t* type change In preparation of changing the type of some parameters of test_chacha20() from `char *` to `data_t` to get rid of the calls to mbedtls_test_unhexify(): - Reduce the size of output[] buffer to 375 as its content is "ASCII expended" into a buffer of 751 bytes. - Align naming of variables to store and check the output of mbedtls_chacha20_crypt(). No *dst* variables anynore, only *output* variables. - Use two different buffers to store the expected output of mbedtls_chacha20_crypt() (expected_output_str[]) and the ASCII string representation of the output of mbedtls_chacha20_crypt() (output_string[]). Both were stored in dst_str[] before. Signed-off-by: Ronald Cron --- tests/suites/test_suite_chacha20.function | 38 +++++++++++++---------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 48ac9755a..137b92a6e 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -12,31 +12,33 @@ void chacha20_crypt( char *hex_key_string, char *hex_nonce_string, int counter, char *hex_src_string, - char *hex_dst_string ) + char *hex_expected_output_string ) { unsigned char key_str[32]; /* size set by the standard */ unsigned char nonce_str[12]; /* size set by the standard */ unsigned char src_str[375]; /* max size of binary input */ - unsigned char dst_str[751]; /* hex expansion of the above */ - unsigned char output[751]; + unsigned char expected_output_str[375]; + unsigned char output[375]; + unsigned char output_string[751]; /* ASCII string representation of output */ size_t key_len; size_t nonce_len; size_t src_len; - size_t dst_len; + size_t expected_output_len; mbedtls_chacha20_context ctx; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( nonce_str, 0x00, sizeof( nonce_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); - memset( dst_str, 0x00, sizeof( dst_str ) ); - memset( output, 0x00, sizeof( output ) ); + memset( key_str, 0x00, sizeof( key_str ) ); + memset( nonce_str, 0x00, sizeof( nonce_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( output, 0x00, sizeof( output ) ); + memset( output_string, 0x00, sizeof( output_string ) ); key_len = mbedtls_test_unhexify( key_str, hex_key_string ); nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); src_len = mbedtls_test_unhexify( src_str, hex_src_string ); - dst_len = mbedtls_test_unhexify( dst_str, hex_dst_string ); + expected_output_len = mbedtls_test_unhexify( expected_output_str, + hex_expected_output_string ); - TEST_ASSERT( src_len == dst_len ); + TEST_ASSERT( src_len == expected_output_len ); TEST_ASSERT( key_len == 32U ); TEST_ASSERT( nonce_len == 12U ); @@ -45,8 +47,8 @@ void chacha20_crypt( char *hex_key_string, */ TEST_ASSERT( mbedtls_chacha20_crypt( key_str, nonce_str, counter, src_len, src_str, output ) == 0 ); - mbedtls_test_hexify( dst_str, output, src_len ); - TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); + mbedtls_test_hexify( output_string, output, src_len ); + TEST_ASSERT( strcmp( (char*) output_string, hex_expected_output_string ) == 0 ); /* * Test the streaming API @@ -60,8 +62,9 @@ void chacha20_crypt( char *hex_key_string, memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len, src_str, output ) == 0 ); - mbedtls_test_hexify( dst_str, output, src_len ); - TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); + mbedtls_test_hexify( output_string, output, src_len ); + TEST_ASSERT( strcmp( (char*) output_string, + hex_expected_output_string ) == 0 ); /* * Test the streaming API again, piecewise @@ -75,8 +78,9 @@ void chacha20_crypt( char *hex_key_string, TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str, output ) == 0 ); TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len - 1, src_str + 1, output + 1 ) == 0 ); - mbedtls_test_hexify( dst_str, output, src_len ); - TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); + mbedtls_test_hexify( output_string, output, src_len ); + TEST_ASSERT( strcmp( (char*) output_string, + hex_expected_output_string ) == 0 ); mbedtls_chacha20_free( &ctx ); } From 7370185ae357fbf0654725a6f63023614d35d3db Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Jun 2020 13:33:29 +0200 Subject: [PATCH 212/247] tests: nist_kw: Prepare to char* to data_t* type change In preparation of changing the type of some parameters of mbedtls_nist_kw_wrap/unwrap() from `char *` to `data_t` to get rid of the calls to mbedtls_test_unhexify(): - Change the name of parameters and local variables to clarify which ones are related to the outputs of the library functions under test and which ones are related to the expected values of those outputs. Signed-off-by: Ronald Cron --- tests/suites/test_suite_nist_kw.function | 30 ++++++++++++------------ 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function index 827c6903a..15370b2fd 100644 --- a/tests/suites/test_suite_nist_kw.function +++ b/tests/suites/test_suite_nist_kw.function @@ -244,14 +244,14 @@ exit: /* BEGIN_CASE */ void mbedtls_nist_kw_wrap( int cipher_id, int mode, char *key_hex, char *msg_hex, - char *result_hex ) + char *expected_result_hex ) { unsigned char key[32]; unsigned char msg[512]; unsigned char result[528]; unsigned char expected_result[528]; mbedtls_nist_kw_context ctx; - size_t key_len, msg_len, output_len, result_len, i, padlen; + size_t key_len, msg_len, result_len, expected_result_len, i, padlen; mbedtls_nist_kw_init( &ctx ); @@ -261,19 +261,19 @@ void mbedtls_nist_kw_wrap( int cipher_id, int mode, key_len = mbedtls_test_unhexify( key, key_hex ); msg_len = mbedtls_test_unhexify( msg, msg_hex ); - result_len = mbedtls_test_unhexify( expected_result, result_hex ); - output_len = sizeof( result ); + expected_result_len = mbedtls_test_unhexify( expected_result, expected_result_hex ); + result_len = sizeof( result ); TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 1 ) == 0 ); /* Test with input == output */ TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg, msg_len, - result, &output_len, sizeof( result ) ) == 0 ); + result, &result_len, sizeof( result ) ) == 0 ); - TEST_ASSERT( output_len == result_len ); + TEST_ASSERT( result_len == expected_result_len ); - TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 ); + TEST_ASSERT( memcmp( expected_result, result, expected_result_len ) == 0 ); padlen = ( msg_len % 8 != 0 ) ? 8 - (msg_len % 8 ) : 0; /* Check that the function didn't write beyond the end of the buffer. */ @@ -290,14 +290,14 @@ exit: /* BEGIN_CASE */ void mbedtls_nist_kw_unwrap( int cipher_id, int mode, char *key_hex, char *msg_hex, - char *result_hex, int expected_ret ) + char *expected_result_hex, int expected_ret ) { unsigned char key[32]; unsigned char msg[528]; unsigned char result[528]; unsigned char expected_result[528]; mbedtls_nist_kw_context ctx; - size_t key_len, msg_len, output_len, result_len, i; + size_t key_len, msg_len, result_len, expected_result_len, i; mbedtls_nist_kw_init( &ctx ); @@ -308,23 +308,23 @@ void mbedtls_nist_kw_unwrap( int cipher_id, int mode, key_len = mbedtls_test_unhexify( key, key_hex ); msg_len = mbedtls_test_unhexify( msg, msg_hex ); - result_len = mbedtls_test_unhexify( expected_result, result_hex ); - output_len = sizeof( result ); + expected_result_len = mbedtls_test_unhexify( expected_result, expected_result_hex ); + result_len = sizeof( result ); TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 0 ) == 0 ); /* Test with input == output */ TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg, msg_len, - result, &output_len, sizeof( result ) ) == expected_ret ); + result, &result_len, sizeof( result ) ) == expected_ret ); if( expected_ret == 0 ) { - TEST_ASSERT( output_len == result_len ); - TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 ); + TEST_ASSERT( result_len == expected_result_len ); + TEST_ASSERT( memcmp( expected_result, result, expected_result_len ) == 0 ); } else { - TEST_ASSERT( output_len == 0 ); + TEST_ASSERT( result_len == 0 ); } /* Check that the function didn't write beyond the end of the buffer. */ From df02eb00e00527179ce82471b973f3e2dae640e2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Jun 2020 13:57:05 +0200 Subject: [PATCH 213/247] tests: aes.ofb: Prepare to char* to data_t* type change In preparation of changing the type of some parameters of aes_encrypt_ofb() from `char *` to `data_t` to get rid of the calls to mbedtls_test_unhexify(): - Change the name of parameters and local variables to clarify which ones are related to the outputs of the library functions under test and which ones are related to the expected values of those outputs. - Add assertion on fragment_size parameter Signed-off-by: Ronald Cron --- tests/suites/test_suite_aes.function | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index f1be3cec2..d5eb1ef10 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -329,13 +329,13 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, char *hex_iv_string, char *hex_src_string, - char *hex_dst_string ) + char *hex_expected_output_string ) { unsigned char key_str[32]; unsigned char iv_str[16]; unsigned char src_str[64]; - unsigned char dst_str[64]; unsigned char output[32]; + unsigned char output_string[65]; mbedtls_aes_context ctx; size_t iv_offset = 0; int in_buffer_len; @@ -345,14 +345,15 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, memset( key_str, 0x00, sizeof( key_str ) ); memset( iv_str, 0x00, sizeof( iv_str ) ); memset( src_str, 0x00, sizeof( src_str ) ); - memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); + memset( output_string, 0x00, sizeof( output_string ) ); mbedtls_aes_init( &ctx ); + TEST_ASSERT( (size_t)fragment_size < sizeof( output ) ); TEST_ASSERT( strlen( hex_key_string ) <= ( 32 * 2 ) ); TEST_ASSERT( strlen( hex_iv_string ) <= ( 16 * 2 ) ); TEST_ASSERT( strlen( hex_src_string ) <= ( 64 * 2 ) ); - TEST_ASSERT( strlen( hex_dst_string ) <= ( 64 * 2 ) ); + TEST_ASSERT( strlen( hex_expected_output_string ) <= ( 64 * 2 ) ); key_len = mbedtls_test_unhexify( key_str, hex_key_string ); mbedtls_test_unhexify( iv_str, hex_iv_string ); @@ -366,12 +367,12 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset, iv_str, src_str_next, output ) == 0 ); - mbedtls_test_hexify( dst_str, output, fragment_size ); - TEST_ASSERT( strncmp( (char *) dst_str, hex_dst_string, + mbedtls_test_hexify( output_string, output, fragment_size ); + TEST_ASSERT( strncmp( (char *) output_string, hex_expected_output_string, ( 2 * fragment_size ) ) == 0 ); in_buffer_len -= fragment_size; - hex_dst_string += ( fragment_size * 2 ); + hex_expected_output_string += ( fragment_size * 2 ); src_str_next += fragment_size; if( in_buffer_len < fragment_size ) From c7ba5604811dc1f611e666c8863ee0fe2f4fef9f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Jun 2020 14:47:40 +0200 Subject: [PATCH 214/247] tests: ccm: Prepare to char* to data_t* type change In preparation of changing the type of some parameters of mbedtls_ccm_star_encrypt_and_tag/auth_decrypt from `char *` to `data_t` to get rid of the calls to mbedtls_test_unhexify(): - Change the name of parameters and local variables to clarify which ones are related to the outputs of the library functions under test and which ones are related to the expected values of those outputs. - Use two different buffers to store the plain and cipher text as expected by the library functions. Signed-off-by: Ronald Cron --- tests/suites/test_suite_ccm.function | 40 +++++++++++++++------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 01e1a173b..40ea278a6 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -195,17 +195,18 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, char *key_hex, char *msg_hex, char *source_address_hex, char *frame_counter_hex, int sec_level, char *add_hex, - char *result_hex, int output_ret ) + char *expected_result_hex, int output_ret ) { unsigned char key[32]; unsigned char msg[50]; unsigned char iv[13]; unsigned char add[32]; unsigned char result[50]; + unsigned char expected_result[50]; unsigned char source_address[8]; unsigned char frame_counter[4]; mbedtls_ccm_context ctx; - size_t i, key_len, msg_len, iv_len, add_len, result_len, source_address_len, frame_counter_len, tag_len; + size_t i, key_len, msg_len, iv_len, add_len, expected_result_len, source_address_len, frame_counter_len, tag_len; int ret; mbedtls_ccm_init( &ctx ); @@ -215,13 +216,14 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, memset( iv, 0x00, sizeof( iv ) ); memset( add, 0x00, sizeof( add ) ); memset( result, 0x00, sizeof( result ) ); + memset( expected_result, 0x00, sizeof( expected_result ) ); memset( source_address, 0x00, sizeof( source_address ) ); memset( frame_counter, 0x00, sizeof( frame_counter ) ); key_len = mbedtls_test_unhexify( key, key_hex ); msg_len = mbedtls_test_unhexify( msg, msg_hex ); add_len = mbedtls_test_unhexify( add, add_hex ); - result_len = mbedtls_test_unhexify( result, result_hex ); + expected_result_len = mbedtls_test_unhexify( expected_result, expected_result_hex ); source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); frame_counter_len = mbedtls_test_unhexify( frame_counter, @@ -244,14 +246,15 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 ); ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len, - add, add_len, msg, msg, msg + msg_len, tag_len ); + add, add_len, msg, result, result + msg_len, tag_len ); TEST_ASSERT( ret == output_ret ); - TEST_ASSERT( memcmp( msg, result, result_len ) == 0 ); + TEST_ASSERT( memcmp( result, expected_result, expected_result_len ) == 0 ); /* Check we didn't write past the end */ - TEST_ASSERT( msg[result_len] == 0 && msg[result_len + 1] == 0 ); + TEST_ASSERT( result[expected_result_len] == 0 && + result[expected_result_len + 1] == 0 ); exit: mbedtls_ccm_free( &ctx ); @@ -263,18 +266,18 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id, char *key_hex, char *msg_hex, char *source_address_hex, char *frame_counter_hex, int sec_level, char *add_hex, - char *result_hex, int output_ret ) + char *expected_result_hex, int output_ret ) { unsigned char key[32]; unsigned char msg[50]; unsigned char iv[13]; unsigned char add[32]; - unsigned char tag[16]; unsigned char result[50]; + unsigned char expected_result[50]; unsigned char source_address[8]; unsigned char frame_counter[4]; mbedtls_ccm_context ctx; - size_t i, key_len, msg_len, iv_len, add_len, tag_len, result_len, source_address_len, frame_counter_len; + size_t i, key_len, msg_len, iv_len, add_len, tag_len, expected_result_len, source_address_len, frame_counter_len; int ret; mbedtls_ccm_init( &ctx ); @@ -283,15 +286,15 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id, memset( msg, 0x00, sizeof( msg ) ); memset( iv, 0x00, sizeof( iv ) ); memset( add, 0x00, sizeof( add ) ); - memset( result, 0x00, sizeof( result ) ); + memset( result, '+', sizeof( result ) ); + memset( expected_result, 0x00, sizeof( expected_result ) ); memset( source_address, 0x00, sizeof( source_address ) ); memset( frame_counter, 0x00, sizeof( frame_counter ) ); - memset( tag, 0x00, sizeof( tag ) ); key_len = mbedtls_test_unhexify( key, key_hex ); msg_len = mbedtls_test_unhexify( msg, msg_hex ); add_len = mbedtls_test_unhexify( add, add_hex ); - result_len = mbedtls_test_unhexify( result, result_hex ); + expected_result_len = mbedtls_test_unhexify( expected_result, expected_result_hex ); source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); frame_counter_len = mbedtls_test_unhexify( frame_counter, @@ -311,20 +314,19 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id, iv[source_address_len + frame_counter_len] = sec_level; iv_len = sizeof( iv ); - msg_len -= tag_len; - memcpy( tag, msg + msg_len, tag_len ); - TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 ); - ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, - add, add_len, msg, msg, msg + msg_len, tag_len ); + ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len - tag_len, iv, iv_len, + add, add_len, msg, result, msg + msg_len - tag_len, tag_len ); TEST_ASSERT( ret == output_ret ); - TEST_ASSERT( memcmp( msg, result, result_len ) == 0 ); + TEST_ASSERT( memcmp( result, expected_result, expected_result_len ) == 0 ); /* Check we didn't write past the end (where the original tag is) */ - TEST_ASSERT( memcmp( msg + msg_len, tag, tag_len ) == 0 ); + TEST_ASSERT( ( msg_len + 2 ) <= sizeof( result ) ); + TEST_EQUAL( result[msg_len], '+' ); + TEST_EQUAL( result[msg_len + 1], '+' ); exit: mbedtls_ccm_free( &ctx ); From 9ed4073ea53fa934842a57e4ec795e2fc765f094 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 25 Jun 2020 09:03:34 +0200 Subject: [PATCH 215/247] tests: Get rid of mbedtls_test_unhexify() in unit test code In test functions calling mbedtls_test_unhexify(), change the type of the associated parameters from `char*` to `data_t`. That way the `unhexify` operation is done by the test framework and not by the unit test code. Use for the new parameters of type data_t the name of the local variable that use to store the `unhexify` version of the `char*` parameter. Signed-off-by: Ronald Cron --- tests/suites/test_suite_aes.function | 33 ++-- tests/suites/test_suite_aria.function | 184 ++++++-------------- tests/suites/test_suite_ccm.function | 113 ++++-------- tests/suites/test_suite_chacha20.function | 75 ++++---- tests/suites/test_suite_chachapoly.function | 90 ++-------- tests/suites/test_suite_cipher.function | 29 +-- tests/suites/test_suite_ecdh.function | 24 +-- tests/suites/test_suite_ecdsa.function | 42 ++--- tests/suites/test_suite_hkdf.function | 37 ++-- tests/suites/test_suite_nist_kw.function | 61 ++----- tests/suites/test_suite_pk.function | 12 +- tests/suites/test_suite_poly1305.function | 35 ++-- 12 files changed, 238 insertions(+), 497 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index d5eb1ef10..1d453db19 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -327,52 +327,39 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_OFB */ -void aes_encrypt_ofb( int fragment_size, char *hex_key_string, - char *hex_iv_string, char *hex_src_string, - char *hex_expected_output_string ) +void aes_encrypt_ofb( int fragment_size, data_t *key_str, + data_t *iv_str, data_t *src_str, + char *expected_output_string) { - unsigned char key_str[32]; - unsigned char iv_str[16]; - unsigned char src_str[64]; unsigned char output[32]; unsigned char output_string[65]; mbedtls_aes_context ctx; size_t iv_offset = 0; int in_buffer_len; unsigned char* src_str_next; - int key_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( output, 0x00, sizeof( output ) ); memset( output_string, 0x00, sizeof( output_string ) ); mbedtls_aes_init( &ctx ); TEST_ASSERT( (size_t)fragment_size < sizeof( output ) ); - TEST_ASSERT( strlen( hex_key_string ) <= ( 32 * 2 ) ); - TEST_ASSERT( strlen( hex_iv_string ) <= ( 16 * 2 ) ); - TEST_ASSERT( strlen( hex_src_string ) <= ( 64 * 2 ) ); - TEST_ASSERT( strlen( hex_expected_output_string ) <= ( 64 * 2 ) ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - mbedtls_test_unhexify( iv_str, hex_iv_string ); - in_buffer_len = mbedtls_test_unhexify( src_str, hex_src_string ); - - TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == 0 ); - src_str_next = src_str; + TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, + key_str->len * 8 ) == 0 ); + in_buffer_len = src_str->len; + src_str_next = src_str->x; while( in_buffer_len > 0 ) { TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset, - iv_str, src_str_next, output ) == 0 ); + iv_str->x, src_str_next, output ) == 0 ); mbedtls_test_hexify( output_string, output, fragment_size ); - TEST_ASSERT( strncmp( (char *) output_string, hex_expected_output_string, + TEST_ASSERT( strncmp( (char *) output_string, expected_output_string, ( 2 * fragment_size ) ) == 0 ); in_buffer_len -= fragment_size; - hex_expected_output_string += ( fragment_size * 2 ); + expected_output_string += ( fragment_size * 2 ); src_str_next += fragment_size; if( in_buffer_len < fragment_size ) diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index d8a2971b4..d08c39dc6 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -206,35 +206,28 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, +void aria_encrypt_ecb( data_t *key_str, data_t *src_str, char *hex_dst_string, int setkey_result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - size_t key_len, src_str_len, i; + size_t i; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); - - TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ) + TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) { - for( i = 0; i < src_str_len; i += MBEDTLS_ARIA_BLOCKSIZE ) + for( i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE ) { - TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) - == 0 ); + TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i, + output + i ) == 0 ); } - mbedtls_test_hexify( dst_str, output, src_str_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -245,35 +238,28 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, +void aria_decrypt_ecb( data_t *key_str, data_t *src_str, char *hex_dst_string, int setkey_result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - size_t key_len, src_str_len, i; + size_t i; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); - - TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ) + TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == setkey_result ); if( setkey_result == 0 ) { - for( i = 0; i < src_str_len; i += MBEDTLS_ARIA_BLOCKSIZE ) + for( i = 0; i < src_str->len; i += MBEDTLS_ARIA_BLOCKSIZE ) { - TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) - == 0 ); + TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str->x + i, + output + i ) == 0 ); } - mbedtls_test_hexify( dst_str, output, src_str_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -284,36 +270,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ -void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_encrypt_cbc( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int cbc_result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - size_t key_len, src_str_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - mbedtls_test_unhexify( iv_str, hex_iv_string ); - src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, src_str_len, - iv_str, src_str, output ) - == cbc_result ); + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, + src_str->len, iv_str->x, src_str->x, + output ) == cbc_result ); if( cbc_result == 0 ) { - mbedtls_test_hexify( dst_str, output, src_str_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -324,36 +299,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ -void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_decrypt_cbc( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int cbc_result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; - size_t key_len, src_str_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - mbedtls_test_unhexify( iv_str, hex_iv_string ); - src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, src_str_len, - iv_str, src_str, output ) - == cbc_result ); + mbedtls_aria_setkey_dec( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, + src_str->len, iv_str->x, src_str->x, + output ) == cbc_result ); if( cbc_result == 0 ) { - mbedtls_test_hexify( dst_str, output, src_str_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -364,36 +328,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ -void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_encrypt_cfb128( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - size_t key_len, src_str_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - mbedtls_test_unhexify( iv_str, hex_iv_string ); - src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, - src_str_len, &iv_offset, iv_str, - src_str, output ) + src_str->len, &iv_offset, + iv_str->x, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -403,36 +356,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CFB */ -void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_decrypt_cfb128( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - size_t key_len, src_str_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - mbedtls_test_unhexify( iv_str, hex_iv_string ); - src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, - src_str_len, &iv_offset, iv_str, - src_str, output ) + src_str->len, &iv_offset, + iv_str->x, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -442,36 +384,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ -void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_encrypt_ctr( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - size_t key_len, src_str_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - mbedtls_test_unhexify( iv_str, hex_iv_string ); - src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str_len, &iv_offset, iv_str, - blk, src_str, output ) + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset, + iv_str->x, blk, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -481,36 +412,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CTR */ -void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, - char *hex_src_string, char *hex_dst_string, +void aria_decrypt_ctr( data_t *key_str, data_t *iv_str, + data_t *src_str, char *hex_dst_string, int result ) { - unsigned char key_str[ARIA_MAX_KEY_STR]; - unsigned char iv_str[ARIA_BLOCK_STR]; - unsigned char src_str[ARIA_MAX_DATA_STR]; unsigned char dst_str[ARIA_MAX_DATA_STR]; unsigned char output[ARIA_MAX_DATASIZE]; unsigned char blk[MBEDTLS_ARIA_BLOCKSIZE]; mbedtls_aria_context ctx; size_t iv_offset = 0; - size_t key_len, src_str_len; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( iv_str, 0x00, sizeof( iv_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - mbedtls_test_unhexify( iv_str, hex_iv_string ); - src_str_len = mbedtls_test_unhexify( src_str, hex_src_string ); - - mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); - TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str_len, &iv_offset, iv_str, - blk, src_str, output ) + mbedtls_aria_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); + TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, src_str->len, &iv_offset, + iv_str->x, blk, src_str->x, output ) == result ); - mbedtls_test_hexify( dst_str, output, src_str_len ); + mbedtls_test_hexify( dst_str, output, src_str->len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 40ea278a6..5724d8b26 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -192,69 +192,51 @@ exit: /* BEGIN_CASE */ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, - char *key_hex, char *msg_hex, - char *source_address_hex, char *frame_counter_hex, - int sec_level, char *add_hex, - char *expected_result_hex, int output_ret ) + data_t *key, data_t *msg, + data_t *source_address, data_t *frame_counter, + int sec_level, data_t *add, + data_t *expected_result, int output_ret ) { - unsigned char key[32]; - unsigned char msg[50]; unsigned char iv[13]; - unsigned char add[32]; unsigned char result[50]; - unsigned char expected_result[50]; - unsigned char source_address[8]; - unsigned char frame_counter[4]; mbedtls_ccm_context ctx; - size_t i, key_len, msg_len, iv_len, add_len, expected_result_len, source_address_len, frame_counter_len, tag_len; + size_t i, iv_len, tag_len; int ret; mbedtls_ccm_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( msg, 0x00, sizeof( msg ) ); memset( iv, 0x00, sizeof( iv ) ); - memset( add, 0x00, sizeof( add ) ); memset( result, 0x00, sizeof( result ) ); - memset( expected_result, 0x00, sizeof( expected_result ) ); - memset( source_address, 0x00, sizeof( source_address ) ); - memset( frame_counter, 0x00, sizeof( frame_counter ) ); - - key_len = mbedtls_test_unhexify( key, key_hex ); - msg_len = mbedtls_test_unhexify( msg, msg_hex ); - add_len = mbedtls_test_unhexify( add, add_hex ); - expected_result_len = mbedtls_test_unhexify( expected_result, expected_result_hex ); - source_address_len = mbedtls_test_unhexify( source_address, - source_address_hex ); - frame_counter_len = mbedtls_test_unhexify( frame_counter, - frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; else tag_len = 1 << ( sec_level % 4 + 1); - for( i = 0; i < source_address_len; i++ ) - iv[i] = source_address[i]; + for( i = 0; i < source_address->len; i++ ) + iv[i] = source_address->x[i]; - for( i = 0; i < frame_counter_len; i++ ) - iv[source_address_len + i] = frame_counter[i]; + for( i = 0; i < frame_counter->len; i++ ) + iv[source_address->len + i] = frame_counter->x[i]; - iv[source_address_len + frame_counter_len] = sec_level; + iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof( iv ); - TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, + key->x, key->len * 8 ) == 0 ); - ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len, - add, add_len, msg, result, result + msg_len, tag_len ); + ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len, + add->x, add->len, msg->x, + result, result + msg->len, tag_len ); TEST_ASSERT( ret == output_ret ); - TEST_ASSERT( memcmp( result, expected_result, expected_result_len ) == 0 ); + TEST_ASSERT( memcmp( result, + expected_result->x, expected_result->len ) == 0 ); /* Check we didn't write past the end */ - TEST_ASSERT( result[expected_result_len] == 0 && - result[expected_result_len + 1] == 0 ); + TEST_ASSERT( result[expected_result->len] == 0 && + result[expected_result->len + 1] == 0 ); exit: mbedtls_ccm_free( &ctx ); @@ -263,70 +245,51 @@ exit: /* BEGIN_CASE */ void mbedtls_ccm_star_auth_decrypt( int cipher_id, - char *key_hex, char *msg_hex, - char *source_address_hex, char *frame_counter_hex, - int sec_level, char *add_hex, - char *expected_result_hex, int output_ret ) + data_t *key, data_t *msg, + data_t *source_address, data_t *frame_counter, + int sec_level, data_t *add, + data_t *expected_result, int output_ret ) { - unsigned char key[32]; - unsigned char msg[50]; unsigned char iv[13]; - unsigned char add[32]; unsigned char result[50]; - unsigned char expected_result[50]; - unsigned char source_address[8]; - unsigned char frame_counter[4]; mbedtls_ccm_context ctx; - size_t i, key_len, msg_len, iv_len, add_len, tag_len, expected_result_len, source_address_len, frame_counter_len; + size_t i, iv_len, tag_len; int ret; mbedtls_ccm_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( msg, 0x00, sizeof( msg ) ); memset( iv, 0x00, sizeof( iv ) ); - memset( add, 0x00, sizeof( add ) ); memset( result, '+', sizeof( result ) ); - memset( expected_result, 0x00, sizeof( expected_result ) ); - memset( source_address, 0x00, sizeof( source_address ) ); - memset( frame_counter, 0x00, sizeof( frame_counter ) ); - - key_len = mbedtls_test_unhexify( key, key_hex ); - msg_len = mbedtls_test_unhexify( msg, msg_hex ); - add_len = mbedtls_test_unhexify( add, add_hex ); - expected_result_len = mbedtls_test_unhexify( expected_result, expected_result_hex ); - source_address_len = mbedtls_test_unhexify( source_address, - source_address_hex ); - frame_counter_len = mbedtls_test_unhexify( frame_counter, - frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; else tag_len = 1 << ( sec_level % 4 + 1); - for( i = 0; i < source_address_len; i++ ) - iv[i] = source_address[i]; + for( i = 0; i < source_address->len; i++ ) + iv[i] = source_address->x[i]; - for( i = 0; i < frame_counter_len; i++ ) - iv[source_address_len + i] = frame_counter[i]; + for( i = 0; i < frame_counter->len; i++ ) + iv[source_address->len + i] = frame_counter->x[i]; - iv[source_address_len + frame_counter_len] = sec_level; + iv[source_address->len + frame_counter->len] = sec_level; iv_len = sizeof( iv ); - TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); - ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len - tag_len, iv, iv_len, - add, add_len, msg, result, msg + msg_len - tag_len, tag_len ); + ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg->len - tag_len, iv, iv_len, + add->x, add->len, msg->x, result, + msg->x + msg->len - tag_len, tag_len ); TEST_ASSERT( ret == output_ret ); - TEST_ASSERT( memcmp( result, expected_result, expected_result_len ) == 0 ); + TEST_ASSERT( memcmp( result, expected_result->x, + expected_result->len ) == 0 ); /* Check we didn't write past the end (where the original tag is) */ - TEST_ASSERT( ( msg_len + 2 ) <= sizeof( result ) ); - TEST_EQUAL( result[msg_len], '+' ); - TEST_EQUAL( result[msg_len + 1], '+' ); + TEST_ASSERT( ( msg->len + 2 ) <= sizeof( result ) ); + TEST_EQUAL( result[msg->len], '+' ); + TEST_EQUAL( result[msg->len + 1], '+' ); exit: mbedtls_ccm_free( &ctx ); diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 137b92a6e..afe24183a 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -8,63 +8,55 @@ */ /* BEGIN_CASE */ -void chacha20_crypt( char *hex_key_string, - char *hex_nonce_string, +void chacha20_crypt( data_t *key_str, + data_t *nonce_str, int counter, - char *hex_src_string, - char *hex_expected_output_string ) + data_t *src_str, + data_t *expected_output_str ) { - unsigned char key_str[32]; /* size set by the standard */ - unsigned char nonce_str[12]; /* size set by the standard */ - unsigned char src_str[375]; /* max size of binary input */ - unsigned char expected_output_str[375]; unsigned char output[375]; - unsigned char output_string[751]; /* ASCII string representation of output */ - size_t key_len; - size_t nonce_len; - size_t src_len; - size_t expected_output_len; mbedtls_chacha20_context ctx; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( nonce_str, 0x00, sizeof( nonce_str ) ); - memset( src_str, 0x00, sizeof( src_str ) ); - memset( output, 0x00, sizeof( output ) ); - memset( output_string, 0x00, sizeof( output_string ) ); + /* + * Buffers to store the ASCII string representation of output and + * expected_output_str. + */ + unsigned char output_string[751] = { '\0' }; + unsigned char expected_output_string[751] = { '\0' }; - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); - src_len = mbedtls_test_unhexify( src_str, hex_src_string ); - expected_output_len = mbedtls_test_unhexify( expected_output_str, - hex_expected_output_string ); + memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( src_len == expected_output_len ); - TEST_ASSERT( key_len == 32U ); - TEST_ASSERT( nonce_len == 12U ); + TEST_ASSERT( src_str->len == expected_output_str->len ); + TEST_ASSERT( key_str->len == 32U ); + TEST_ASSERT( nonce_str->len == 12U ); /* * Test the integrated API */ - TEST_ASSERT( mbedtls_chacha20_crypt( key_str, nonce_str, counter, src_len, src_str, output ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_crypt( key_str->x, nonce_str->x, counter, src_str->len, src_str->x, output ) == 0 ); - mbedtls_test_hexify( output_string, output, src_len ); - TEST_ASSERT( strcmp( (char*) output_string, hex_expected_output_string ) == 0 ); + mbedtls_test_hexify( expected_output_string, + expected_output_str->x, + expected_output_str->len); + mbedtls_test_hexify( output_string, output, src_str->len ); + TEST_ASSERT( strcmp( (char *)output_string, + (char *)expected_output_string ) == 0 ); /* * Test the streaming API */ mbedtls_chacha20_init( &ctx ); - TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, key_str ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_setkey( &ctx, key_str->x ) == 0 ); - TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str->x, counter ) == 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len, src_str, output ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len, src_str->x, output ) == 0 ); - mbedtls_test_hexify( output_string, output, src_len ); - TEST_ASSERT( strcmp( (char*) output_string, - hex_expected_output_string ) == 0 ); + mbedtls_test_hexify( output_string, output, src_str->len ); + TEST_ASSERT( strcmp( (char *)output_string, + (char *)expected_output_string ) == 0 ); /* * Test the streaming API again, piecewise @@ -72,15 +64,16 @@ void chacha20_crypt( char *hex_key_string, /* Don't free/init the context nor set the key again, * in order to test that starts() does the right thing. */ - TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str, counter ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_starts( &ctx, nonce_str->x, counter ) == 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str, output ) == 0 ); - TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len - 1, src_str + 1, output + 1 ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str->x, output ) == 0 ); + TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_str->len - 1, + src_str->x + 1, output + 1 ) == 0 ); - mbedtls_test_hexify( output_string, output, src_len ); - TEST_ASSERT( strcmp( (char*) output_string, - hex_expected_output_string ) == 0 ); + mbedtls_test_hexify( output_string, output, src_str->len ); + TEST_ASSERT( strcmp( (char *)output_string, + (char *)expected_output_string ) == 0 ); mbedtls_chacha20_free( &ctx ); } diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function index aeaf1d74a..96128e4ec 100644 --- a/tests/suites/test_suite_chachapoly.function +++ b/tests/suites/test_suite_chachapoly.function @@ -8,53 +8,27 @@ */ /* BEGIN_CASE */ -void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string ) +void mbedtls_chachapoly_enc( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str ) { - unsigned char key_str[32]; /* size set by the standard */ - unsigned char nonce_str[12]; /* size set by the standard */ - unsigned char aad_str[12]; /* max size of test data so far */ - unsigned char input_str[265]; /* max size of binary input/output so far */ - unsigned char output_str[265]; unsigned char output[265]; - unsigned char mac_str[16]; /* size set by the standard */ unsigned char mac[16]; /* size set by the standard */ - size_t input_len; - size_t output_len; - size_t aad_len; - size_t key_len; - size_t nonce_len; - size_t mac_len; mbedtls_chachapoly_context ctx; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( nonce_str, 0x00, sizeof( nonce_str ) ); - memset( aad_str, 0x00, sizeof( aad_str ) ); - memset( input_str, 0x00, sizeof( input_str ) ); - memset( output_str, 0x00, sizeof( output_str ) ); - memset( mac_str, 0x00, sizeof( mac_str ) ); - - aad_len = mbedtls_test_unhexify( aad_str, hex_aad_string ); - input_len = mbedtls_test_unhexify( input_str, hex_input_string ); - output_len = mbedtls_test_unhexify( output_str, hex_output_string ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); - mac_len = mbedtls_test_unhexify( mac_str, hex_mac_string ); - - TEST_ASSERT( key_len == 32 ); - TEST_ASSERT( nonce_len == 12 ); - TEST_ASSERT( mac_len == 16 ); + TEST_ASSERT( key_str->len == 32 ); + TEST_ASSERT( nonce_str->len == 12 ); + TEST_ASSERT( mac_str->len == 16 ); mbedtls_chachapoly_init( &ctx ); - TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 ); + TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, - input_len, nonce_str, - aad_str, aad_len, - input_str, output, mac ) == 0 ); + input_str->len, nonce_str->x, + aad_str->x, aad_str->len, + input_str->x, output, mac ) == 0 ); - TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 ); - TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 ); + TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); + TEST_ASSERT( memcmp( mac_str->x, mac, 16U ) == 0 ); exit: mbedtls_chachapoly_free( &ctx ); @@ -62,55 +36,29 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp ) +void mbedtls_chachapoly_dec( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp ) { - unsigned char key_str[32]; /* size set by the standard */ - unsigned char nonce_str[12]; /* size set by the standard */ - unsigned char aad_str[12]; /* max size of test data so far */ - unsigned char input_str[265]; /* max size of binary input/output so far */ - unsigned char output_str[265]; unsigned char output[265]; - unsigned char mac_str[16]; /* size set by the standard */ - size_t input_len; - size_t output_len; - size_t aad_len; - size_t key_len; - size_t nonce_len; - size_t mac_len; int ret; mbedtls_chachapoly_context ctx; - memset( key_str, 0x00, sizeof( key_str ) ); - memset( nonce_str, 0x00, sizeof( nonce_str ) ); - memset( aad_str, 0x00, sizeof( aad_str ) ); - memset( input_str, 0x00, sizeof( input_str ) ); - memset( output_str, 0x00, sizeof( output_str ) ); - memset( mac_str, 0x00, sizeof( mac_str ) ); - - aad_len = mbedtls_test_unhexify( aad_str, hex_aad_string ); - input_len = mbedtls_test_unhexify( input_str, hex_input_string ); - output_len = mbedtls_test_unhexify( output_str, hex_output_string ); - key_len = mbedtls_test_unhexify( key_str, hex_key_string ); - nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); - mac_len = mbedtls_test_unhexify( mac_str, hex_mac_string ); - - TEST_ASSERT( key_len == 32 ); - TEST_ASSERT( nonce_len == 12 ); - TEST_ASSERT( mac_len == 16 ); + TEST_ASSERT( key_str->len == 32 ); + TEST_ASSERT( nonce_str->len == 12 ); + TEST_ASSERT( mac_str->len == 16 ); mbedtls_chachapoly_init( &ctx ); - TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 ); + TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); ret = mbedtls_chachapoly_auth_decrypt( &ctx, - input_len, nonce_str, - aad_str, aad_len, - mac_str, input_str, output ); + input_str->len, nonce_str->x, + aad_str->x, aad_str->len, + mac_str->x, input_str->x, output ); TEST_ASSERT( ret == ret_exp ); if( ret_exp == 0 ) { - TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 ); + TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 8b2956f94..ea1e9ada5 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1125,26 +1125,17 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ -void test_vec_crypt( int cipher_id, int operation, char *hex_key, - char *hex_iv, char *hex_input, char *hex_result, +void test_vec_crypt( int cipher_id, int operation, data_t *key, + data_t *iv, data_t *input, data_t *result, int finish_result, int use_psa ) { - unsigned char key[50]; - unsigned char input[16]; - unsigned char result[16]; - unsigned char iv[16]; - size_t key_len, iv_len, inputlen, resultlen; mbedtls_cipher_context_t ctx; unsigned char output[32]; size_t outlen; mbedtls_cipher_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( input, 0x00, sizeof( input ) ); - memset( result, 0x00, sizeof( result ) ); memset( output, 0x00, sizeof( output ) ); - memset( iv, 0x00, sizeof( iv ) ); /* Prepare context */ #if !defined(MBEDTLS_USE_PSA_CRYPTO) @@ -1161,23 +1152,17 @@ void test_vec_crypt( int cipher_id, int operation, char *hex_key, TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, mbedtls_cipher_info_from_type( cipher_id ) ) ); - key_len = mbedtls_test_unhexify( key, hex_key ); - inputlen = mbedtls_test_unhexify( input, hex_input ); - resultlen = mbedtls_test_unhexify( result, hex_result ); - - TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) ); + TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) ); if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode ) TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) ); - iv_len = mbedtls_test_unhexify( iv, hex_iv ); - - TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL, - iv_len, input, inputlen, + TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv->len ? iv->x : NULL, + iv->len, input->x, input->len, output, &outlen ) ); - TEST_ASSERT( resultlen == outlen ); + TEST_ASSERT( result->len == outlen ); /* check plaintext only if everything went fine */ if( 0 == finish_result ) - TEST_ASSERT( 0 == memcmp( output, result, outlen ) ); + TEST_ASSERT( 0 == memcmp( output, result->x, outlen ) ); exit: mbedtls_cipher_free( &ctx ); diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 0caf09121..3ab96fa11 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -346,7 +346,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ -void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, +void ecdh_restart( int id, data_t *dA, data_t *dB, data_t *z, int enable, int max_ops, int min_restart, int max_restart ) { int ret; @@ -354,10 +354,6 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, unsigned char buf[1000]; const unsigned char *vbuf; size_t len; - unsigned char z[MBEDTLS_ECP_MAX_BYTES]; - size_t z_len; - unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES]; - unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES]; mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; int cnt_restart; mbedtls_ecp_group grp; @@ -366,13 +362,11 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); - z_len = mbedtls_test_unhexify( z, z_str ); + rnd_info_A.buf = dA->x; + rnd_info_A.length = dA->len; - rnd_info_A.buf = rnd_buf_A; - rnd_info_A.length = mbedtls_test_unhexify( rnd_buf_A, dA_str ); - - rnd_info_B.buf = rnd_buf_B; - rnd_info_B.length = mbedtls_test_unhexify( rnd_buf_B, dB_str ); + rnd_info_B.buf = dB->x; + rnd_info_B.length = dB->len; /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure * in every configuration, therefore we load it separately. */ @@ -444,8 +438,8 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, TEST_ASSERT( cnt_restart >= min_restart ); TEST_ASSERT( cnt_restart <= max_restart ); - TEST_ASSERT( len == z_len ); - TEST_ASSERT( memcmp( buf, z, len ) == 0 ); + TEST_ASSERT( len == z->len ); + TEST_ASSERT( memcmp( buf, z->x, len ) == 0 ); /* client computes shared secret */ memset( buf, 0, sizeof( buf ) ); @@ -461,8 +455,8 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, TEST_ASSERT( cnt_restart >= min_restart ); TEST_ASSERT( cnt_restart <= max_restart ); - TEST_ASSERT( len == z_len ); - TEST_ASSERT( memcmp( buf, z, len ) == 0 ); + TEST_ASSERT( len == z->len ); + TEST_ASSERT( memcmp( buf, z->x, len ) == 0 ); exit: mbedtls_ecp_group_free( &grp ); diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 76f72e249..e6da884aa 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -411,33 +411,26 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE */ -void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str, +void ecdsa_read_restart( int id, data_t *pk, data_t *hash, data_t *sig, int max_ops, int min_restart, int max_restart ) { mbedtls_ecdsa_context ctx; mbedtls_ecdsa_restart_ctx rs_ctx; - unsigned char hash[64]; - unsigned char sig[200]; - unsigned char pk[65]; - size_t sig_len, hash_len, pk_len; int ret, cnt_restart; mbedtls_ecdsa_init( &ctx ); mbedtls_ecdsa_restart_init( &rs_ctx ); - hash_len = mbedtls_test_unhexify(hash, h_str); - sig_len = mbedtls_test_unhexify(sig, s_str); - pk_len = mbedtls_test_unhexify(pk, k_str); - TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 ); + TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, + pk->x, pk->len ) == 0 ); mbedtls_ecp_set_max_ops( max_ops ); cnt_restart = 0; do { ret = mbedtls_ecdsa_read_signature_restartable( &ctx, - hash, hash_len, sig, sig_len, &rs_ctx ); + hash->x, hash->len, sig->x, sig->len, &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -445,29 +438,31 @@ void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str, TEST_ASSERT( cnt_restart <= max_restart ); /* try modifying r */ - sig[10]++; + + TEST_ASSERT( sig->len > 10 ); + sig->x[10]++; do { ret = mbedtls_ecdsa_read_signature_restartable( &ctx, - hash, hash_len, sig, sig_len, &rs_ctx ); + hash->x, hash->len, sig->x, sig->len, &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - sig[10]--; + sig->x[10]--; /* try modifying s */ - sig[sig_len - 1]++; + sig->x[sig->len - 1]++; do { ret = mbedtls_ecdsa_read_signature_restartable( &ctx, - hash, hash_len, sig, sig_len, &rs_ctx ); + hash->x, hash->len, sig->x, sig->len, &rs_ctx ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_VERIFY_FAILED ); - sig[sig_len - 1]--; + sig->x[sig->len - 1]--; /* Do we leak memory when aborting an operation? * This test only makes sense when we actually restart */ if( min_restart > 0 ) { ret = mbedtls_ecdsa_read_signature_restartable( &ctx, - hash, hash_len, sig, sig_len, &rs_ctx ); + hash->x, hash->len, sig->x, sig->len, &rs_ctx ); TEST_ASSERT( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ); } @@ -479,7 +474,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_DETERMINISTIC */ void ecdsa_write_restart( int id, char *d_str, int md_alg, - char *msg, char *sig_str, + char *msg, data_t *sig_check, int max_ops, int min_restart, int max_restart ) { int ret, cnt_restart; @@ -487,19 +482,16 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, mbedtls_ecdsa_context ctx; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; - unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; - size_t hlen, slen, slen_check; + size_t hlen, slen; const mbedtls_md_info_t *md_info; mbedtls_ecdsa_restart_init( &rs_ctx ); mbedtls_ecdsa_init( &ctx ); memset( hash, 0, sizeof( hash ) ); memset( sig, 0, sizeof( sig ) ); - memset( sig_check, 0, sizeof( sig_check ) ); TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 ); - slen_check = mbedtls_test_unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); @@ -519,8 +511,8 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( slen == slen_check ); - TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 ); + TEST_ASSERT( slen == sig_check->len ); + TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 ); TEST_ASSERT( cnt_restart >= min_restart ); TEST_ASSERT( cnt_restart <= max_restart ); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 0aefca561..967df3690 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -9,43 +9,36 @@ */ /* BEGIN_CASE */ -void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, - char *hex_info_string, char *hex_expected_okm_string ) +void test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info, + data_t *expected_okm ) { int ret; - size_t ikm_len, salt_len, info_len, expected_okm_len; - unsigned char ikm[128] = { '\0' }; - unsigned char salt[128] = { '\0' }; - unsigned char info[128] = { '\0' }; - unsigned char expected_okm[128] = { '\0' }; unsigned char okm[128] = { '\0' }; /* - * okm_string is the ASCII string representation of okm, - * so its size is twice the size of okm, and an extra null-termination. + * okm_string and expected_okm_string are the ASCII string representations + * of km and expected_okm, so their size should be twice the size of + * okm and expected_okm, and an extra null-termination. */ unsigned char okm_string[257] = { '\0' }; + unsigned char expected_okm_string[257] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); - ikm_len = mbedtls_test_unhexify( ikm, hex_ikm_string ); - salt_len = mbedtls_test_unhexify( salt, hex_salt_string ); - info_len = mbedtls_test_unhexify( info, hex_info_string ); - expected_okm_len = mbedtls_test_unhexify( expected_okm, - hex_expected_okm_string ); + TEST_ASSERT( expected_okm->len <= sizeof( okm ) ); - TEST_ASSERT( expected_okm_len <= sizeof( okm ) ); - - ret = mbedtls_hkdf( md, salt, salt_len, ikm, ikm_len, info, info_len, okm, - expected_okm_len); + ret = mbedtls_hkdf( md, salt->x, salt->len, ikm->x, ikm->len, + info->x, info->len, okm, expected_okm->len ); TEST_ASSERT( ret == 0 ); /* - * Run mbedtls_test_hexify on it so that it looks nicer if the assertion - * fails. + * Run mbedtls_test_hexify on okm and expected_okm so that it looks nicer + * if the assertion fails. */ - mbedtls_test_hexify( okm_string, okm, expected_okm_len ); - TEST_ASSERT( !strcmp( (char *)okm_string, hex_expected_okm_string ) ); + mbedtls_test_hexify( okm_string, okm, expected_okm->len ); + mbedtls_test_hexify( expected_okm_string, + expected_okm->x, expected_okm->len ); + TEST_ASSERT( !strcmp( (char *)okm_string, (char *)expected_okm_string ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function index 15370b2fd..6a810520f 100644 --- a/tests/suites/test_suite_nist_kw.function +++ b/tests/suites/test_suite_nist_kw.function @@ -242,42 +242,31 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_nist_kw_wrap( int cipher_id, int mode, - char *key_hex, char *msg_hex, - char *expected_result_hex ) +void mbedtls_nist_kw_wrap( int cipher_id, int mode, data_t *key, data_t *msg, + data_t *expected_result ) { - unsigned char key[32]; - unsigned char msg[512]; unsigned char result[528]; - unsigned char expected_result[528]; mbedtls_nist_kw_context ctx; - size_t key_len, msg_len, result_len, expected_result_len, i, padlen; + size_t result_len, i, padlen; mbedtls_nist_kw_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( msg, 0x00, sizeof( msg ) ); memset( result, '+', sizeof( result ) ); - key_len = mbedtls_test_unhexify( key, key_hex ); - msg_len = mbedtls_test_unhexify( msg, msg_hex ); - expected_result_len = mbedtls_test_unhexify( expected_result, expected_result_hex ); - result_len = sizeof( result ); - - TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 1 ) - == 0 ); + TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, + key->x, key->len * 8, 1 ) == 0 ); /* Test with input == output */ - TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg, msg_len, + TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg->x, msg->len, result, &result_len, sizeof( result ) ) == 0 ); - TEST_ASSERT( result_len == expected_result_len ); + TEST_ASSERT( result_len == expected_result->len ); - TEST_ASSERT( memcmp( expected_result, result, expected_result_len ) == 0 ); + TEST_ASSERT( memcmp( expected_result->x, result, result_len ) == 0 ); - padlen = ( msg_len % 8 != 0 ) ? 8 - (msg_len % 8 ) : 0; + padlen = ( msg->len % 8 != 0 ) ? 8 - (msg->len % 8 ) : 0; /* Check that the function didn't write beyond the end of the buffer. */ - for( i = msg_len + 8 + padlen; i < sizeof( result ); i++ ) + for( i = msg->len + 8 + padlen; i < sizeof( result ); i++ ) { TEST_ASSERT( result[i] == '+' ); } @@ -288,39 +277,27 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_nist_kw_unwrap( int cipher_id, int mode, - char *key_hex, char *msg_hex, - char *expected_result_hex, int expected_ret ) +void mbedtls_nist_kw_unwrap( int cipher_id, int mode, data_t *key, data_t *msg, + data_t *expected_result, int expected_ret ) { - unsigned char key[32]; - unsigned char msg[528]; unsigned char result[528]; - unsigned char expected_result[528]; mbedtls_nist_kw_context ctx; - size_t key_len, msg_len, result_len, expected_result_len, i; + size_t result_len, i; mbedtls_nist_kw_init( &ctx ); - memset( key, 0x00, sizeof( key ) ); - memset( msg, 0x00, sizeof( msg ) ); memset( result, '+', sizeof( result ) ); - memset( expected_result, 0x00, sizeof( expected_result ) ); - key_len = mbedtls_test_unhexify( key, key_hex ); - msg_len = mbedtls_test_unhexify( msg, msg_hex ); - expected_result_len = mbedtls_test_unhexify( expected_result, expected_result_hex ); - result_len = sizeof( result ); - - TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 0 ) - == 0 ); + TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, + key->x, key->len * 8, 0 ) == 0 ); /* Test with input == output */ - TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg, msg_len, + TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg->x, msg->len, result, &result_len, sizeof( result ) ) == expected_ret ); if( expected_ret == 0 ) { - TEST_ASSERT( result_len == expected_result_len ); - TEST_ASSERT( memcmp( expected_result, result, expected_result_len ) == 0 ); + TEST_ASSERT( result_len == expected_result->len ); + TEST_ASSERT( memcmp( expected_result->x, result, result_len ) == 0 ); } else { @@ -328,7 +305,7 @@ void mbedtls_nist_kw_unwrap( int cipher_id, int mode, } /* Check that the function didn't write beyond the end of the buffer. */ - for( i = msg_len - 8; i < sizeof( result ); i++ ) + for( i = msg->len - 8; i < sizeof( result ); i++ ) { TEST_ASSERT( result[i] == '+' ); } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index dbc52e5d0..f9c10c960 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -788,7 +788,7 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC */ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, char *QX_str, char *QY_str, - int md_alg, char *msg, char *sig_str, + int md_alg, char *msg, data_t *sig_check, int max_ops, int min_restart, int max_restart ) { int ret, cnt_restart; @@ -796,8 +796,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, mbedtls_pk_context prv, pub; unsigned char hash[MBEDTLS_MD_MAX_SIZE]; unsigned char sig[MBEDTLS_ECDSA_MAX_LEN]; - unsigned char sig_check[MBEDTLS_ECDSA_MAX_LEN]; - size_t hlen, slen, slen_check; + size_t hlen, slen; const mbedtls_md_info_t *md_info; mbedtls_pk_restart_init( &rs_ctx ); @@ -805,7 +804,6 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, mbedtls_pk_init( &pub ); memset( hash, 0, sizeof( hash ) ); memset( sig, 0, sizeof( sig ) ); - memset( sig_check, 0, sizeof( sig_check ) ); TEST_ASSERT( mbedtls_pk_setup( &prv, mbedtls_pk_info_from_type( pk_type ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( prv )->grp, grp_id ) == 0 ); @@ -815,8 +813,6 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 ); - slen_check = mbedtls_test_unhexify( sig_check, sig_str ); - md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); @@ -835,8 +831,8 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( slen == slen_check ); - TEST_ASSERT( memcmp( sig, sig_check, slen ) == 0 ); + TEST_ASSERT( slen == sig_check->len ); + TEST_ASSERT( memcmp( sig, sig_check->x, slen ) == 0 ); TEST_ASSERT( cnt_restart >= min_restart ); TEST_ASSERT( cnt_restart <= max_restart ); diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index eadb992fe..44617d98e 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -9,27 +9,20 @@ */ /* BEGIN_CASE */ -void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src_string ) +void mbedtls_poly1305( data_t *key, char *hex_mac_string, data_t *src_str ) { - unsigned char src_str[375]; /* max size of binary input */ - unsigned char key[32]; /* size set by the standard */ unsigned char mac[16]; /* size set by the standard */ unsigned char mac_str[33]; /* hex expansion of the above */ - size_t src_len; mbedtls_poly1305_context ctx; - memset( src_str, 0x00, sizeof( src_str ) ); memset( mac_str, 0x00, sizeof( mac_str ) ); - memset( key, 0x00, sizeof( key ) ); memset( mac, 0x00, sizeof( mac ) ); - src_len = mbedtls_test_unhexify( src_str, hex_src_string ); - mbedtls_test_unhexify( key, hex_key_string ); - /* * Test the integrated API */ - TEST_ASSERT( mbedtls_poly1305_mac( key, src_str, src_len, mac ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_mac( key->x, src_str->x, + src_str->len, mac ) == 0 ); mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); @@ -39,9 +32,9 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src */ mbedtls_poly1305_init( &ctx ); - TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, src_len ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, src_str->len ) == 0 ); TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); @@ -54,12 +47,12 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src /* Don't free/init the context, in order to test that starts() does the * right thing. */ - if( src_len >= 1 ) + if( src_str->len >= 1 ) { - TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, src_len - 1 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, 1 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 1, src_str->len - 1 ) == 0 ); TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); @@ -70,13 +63,13 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src /* * Again with more pieces */ - if( src_len >= 2 ) + if( src_str->len >= 2 ) { - TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_starts( &ctx, key->x ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str, 1 ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 1, 1 ) == 0 ); - TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str + 2, src_len - 2 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x, 1 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 1, 1 ) == 0 ); + TEST_ASSERT( mbedtls_poly1305_update( &ctx, src_str->x + 2, src_str->len - 2 ) == 0 ); TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); From a0c2539c4ce052ed44d3d8fdada709d1851ce0c9 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 18 Jun 2020 10:10:46 +0200 Subject: [PATCH 216/247] Rework mbedtls_test_unhexify() Rework mbedtls_test_unhexify to extend its scope of usage. Return in error when the function detects an error instead of calling mbedtls_exit(). Improve safety by checking the output buffer is not overrun. Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 24 +++++++++++- tests/src/helpers.c | 63 ++++++++++++++++++------------- tests/suites/host_test.function | 9 ++++- tests/suites/target_test.function | 15 ++++++-- 4 files changed, 79 insertions(+), 32 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 36ec8e687..69d882ca4 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -54,7 +54,29 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); -int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ); +/** + * \brief This function translates an ASCII string encoding an + * hexadecimal number into the encoded hexadecimal number. The + * hexadecimal number is represented as an array of + * unsigned char. + * + * \note The output buffer can be the same as the input buffer. For + * any other overlapping of the input and output buffers, the + * behavior is undefined. + * + * \param obuf Output buffer. + * \param obufmax Size in number of bytes of \p obuf. + * \param ibuf Input buffer. + * \param len The number of unsigned char written in \p obuf. This must + * not be \c NULL. + * + * \return \c 0 on success. + * \return \c -1 if the output buffer is too small or the input string + * is not a valid ASCII encoding of an hexadecimal number. + */ +int mbedtls_test_unhexify( unsigned char *obuf, size_t obufmax, + const char *ibuf, size_t *len ); + void mbedtls_test_hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 08d88a5dc..b9abf19aa 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -41,38 +41,49 @@ void mbedtls_test_platform_teardown( void ) #endif /* MBEDTLS_PLATFORM_C */ } -int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ) +static int ascii2uc(const char c, unsigned char *uc) { - unsigned char c, c2; - int len = strlen( ibuf ) / 2; - TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ + if( ( c >= '0' ) && ( c <= '9' ) ) + *uc = c - '0'; + else if( ( c >= 'a' ) && ( c <= 'f' ) ) + *uc = c - 'a' + 10; + else if( ( c >= 'A' ) && ( c <= 'F' ) ) + *uc = c - 'A' + 10; + else + return( -1 ); + + return( 0 ); +} + +int mbedtls_test_unhexify( unsigned char *obuf, + size_t obufmax, + const char *ibuf, + size_t *len ) +{ + unsigned char uc, uc2; + + *len = strlen( ibuf ); + + /* Must be even number of bytes. */ + if ( ( *len ) & 1 ) + return( -1 ); + *len /= 2; + + if ( (*len) > obufmax ) + return( -1 ); while( *ibuf != 0 ) { - c = *ibuf++; - if( c >= '0' && c <= '9' ) - c -= '0'; - else if( c >= 'a' && c <= 'f' ) - c -= 'a' - 10; - else if( c >= 'A' && c <= 'F' ) - c -= 'A' - 10; - else - TEST_HELPER_ASSERT( 0 ); + if ( ascii2uc( *(ibuf++), &uc ) != 0 ) + return( -1 ); - c2 = *ibuf++; - if( c2 >= '0' && c2 <= '9' ) - c2 -= '0'; - else if( c2 >= 'a' && c2 <= 'f' ) - c2 -= 'a' - 10; - else if( c2 >= 'A' && c2 <= 'F' ) - c2 -= 'A' - 10; - else - TEST_HELPER_ASSERT( 0 ); + if ( ascii2uc( *(ibuf++), &uc2 ) != 0 ) + return( -1 ); - *obuf++ = ( c << 4 ) | c2; + *(obuf++) = ( uc << 4 ) | uc2; } - return len; + return( 0 ); } void mbedtls_test_hexify( unsigned char *obuf, @@ -117,6 +128,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ) unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) { unsigned char *obuf; + size_t len; *olen = strlen( ibuf ) / 2; @@ -125,8 +137,7 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) obuf = mbedtls_calloc( 1, *olen ); TEST_HELPER_ASSERT( obuf != NULL ); - - (void) mbedtls_test_unhexify( obuf, ibuf ); + TEST_HELPER_ASSERT( mbedtls_test_unhexify( obuf, *olen, ibuf, &len ) == 0 ); return( obuf ); } diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index c57fa0707..a459eed56 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -277,8 +277,13 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store { if ( verify_string( &val ) == 0 ) { - *int_params_store = mbedtls_test_unhexify( - (unsigned char *) val, val ); + size_t len; + + TEST_HELPER_ASSERT( + mbedtls_test_unhexify( (unsigned char *) val, strlen( val ), + val, &len ) == 0 ); + + *int_params_store = len; *out++ = val; *out++ = (char *)(int_params_store++); } diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function index f7a9f0438..8354b968c 100644 --- a/tests/suites/target_test.function +++ b/tests/suites/target_test.function @@ -70,12 +70,16 @@ uint8_t receive_byte() { uint8_t byte; uint8_t c[3]; - char *endptr; + size_t len; + c[0] = greentea_getc(); c[1] = greentea_getc(); c[2] = '\0'; - TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, c ) != 2 ); + TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, sizeof( byte ), + c, &len ) == 0 ); + TEST_HELPER_ASSERT( len != 2 ); + return( byte ); } @@ -90,6 +94,7 @@ uint8_t receive_byte() uint32_t receive_uint32() { uint32_t value; + size_t len; const uint8_t c_be[8] = { greentea_getc(), greentea_getc(), greentea_getc(), @@ -101,7 +106,11 @@ uint32_t receive_uint32() }; const uint8_t c[9] = { c_be[6], c_be[7], c_be[4], c_be[5], c_be[2], c_be[3], c_be[0], c_be[1], '\0' }; - TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, c ) != 8 ); + + TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, sizeof( value ), + c, &len ) == 0 ); + TEST_HELPER_ASSERT( len != 8 ); + return( value ); } From 7d8661618be3c6c462423c8050101c0d18eec528 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 18 Jun 2020 10:36:26 +0200 Subject: [PATCH 217/247] Use mbedtls_test_unhexify in programs Use mbedtls_test_unhexify in programs instead of ad-hoc implementations. Signed-off-by: Ronald Cron --- programs/ssl/ssl_client2.c | 77 ++++++-------------------------------- programs/ssl/ssl_server2.c | 60 +++++------------------------ 2 files changed, 21 insertions(+), 116 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 486b6a6b0..2e8e105b7 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -74,6 +74,8 @@ int main( void ) #include "mbedtls/psa_util.h" #endif +#include + #include #include #include @@ -1016,45 +1018,6 @@ int idle( mbedtls_net_context *fd, return( 0 ); } -/* Unhexify `hex` into `dst`. `dst` must have - * size at least `strlen( hex ) / 2`. */ -int unhexify( char const *hex, unsigned char *dst ) -{ - unsigned char c; - size_t j; - size_t len = strlen( hex ); - - if( len % 2 != 0 ) - return( -1 ); - - for( j = 0; j < len; j += 2 ) - { - c = hex[j]; - if( c >= '0' && c <= '9' ) - c -= '0'; - else if( c >= 'a' && c <= 'f' ) - c -= 'a' - 10; - else if( c >= 'A' && c <= 'F' ) - c -= 'A' - 10; - else - return( -1 ); - dst[ j / 2 ] = c << 4; - - c = hex[j + 1]; - if( c >= '0' && c <= '9' ) - c -= '0'; - else if( c >= 'a' && c <= 'f' ) - c -= 'a' - 10; - else if( c >= 'A' && c <= 'F' ) - c -= 'A' - 10; - else - return( -1 ); - dst[ j / 2 ] |= c; - } - - return( 0 ); -} - #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) int report_cid_usage( mbedtls_ssl_context *ssl, const char *additional_description ) @@ -1785,16 +1748,10 @@ int main( int argc, char *argv[] ) */ if( strlen( opt.psk ) ) { - psk_len = strlen( opt.psk ) / 2; - if( psk_len > sizeof( psk ) ) + if( mbedtls_test_unhexify( psk, sizeof( psk ), + opt.psk, &psk_len ) != 0 ) { - mbedtls_printf( "pre-shared key too long\n" ); - goto exit; - } - - if( unhexify( opt.psk, psk ) != 0 ) - { - mbedtls_printf( "pre-shared key not valid hex\n" ); + mbedtls_printf( "pre-shared key not valid\n" ); goto exit; } } @@ -1896,16 +1853,10 @@ int main( int argc, char *argv[] ) } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - cid_len = strlen( opt.cid_val ) / 2; - if( cid_len > sizeof( cid ) ) + if( mbedtls_test_unhexify( cid, sizeof( cid ), + opt.cid_val, &cid_len ) != 0 ) { - mbedtls_printf( "CID too long\n" ); - goto exit; - } - - if( unhexify( opt.cid_val, cid ) != 0 ) - { - mbedtls_printf( "CID not valid hex\n" ); + mbedtls_printf( "CID not valid\n" ); goto exit; } @@ -1916,16 +1867,10 @@ int main( int argc, char *argv[] ) if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO ) opt.cid_val_renego = opt.cid_val; - cid_renego_len = strlen( opt.cid_val_renego ) / 2; - if( cid_renego_len > sizeof( cid_renego ) ) + if( mbedtls_test_unhexify( cid_renego, sizeof( cid_renego ), + opt.cid_val_renego, &cid_renego_len ) != 0 ) { - mbedtls_printf( "CID too long\n" ); - goto exit; - } - - if( unhexify( opt.cid_val_renego, cid_renego ) != 0 ) - { - mbedtls_printf( "CID not valid hex\n" ); + mbedtls_printf( "CID not valid\n" ); goto exit; } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3fd065ef0..15346070c 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -70,6 +70,8 @@ int main( void ) #include "mbedtls/psa_util.h" #endif +#include + #include #include #include @@ -1202,52 +1204,6 @@ int sni_callback( void *p_info, mbedtls_ssl_context *ssl, #endif /* SNI_OPTION */ -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) || \ - defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - -#define HEX2NUM( c ) \ - do \ - { \ - if( (c) >= '0' && (c) <= '9' ) \ - (c) -= '0'; \ - else if( (c) >= 'a' && (c) <= 'f' ) \ - (c) -= 'a' - 10; \ - else if( (c) >= 'A' && (c) <= 'F' ) \ - (c) -= 'A' - 10; \ - else \ - return( -1 ); \ - } while( 0 ) - -/* - * Convert a hex string to bytes. - * Return 0 on success, -1 on error. - */ -int unhexify( unsigned char *output, const char *input, size_t *olen ) -{ - unsigned char c; - size_t j; - - *olen = strlen( input ); - if( *olen % 2 != 0 || *olen / 2 > MBEDTLS_PSK_MAX_LEN ) - return( -1 ); - *olen /= 2; - - for( j = 0; j < *olen * 2; j += 2 ) - { - c = input[j]; - HEX2NUM( c ); - output[ j / 2 ] = c << 4; - - c = input[j + 1]; - HEX2NUM( c ); - output[ j / 2 ] |= c; - } - - return( 0 ); -} - -#endif - #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) typedef struct _psk_entry psk_entry; @@ -1319,7 +1275,8 @@ psk_entry *psk_parse( char *psk_string ) GET_ITEM( new->name ); GET_ITEM( key_hex ); - if( unhexify( new->key, key_hex, &new->key_len ) != 0 ) + if( mbedtls_test_unhexify( new->key, MBEDTLS_PSK_MAX_LEN, + key_hex, &new->key_len ) != 0 ) goto error; new->next = cur; @@ -2632,7 +2589,8 @@ int main( int argc, char *argv[] ) } #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - if( unhexify( cid, opt.cid_val, &cid_len ) != 0 ) + if( mbedtls_test_unhexify( cid, sizeof( cid ), + opt.cid_val, &cid_len ) != 0 ) { mbedtls_printf( "CID not valid hex\n" ); goto exit; @@ -2645,7 +2603,8 @@ int main( int argc, char *argv[] ) if( opt.cid_val_renego == DFL_CID_VALUE_RENEGO ) opt.cid_val_renego = opt.cid_val; - if( unhexify( cid_renego, opt.cid_val_renego, &cid_renego_len ) != 0 ) + if( mbedtls_test_unhexify( cid_renego, sizeof( cid_renego ), + opt.cid_val_renego, &cid_renego_len ) != 0 ) { mbedtls_printf( "CID not valid hex\n" ); goto exit; @@ -2656,7 +2615,8 @@ int main( int argc, char *argv[] ) /* * Unhexify the pre-shared key and parse the list if any given */ - if( unhexify( psk, opt.psk, &psk_len ) != 0 ) + if( mbedtls_test_unhexify( psk, sizeof( psk ), + opt.psk, &psk_len ) != 0 ) { mbedtls_printf( "pre-shared key not valid hex\n" ); goto exit; From 00890e3d10535077eb5e8b5b143e9f7c47d1086c Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 23 Jun 2020 16:44:41 +0200 Subject: [PATCH 218/247] programs: psa: Link against mbedcrypto not mbedtls All programs in programs/psa are crypto only thus just link against mbedcrypto instead of mbedtls. Signed-off-by: Ronald Cron --- programs/psa/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index 6ad6dadc4..e519696b1 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -6,7 +6,7 @@ set(executables foreach(exe IN LISTS executables) add_executable(${exe} ${exe}.c $) - target_link_libraries(${exe} mbedtls) + target_link_libraries(${exe} mbedcrypto) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) endforeach() From 78c45dbb0f74f7cba5e19de9e2f98dcd6ca91d68 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 16:34:11 +0200 Subject: [PATCH 219/247] check_test_cases: move "walk" functions into a class Make the structure more Pythonic: use classes for abstraction and refinement, rather than higher-order functions. Convert walk(function, state, data) into instance.walk(data) where instance has a method that implements function and state is a field of instance. No behavior change. Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 132 +++++++++++++++++++----------- 1 file changed, 86 insertions(+), 46 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index f25b602c7..04ade631a 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -76,59 +76,98 @@ def check_description(results, seen, file_name, line_number, description): len(description)) seen[description] = line_number -def walk_test_suite(function, results, descriptions, data_file_name): - """Iterate over the test cases in the given unit test data file. +class TestDescriptionExplorer: + """An iterator over test cases with descriptions. -Call function(results, descriptions, data_file_name, line_number, description) -on each description. +The test cases that have descriptions are: +* Individual unit tests (entries in a .data file) in test suites. +* Individual test cases in ssl-opt.sh. + +This is an abstract class. To use it, derive a class that implements +the process_test_case method, and call walk_all(). """ - in_paragraph = False - with open(data_file_name, 'rb') as data_file: - for line_number, line in enumerate(data_file, 1): - line = line.rstrip(b'\r\n') - if not line: - in_paragraph = False - continue - if line.startswith(b'#'): - continue - if not in_paragraph: - # This is a test case description line. - function(results, descriptions, - data_file_name, line_number, line) - in_paragraph = True -def walk_ssl_opt_sh(function, results, descriptions, file_name): - """Iterate over the test cases in ssl-opt.sh or a file with a similar format. + def process_test_case(self, per_file_state, + file_name, line_number, description): + """Process a test case. -Call function(results, descriptions, file_name, line_number, description) -on each description. +per_file_state: a new object returned by per_file_state() for each file. +file_name: a relative path to the file containing the test case. +line_number: the line number in the given file. +description: the test case description as a byte string. """ - with open(file_name, 'rb') as file_contents: - for line_number, line in enumerate(file_contents, 1): - # Assume that all run_test calls have the same simple form - # with the test description entirely on the same line as the - # function name. - m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line) - if not m: - continue - description = m.group(1) - function(results, descriptions, - file_name, line_number, description) + raise NotImplementedError -def walk_all(function, results): - """Iterate over all named test cases. + def per_file_state(self): + """Return a new per-file state object. -Call function(results, {}, file_name, line_number, description) -on each description. +The default per-file state object is None. Child classes that require per-file +state may override this method. """ - test_directories = collect_test_directories() - for directory in test_directories: - for data_file_name in glob.glob(os.path.join(directory, 'suites', - '*.data')): - walk_test_suite(function, results, {}, data_file_name) - ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') - if os.path.exists(ssl_opt_sh): - walk_ssl_opt_sh(function, results, {}, ssl_opt_sh) + #pylint: disable=no-self-use + return None + + def walk_test_suite(self, data_file_name): + """Iterate over the test cases in the given unit test data file.""" + in_paragraph = False + descriptions = self.per_file_state() # pylint: disable=assignment-from-none + with open(data_file_name, 'rb') as data_file: + for line_number, line in enumerate(data_file, 1): + line = line.rstrip(b'\r\n') + if not line: + in_paragraph = False + continue + if line.startswith(b'#'): + continue + if not in_paragraph: + # This is a test case description line. + self.process_test_case(descriptions, + data_file_name, line_number, line) + in_paragraph = True + + def walk_ssl_opt_sh(self, file_name): + """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" + descriptions = self.per_file_state() # pylint: disable=assignment-from-none + with open(file_name, 'rb') as file_contents: + for line_number, line in enumerate(file_contents, 1): + # Assume that all run_test calls have the same simple form + # with the test description entirely on the same line as the + # function name. + m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line) + if not m: + continue + description = m.group(1) + self.process_test_case(descriptions, + file_name, line_number, description) + + def walk_all(self): + """Iterate over all named test cases.""" + test_directories = collect_test_directories() + for directory in test_directories: + for data_file_name in glob.glob(os.path.join(directory, 'suites', + '*.data')): + self.walk_test_suite(data_file_name) + ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh') + if os.path.exists(ssl_opt_sh): + self.walk_ssl_opt_sh(ssl_opt_sh) + +class DescriptionChecker(TestDescriptionExplorer): + """Check all test case descriptions. + +* Check that each description is valid (length, allowed character set, etc.). +* Check that there is no duplicated description inside of one test suite. +""" + + def __init__(self, results): + self.results = results + + def per_file_state(self): + return {} + + def process_test_case(self, per_file_state, + file_name, line_number, description): + check_description(self.results, per_file_state, + file_name, line_number, description) def main(): parser = argparse.ArgumentParser(description=__doc__) @@ -140,7 +179,8 @@ def main(): help='Show warnings (default: on; undoes --quiet)') options = parser.parse_args() results = Results(options) - walk_all(check_description, results) + checker = DescriptionChecker(results) + checker.walk_all() if (results.warnings or results.errors) and not options.quiet: sys.stderr.write('{}: {} errors, {} warnings\n' .format(sys.argv[0], results.errors, results.warnings)) From 6f6ff3346d971a049def9730c32ee4d7cf93f935 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 16:40:10 +0200 Subject: [PATCH 220/247] check_test_cases: move some functions into the logical class With previous refactorings, some functions are now solely meant to be called from other functions in a particular class. Move them into this class. No behavior change. Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 68 +++++++++++++++---------------- 1 file changed, 34 insertions(+), 34 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 04ade631a..2df4c7a68 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -45,37 +45,6 @@ class Results: .format(file_name, line_number, *args)) self.warnings += 1 -def collect_test_directories(): - """Get the relative path for the TLS and Crypto test directories.""" - if os.path.isdir('tests'): - tests_dir = 'tests' - elif os.path.isdir('suites'): - tests_dir = '.' - elif os.path.isdir('../suites'): - tests_dir = '..' - directories = [tests_dir] - return directories - -def check_description(results, seen, file_name, line_number, description): - """Check test case descriptions for errors.""" - if description in seen: - results.error(file_name, line_number, - 'Duplicate description (also line {})', - seen[description]) - return - if re.search(br'[\t;]', description): - results.error(file_name, line_number, - 'Forbidden character \'{}\' in description', - re.search(br'[\t;]', description).group(0).decode('ascii')) - if re.search(br'[^ -~]', description): - results.error(file_name, line_number, - 'Non-ASCII character in description') - if len(description) > 66: - results.warning(file_name, line_number, - 'Test description too long ({} > 66)', - len(description)) - seen[description] = line_number - class TestDescriptionExplorer: """An iterator over test cases with descriptions. @@ -140,9 +109,21 @@ state may override this method. self.process_test_case(descriptions, file_name, line_number, description) + @staticmethod + def collect_test_directories(): + """Get the relative path for the TLS and Crypto test directories.""" + if os.path.isdir('tests'): + tests_dir = 'tests' + elif os.path.isdir('suites'): + tests_dir = '.' + elif os.path.isdir('../suites'): + tests_dir = '..' + directories = [tests_dir] + return directories + def walk_all(self): """Iterate over all named test cases.""" - test_directories = collect_test_directories() + test_directories = self.collect_test_directories() for directory in test_directories: for data_file_name in glob.glob(os.path.join(directory, 'suites', '*.data')): @@ -162,12 +143,31 @@ class DescriptionChecker(TestDescriptionExplorer): self.results = results def per_file_state(self): + """Dictionary mapping descriptions to their line number.""" return {} def process_test_case(self, per_file_state, file_name, line_number, description): - check_description(self.results, per_file_state, - file_name, line_number, description) + """Check test case descriptions for errors.""" + results = self.results + seen = per_file_state + if description in seen: + results.error(file_name, line_number, + 'Duplicate description (also line {})', + seen[description]) + return + if re.search(br'[\t;]', description): + results.error(file_name, line_number, + 'Forbidden character \'{}\' in description', + re.search(br'[\t;]', description).group(0).decode('ascii')) + if re.search(br'[^ -~]', description): + results.error(file_name, line_number, + 'Non-ASCII character in description') + if len(description) > 66: + results.warning(file_name, line_number, + 'Test description too long ({} > 66)', + len(description)) + seen[description] = line_number def main(): parser = argparse.ArgumentParser(description=__doc__) From 15c2cbfed51f8d24b1c18a0eff4fa52415374a2f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 18:36:28 +0200 Subject: [PATCH 221/247] New script for test outcome analysis This is a new script designed to analyze test outcomes collected during a whole CI run. This commit introduces the script, the code to read the outcome file, and a very simple framework to report errors. It does not perform any actual analysis yet. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 93 +++++++++++++++++++++++++++++++ 1 file changed, 93 insertions(+) create mode 100755 tests/scripts/analyze_outcomes.py diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py new file mode 100755 index 000000000..9d011db55 --- /dev/null +++ b/tests/scripts/analyze_outcomes.py @@ -0,0 +1,93 @@ +#!/usr/bin/env python3 + +"""Analyze the test outcomes from a full CI run. + +This script can also run on outcomes from a partial run, but the results are +less likely to be useful. +""" + +import argparse +import sys +import traceback + +class Results: + """Process analysis results.""" + + def __init__(self): + self.error_count = 0 + self.warning_count = 0 + + @staticmethod + def log(fmt, *args, **kwargs): + sys.stderr.write((fmt + '\n').format(*args, **kwargs)) + + def error(self, fmt, *args, **kwargs): + self.log('Error: ' + fmt, *args, **kwargs) + self.error_count += 1 + + def warning(self, fmt, *args, **kwargs): + self.log('Warning: ' + fmt, *args, **kwargs) + self.warning_count += 1 + +class TestCaseOutcomes: + """The outcomes of one test case across many configurations.""" + # pylint: disable=too-few-public-methods + + def __init__(self): + self.successes = [] + self.failures = [] + + def hits(self): + """Return the number of times a test case has been run. + + This includes passes and failures, but not skips. + """ + return len(self.successes) + len(self.failures) + +def analyze_outcomes(outcomes): + """Run all analyses on the given outcome collection.""" + results = Results() + return results + +def read_outcome_file(outcome_file): + """Parse an outcome file and return an outcome collection. + +An outcome collection is a dictionary mapping keys to TestCaseOutcomes objects. +The keys are the test suite name and the test case description, separated +by a semicolon. +""" + outcomes = {} + with open(outcome_file, 'r', encoding='utf-8') as input_file: + for line in input_file: + (platform, config, suite, case, result, _cause) = line.split(';') + key = ';'.join([suite, case]) + setup = ';'.join([platform, config]) + if key not in outcomes: + outcomes[key] = TestCaseOutcomes() + if result == 'PASS': + outcomes[key].successes.append(setup) + elif result == 'FAIL': + outcomes[key].failures.append(setup) + return outcomes + +def analyze_outcome_file(outcome_file): + """Analyze the given outcome file.""" + outcomes = read_outcome_file(outcome_file) + return analyze_outcomes(outcomes) + +def main(): + try: + parser = argparse.ArgumentParser(description=__doc__) + parser.add_argument('outcomes', metavar='OUTCOMES.CSV', + help='Outcome file to analyze') + options = parser.parse_args() + results = analyze_outcome_file(options.outcomes) + if results.error_count > 0: + sys.exit(1) + except Exception: # pylint: disable=broad-except + # Print the backtrace and exit explicitly with our chosen status. + traceback.print_exc() + sys.exit(120) + +if __name__ == '__main__': + main() From 8d3c70a279917c87d46845fb909032ce5351874d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 25 Jun 2020 18:37:43 +0200 Subject: [PATCH 222/247] Check test case coverage Check that every available test case in the test suites and ssl-opt.sh has been executed at least once. For the time being, only report a warning, because our coverage is incomplete. Once we've updated all.sh to have full coverage, this warning should become an error. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 34 +++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 9d011db55..96599bd53 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -7,9 +7,12 @@ less likely to be useful. """ import argparse +import re import sys import traceback +import check_test_cases + class Results: """Process analysis results.""" @@ -44,9 +47,40 @@ class TestCaseOutcomes: """ return len(self.successes) + len(self.failures) +class TestDescriptions(check_test_cases.TestDescriptionExplorer): + """Collect the available test cases.""" + + def __init__(self): + super().__init__() + self.descriptions = set() + + def process_test_case(self, _per_file_state, + file_name, _line_number, description): + """Record an available test case.""" + base_name = re.sub(r'\.[^.]*$', '', re.sub(r'.*/', '', file_name)) + key = ';'.join([base_name, description.decode('utf-8')]) + self.descriptions.add(key) + +def collect_available_test_cases(): + """Collect the available test cases.""" + explorer = TestDescriptions() + explorer.walk_all() + return sorted(explorer.descriptions) + +def analyze_coverage(results, outcomes): + """Check that all available test cases are executed at least once.""" + available = collect_available_test_cases() + for key in available: + hits = outcomes[key].hits() if key in outcomes else 0 + if hits == 0: + # Make this a warning, not an error, as long as we haven't + # fixed this branch to have full coverage of test cases. + results.warning('Test case not executed: {}', key) + def analyze_outcomes(outcomes): """Run all analyses on the given outcome collection.""" results = Results() + analyze_coverage(results, outcomes) return results def read_outcome_file(outcome_file): From 3d863f263136525d62d7617f34038139bc87b153 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 13:02:30 +0200 Subject: [PATCH 223/247] Document the fields of TestCasesOutcomes Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index 96599bd53..73f16bdb2 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -37,6 +37,10 @@ class TestCaseOutcomes: # pylint: disable=too-few-public-methods def __init__(self): + # Collect a list of witnesses of the test case succeeding or failing. + # Currently we don't do anything with witnesses except count them. + # The format of a witness is determined by the read_outcome_file + # function; it's the platform and configuration joined by ';'. self.successes = [] self.failures = [] From a911b32e2f190ab6842664430f503bf5c20308c4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:40:58 +0200 Subject: [PATCH 224/247] Fix dependency in AES GCM test case The test case was never executed. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_cipher.gcm.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data index 8d728bd06..a4cebd241 100644 --- a/tests/suites/test_suite_cipher.gcm.data +++ b/tests/suites/test_suite_cipher.gcm.data @@ -3,7 +3,7 @@ depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0 AES GCM Decrypt empty buffer -depends_on:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_GCM_C +depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C dec_empty_buf:MBEDTLS_CIPHER_AES_128_GCM:0:0 Aria GCM Decrypt empty buffer From af9dbc9213265477a89bd2c6d44c7bf0423ab9bc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:41:40 +0200 Subject: [PATCH 225/247] Fix dependency in PSA test cases The test cases were never executed. Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto.data | 2 +- tests/suites/test_suite_psa_crypto_metadata.data | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 48bdbed94..2a0573d8b 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -574,7 +574,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBE raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) PSA key policy algorithm2: CTR, CBC -depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC_NOPAD +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC key_policy_alg2:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING PSA key policy algorithm2: ECDH, ECDSA diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index b771e5823..606fb58d2 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -155,7 +155,7 @@ depends_on:MBEDTLS_ARC4_C cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER Cipher: ChaCha20 -depends_on:MBEDTLS_CHACHA_C +depends_on:MBEDTLS_CHACHA20_C cipher_algorithm:PSA_ALG_CHACHA20:ALG_IS_STREAM_CIPHER Cipher: CTR From b20b873bffbbf8aa3ee75a3b79479295252e1a35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:48:06 +0200 Subject: [PATCH 226/247] Remove metadata tests for features that are not implemented The metadata tests depend on the corresponding feature because there is no guarantee that the metadata is correct if the feature is disabled. There are metadata test cases for some algorithms and key types that are declared but not supported. These test cases are present but can never run. It is debatable whether having these test cases is a good thing in case they become runnable in the future, or a bad thing because they're dead code. We're working on detecting test cases that are never executed for accidental reasons (e.g. typo in a dependency or missing configuration on the CI), and having test cases that are deliberately never executed messes this up. So remove these test cases. If we do implement the corresponding feature, it'll be easy to add the corresponding metadata test cases. The features that had metadata tests but no implementations were: * SHA-512/256 and SHA-512/224 (hypothetical dependency: MBEDTLS_SHA512_256) * DSA (hypothetical dependency: MBEDTLS_DSA_C) * SHA-3 and HMAC-SHA-3 (hypothetical dependency: MBEDTLS_SHA3_C) Signed-off-by: Gilles Peskine --- .../test_suite_psa_crypto_metadata.data | 72 ------------------- 1 file changed, 72 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 606fb58d2..96ce3a685 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -34,30 +34,6 @@ Hash: SHA-2 SHA-512 depends_on:MBEDTLS_SHA512_C hash_algorithm:PSA_ALG_SHA_512:64 -Hash: SHA-2 SHA-512/224 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hash_algorithm:PSA_ALG_SHA_512_224:28 - -Hash: SHA-2 SHA-512/256 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hash_algorithm:PSA_ALG_SHA_512_256:32 - -Hash: SHA-3 SHA3-224 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_224:28 - -Hash: SHA-3 SHA3-256 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_256:32 - -Hash: SHA-3 SHA3-384 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_384:48 - -Hash: SHA-3 SHA3-512 -depends_on:MBEDTLS_SHA3_C -hash_algorithm:PSA_ALG_SHA3_512:64 - MAC: HMAC-MD2 depends_on:MBEDTLS_MD2_C hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64 @@ -94,30 +70,6 @@ MAC: HMAC-SHA-512 depends_on:MBEDTLS_SHA512_C hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128 -MAC: HMAC-SHA-512/224 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):28:128 - -MAC: HMAC-SHA-512/256 -depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256 -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):32:128 - -MAC: HMAC-SHA3-224 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):28:144 - -MAC: HMAC-SHA3-256 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):32:136 - -MAC: HMAC-SHA3-384 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):48:104 - -MAC: HMAC-SHA3-512 -depends_on:MBEDTLS_SHA3_C -hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):64:72 - MAC: CBC_MAC-AES-128 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128 @@ -206,14 +158,6 @@ Asymmetric signature: RSA PSS SHA-256 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN -Asymmetric signature: SHA-256 + randomized DSA SHA-256 using SHA-256 -depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C -asymmetric_signature_algorithm:PSA_ALG_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA | ALG_IS_HASH_AND_SIGN - -Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#1] -depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C:MBEDTLS_DSA_DETERMINISTIC -asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN - Asymmetric signature: randomized ECDSA (no hashing) depends_on:MBEDTLS_ECDSA_C asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN @@ -234,14 +178,6 @@ Asymmetric signature: RSA PSS with wildcard hash depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS -Asymmetric signature: randomized DSA with wildcard hash -depends_on:MBEDTLS_DSA_C -asymmetric_signature_wildcard:PSA_ALG_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA - -Asymmetric signature: deterministic DSA with wildcard hash [#1] -depends_on:MBEDTLS_DSA_C:MBEDTLS_DSA_DETERMINISTIC -asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC - Asymmetric signature: randomized ECDSA with wildcard hash depends_on:MBEDTLS_ECDSA_C asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA @@ -343,14 +279,6 @@ Key type: RSA key pair depends_on:MBEDTLS_RSA_C key_type:PSA_KEY_TYPE_RSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_RSA -Key type: DSA public key -depends_on:MBEDTLS_DSA_C -key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA - -Key type: DSA key pair -depends_on:MBEDTLS_DSA_C -key_type:PSA_KEY_TYPE_DSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_DSA - ECC key family: SECP K1 ecc_key_family:PSA_ECC_CURVE_SECP_K1 From 7eefa22fb16f4048c60cb22e556c7567609d8cbf Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 22:54:47 +0200 Subject: [PATCH 227/247] Fix copypasta in test case descriptions Signed-off-by: Gilles Peskine --- tests/suites/test_suite_psa_crypto_metadata.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 96ce3a685..f8889833b 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -166,7 +166,7 @@ Asymmetric signature: SHA-256 + randomized ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN -Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#2] +Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN @@ -182,7 +182,7 @@ Asymmetric signature: randomized ECDSA with wildcard hash depends_on:MBEDTLS_ECDSA_C asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA -Asymmetric signature: deterministic DSA with wildcard hash [#2] +Asymmetric signature: deterministic ECDSA with wildcard hash depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC From dd6bdb505647861da88ea2b001d457127a62d4e6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 26 Jun 2020 16:37:02 +0200 Subject: [PATCH 228/247] cmake: Add comment about mbedtls_test target Signed-off-by: Ronald Cron --- CMakeLists.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index af7400c9f..f7e2ed08b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -238,6 +238,20 @@ list(APPEND libs ${thirdparty_lib}) add_subdirectory(library) +# +# The C files in tests/src directory contain test code shared among test suites +# and programs. This shared test code is compiled and linked to test suites and +# programs objects as a set of compiled objects. The compiled objects are NOT +# built into a library that the test suite and program objects would link +# against as they link against the mbedcrypto, mbedx509 and mbedtls libraries. +# The reason is that such library is expected to have mutual dependencies with +# the aforementioned libraries and that there is as of today no portable way of +# handling such dependencies (only toolchain specific solutions). +# +# Thus the below definition of the `mbedtls_test` CMake library of objects +# target. This library of objects is used by tests and programs CMake files +# to define the test executables. +# if(ENABLE_TESTING OR ENABLE_PROGRAMS) file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c) add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES}) From 1959010c4be11a62d99e95354d9244e8bf3df581 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 26 Jun 2020 11:26:02 +0100 Subject: [PATCH 229/247] Assemble changelog Executed scripts/assemble_changelog.py and manually fixed style where it diverged from the instructions in ChangeLog.d/00README.md. Manually added ChangeLog.d/bugfix_PR3405 which didn't have the .txt extension as prescribed in ChangeLog.d/00README.md and deleted it afterwards. Signed-off-by: Janos Follath --- ChangeLog | 123 ++++++++++++++++++ ChangeLog.d/add_win2k_net_socket.txt | 2 - ChangeLog.d/align-msvc-flags.txt | 3 - ChangeLog.d/bugfix.txt | 4 - ChangeLog.d/bugfix_PR2855.txt | 2 - ChangeLog.d/bugfix_PR3333.txt | 2 - ChangeLog.d/bugfix_PR3405 | 5 - ChangeLog.d/bugfix_PR3421.txt | 2 - ChangeLog.d/bugfix_PR3422.txt | 2 - ChangeLog.d/ecp-internal-rng.txt | 15 --- ChangeLog.d/error-asn1.txt | 2 - ChangeLog.d/error_const.txt | 6 - ChangeLog.d/fix-ecp-mul-memory-leak.txt | 3 - ChangeLog.d/fix-ecp_double_add_mxz.txt | 4 - .../fix-gcc-format-signedness-warnings.txt | 4 - .../fix-masked-hw-record-init-error.txt | 3 - ...fix-null-ptr-deref-in-mbedtls_ssl_free.txt | 3 - ...n-ascii-string-in-mbedtls_x509_dn_gets.txt | 3 - ChangeLog.d/fix-typo-in-xts-test.txt | 2 - .../inline-mbedtls_gcc_group_to_psa.txt | 4 - ChangeLog.d/l13-hw-accel.txt | 7 - ChangeLog.d/make-cpp-check-happy.txt | 3 - ChangeLog.d/max_pathlen.txt | 5 - ChangeLog.d/md_switch.txt | 3 - ChangeLog.d/midipix-support.txt | 2 - ChangeLog.d/montmul-cmp-branch.txt | 6 - ...x509_crt_parse_der_with_ext_cb_routine.txt | 5 - .../pass-unsupported-policies-to-callback.txt | 4 - ChangeLog.d/psa-lifetime-locations.txt | 8 -- ChangeLog.d/remove-extra-assignment.txt | 3 - ChangeLog.d/ssl_context_info.txt | 3 - ChangeLog.d/ssl_write_certificate_request.txt | 3 - ChangeLog.d/sysctl-arnd-support.txt | 2 - ChangeLog.d/tests-common-code.txt | 5 - ChangeLog.d/unified-exit-in-examples.txt | 4 - ChangeLog.d/uniformize_bounds_checks.txt | 9 -- ChangeLog.d/use-find-python3-cmake.txt | 2 - 37 files changed, 123 insertions(+), 145 deletions(-) delete mode 100644 ChangeLog.d/add_win2k_net_socket.txt delete mode 100644 ChangeLog.d/align-msvc-flags.txt delete mode 100644 ChangeLog.d/bugfix.txt delete mode 100644 ChangeLog.d/bugfix_PR2855.txt delete mode 100644 ChangeLog.d/bugfix_PR3333.txt delete mode 100644 ChangeLog.d/bugfix_PR3405 delete mode 100644 ChangeLog.d/bugfix_PR3421.txt delete mode 100644 ChangeLog.d/bugfix_PR3422.txt delete mode 100644 ChangeLog.d/ecp-internal-rng.txt delete mode 100644 ChangeLog.d/error-asn1.txt delete mode 100644 ChangeLog.d/error_const.txt delete mode 100644 ChangeLog.d/fix-ecp-mul-memory-leak.txt delete mode 100644 ChangeLog.d/fix-ecp_double_add_mxz.txt delete mode 100644 ChangeLog.d/fix-gcc-format-signedness-warnings.txt delete mode 100644 ChangeLog.d/fix-masked-hw-record-init-error.txt delete mode 100644 ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt delete mode 100644 ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt delete mode 100644 ChangeLog.d/fix-typo-in-xts-test.txt delete mode 100644 ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt delete mode 100644 ChangeLog.d/l13-hw-accel.txt delete mode 100644 ChangeLog.d/make-cpp-check-happy.txt delete mode 100644 ChangeLog.d/max_pathlen.txt delete mode 100644 ChangeLog.d/md_switch.txt delete mode 100644 ChangeLog.d/midipix-support.txt delete mode 100644 ChangeLog.d/montmul-cmp-branch.txt delete mode 100644 ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt delete mode 100644 ChangeLog.d/pass-unsupported-policies-to-callback.txt delete mode 100644 ChangeLog.d/psa-lifetime-locations.txt delete mode 100644 ChangeLog.d/remove-extra-assignment.txt delete mode 100644 ChangeLog.d/ssl_context_info.txt delete mode 100644 ChangeLog.d/ssl_write_certificate_request.txt delete mode 100644 ChangeLog.d/sysctl-arnd-support.txt delete mode 100644 ChangeLog.d/tests-common-code.txt delete mode 100644 ChangeLog.d/unified-exit-in-examples.txt delete mode 100644 ChangeLog.d/uniformize_bounds_checks.txt delete mode 100644 ChangeLog.d/use-find-python3-cmake.txt diff --git a/ChangeLog b/ChangeLog index 062a1ad32..e18ef0bd5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,128 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Default behavior changes + * In the experimental PSA secure element interface, change the encoding of + key lifetimes to encode a persistence level and the location. Although C + prototypes do not effectively change, code calling + psa_register_se_driver() must be modified to pass the driver's location + instead of the keys' lifetime. If the library is upgraded on an existing + device, keys created with the old lifetime value will not be readable or + removable through Mbed TLS after the upgrade. + +Features + * New functions in the error module return constant strings for + high- and low-level error codes, complementing mbedtls_strerror() + which constructs a string for any error code, including compound + ones, but requires a writable buffer. Contributed by Gaurav Aggarwal + in #3176. + * The new utility programs/ssl/ssl_context_info prints a human-readable + dump of an SSL context saved with mbedtls_ssl_context_save(). + * Add support for midipix, a POSIX layer for Microsoft Windows. + * Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows + parsing unsupported certificate extensions via user provided callback. + Contributed by Nicola Di Lieto in #3243 as + a solution to #3241. + * Pass the "certificate policies" extension to the callback supplied to + mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported + policies (#3419). + * Added support to entropy_poll for the kern.arandom syscall supported on + some BSD systems. Contributed by Nia Alarie in #3423. + * Add support for Windows 2000 in net_sockets. Contributed by opatomic. #3239 + +Security + * Fix a side channel vulnerability in modular exponentiation that could + reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, + Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute + of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul + Strackx (Fortanix) in #3394. + * Fix side channel in mbedtls_ecp_check_pub_priv() and + mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a + private key that didn't include the uncompressed public key), as well as + mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL + f_rng argument. An attacker with access to precise enough timing and + memory access information (typically an untrusted operating system + attacking a secure enclave) could fully recover the ECC private key. + Found and reported by Alejandro Cabrera Aldaya and Billy Brumley. + * Fix issue in Lucky 13 counter-measure that could make it ineffective when + hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT + macros). This would cause the original Lucky 13 attack to be possible in + those configurations, allowing an active network attacker to recover + plaintext after repeated timing measurements under some conditions. + Reported and fix suggested by Luc Perneel in #3246. + +Bugfix + * Fix the Visual Studio Release x64 build configuration for mbedtls itself. + Completes a previous fix in Mbed TLS 2.19 that only fixed the build for + the example programs. Reported in #1430 and fix contributed by irwir. + * Fix undefined behavior in X.509 certificate parsing if the + pathLenConstraint basic constraint value is equal to INT_MAX. + The actual effect with almost every compiler is the intended + behavior, so this is unlikely to be exploitable anywhere. #3192 + * Fix issue with a detected HW accelerated record error not being exposed + due to shadowed variable. Contributed by Sander Visser in #3310. + * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a + NULL pointer argument. Contributed by Sander Visser in #3312. + * Fix potential linker errors on dual world platforms by inlining + mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately + from psa_crypto.c. Fixes #3300. + * Remove dead code in X.509 certificate parsing. Contributed by irwir in + #2855. + * Include asn1.h in error.c. Fixes #3328 reported by David Hu. + * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() + when PRNG function fails. Contributed by Jonas Lejeune in #3318. + * Remove unused macros from MSVC projects. Reported in #3297 and fix + submitted in #3333 by irwir. + * Add additional bounds checks in ssl_write_client_hello() preventing + output buffer overflow if the configuration declared a buffer that was + too small. + * Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and + fix submitted in #3421 by Nia Alarie. + * Fix building library/net_sockets.c and the ssl_mail_client program on + NetBSD. Contributed by Nia Alarie in #3422. + * Fix false positive uninitialised variable reported by cpp-check. + Contributed by Sander Visser in #3311. + * Update iv and len context pointers manually when reallocating buffers + using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues + when receiving a connection with CID, when these fields were shifted + in ssl_parse_record_header(). + +Changes + * Fix warnings about signedness issues in format strings. The build is now + clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen + in #3153. + * Fix minor performance issue in operations on Curve25519 caused by using a + suboptimal modular reduction in one place. Found and fix contributed by + Aurelien Jarno in #3209. + * Combine identical cases in switch statements in md.c. Contributed + by irwir in #3208. + * Simplify a bounds check in ssl_write_certificate_request(). Contributed + by irwir in #3150. + * Unify the example programs termination to call mbedtls_exit() instead of + using a return command. This has been done to enable customization of the + behavior in bare metal environments. + * Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?". + Contributed by Koh M. Nakagawa in #3326. + * Use FindPython3 when cmake version >= 3.15.0 + * Abort the ClientHello writing function as soon as some extension doesn't + fit into the record buffer. Previously, such extensions were silently + dropped. As a consequence, the TLS handshake now fails when the output + buffer is not large enough to hold the ClientHello. + * The unit tests now rely on header files in tests/include/test and source + files in tests/src. When building with make or cmake, the files in + tests/src are compiled and the resulting object linked into each test + executable. + * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on + `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel + coutermeasures. If side channels are not a concern, this dependency can + be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. + * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes + Martinho. #3147 + * Remove superfluous assignment in mbedtls_ssl_parse_certificate(). Reported + in #3182 and fix submitted by irwir. #3217 + * Fix typo in XTS tests. Reported and fix submitted by Kxuan. #3319 + = mbed TLS 2.22.0 branch released 2020-04-14 New deprecations diff --git a/ChangeLog.d/add_win2k_net_socket.txt b/ChangeLog.d/add_win2k_net_socket.txt deleted file mode 100644 index 9842c5d87..000000000 --- a/ChangeLog.d/add_win2k_net_socket.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add support for Windows 2000 in net_sockets. Contributed by opatomic. #3239 diff --git a/ChangeLog.d/align-msvc-flags.txt b/ChangeLog.d/align-msvc-flags.txt deleted file mode 100644 index 02de3fd34..000000000 --- a/ChangeLog.d/align-msvc-flags.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Align MSVC error flag with GCC and Clang. Contributed by Carlos Gomes - Martinho. #3147 diff --git a/ChangeLog.d/bugfix.txt b/ChangeLog.d/bugfix.txt deleted file mode 100644 index 922bd318b..000000000 --- a/ChangeLog.d/bugfix.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix the Visual Studio Release x64 build configuration for mbedtls itself. - Completes a previous fix in Mbed TLS 2.19 that only fixed the build for - the example programs. Reported in #1430 and fix contributed by irwir. diff --git a/ChangeLog.d/bugfix_PR2855.txt b/ChangeLog.d/bugfix_PR2855.txt deleted file mode 100644 index 6e29710ec..000000000 --- a/ChangeLog.d/bugfix_PR2855.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Remove dead code in X.509 certificate parsing. Contributed by irwir in #2855. diff --git a/ChangeLog.d/bugfix_PR3333.txt b/ChangeLog.d/bugfix_PR3333.txt deleted file mode 100644 index 90766ac71..000000000 --- a/ChangeLog.d/bugfix_PR3333.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Remove unused macros from MSVC projects. Reported in #3297 and fix submitted in #3333 by irwir. diff --git a/ChangeLog.d/bugfix_PR3405 b/ChangeLog.d/bugfix_PR3405 deleted file mode 100644 index 73c57c081..000000000 --- a/ChangeLog.d/bugfix_PR3405 +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Update iv and len context pointers manually when reallocating buffers - using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues - when receiving a connection with CID, when these fields were shifted - in ssl_parse_record_header(). diff --git a/ChangeLog.d/bugfix_PR3421.txt b/ChangeLog.d/bugfix_PR3421.txt deleted file mode 100644 index b52dee00f..000000000 --- a/ChangeLog.d/bugfix_PR3421.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and fix submitted in #3421 by Nia Alarie. diff --git a/ChangeLog.d/bugfix_PR3422.txt b/ChangeLog.d/bugfix_PR3422.txt deleted file mode 100644 index dfe152c36..000000000 --- a/ChangeLog.d/bugfix_PR3422.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Fix building library/net_sockets.c and the ssl_mail_client program on NetBSD. Contributed by Nia Alarie in #3422. diff --git a/ChangeLog.d/ecp-internal-rng.txt b/ChangeLog.d/ecp-internal-rng.txt deleted file mode 100644 index c0419acad..000000000 --- a/ChangeLog.d/ecp-internal-rng.txt +++ /dev/null @@ -1,15 +0,0 @@ -Changes - * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on - `MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel - coutermeasures. If side channels are not a concern, this dependency can - be avoided by enabling the new option `MBEDTLS_ECP_NO_INTERNAL_RNG`. - -Security - * Fix side channel in mbedtls_ecp_check_pub_priv() and - mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a - private key that didn't include the uncompressed public key), as well as - mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL - f_rng argument. An attacker with access to precise enough timing and - memory access information (typically an untrusted operating system - attacking a secure enclave) could fully recover the ECC private key. - Found and reported by Alejandro Cabrera Aldaya and Billy Brumley. diff --git a/ChangeLog.d/error-asn1.txt b/ChangeLog.d/error-asn1.txt deleted file mode 100644 index c165696fd..000000000 --- a/ChangeLog.d/error-asn1.txt +++ /dev/null @@ -1,2 +0,0 @@ -Bugfix - * Include asn1.h in error.c. Fixes #3328 reported by David Hu. diff --git a/ChangeLog.d/error_const.txt b/ChangeLog.d/error_const.txt deleted file mode 100644 index e0086b74c..000000000 --- a/ChangeLog.d/error_const.txt +++ /dev/null @@ -1,6 +0,0 @@ -Features - * New functions in the error module return constant strings for - high- and low-level error codes, complementing mbedtls_strerror() - which constructs a string for any error code, including compound - ones, but requires a writable buffer. Contributed by Gaurav Aggarwal - in #3176. diff --git a/ChangeLog.d/fix-ecp-mul-memory-leak.txt b/ChangeLog.d/fix-ecp-mul-memory-leak.txt deleted file mode 100644 index e82cadc2d..000000000 --- a/ChangeLog.d/fix-ecp-mul-memory-leak.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz() - when PRNG function fails. Contributed by Jonas Lejeune in #3318. diff --git a/ChangeLog.d/fix-ecp_double_add_mxz.txt b/ChangeLog.d/fix-ecp_double_add_mxz.txt deleted file mode 100644 index 91531b2bb..000000000 --- a/ChangeLog.d/fix-ecp_double_add_mxz.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Fix minor performance issue in operations on Curve25519 caused by using a - suboptimal modular reduction in one place. Found and fix contributed by - Aurelien Jarno in #3209. diff --git a/ChangeLog.d/fix-gcc-format-signedness-warnings.txt b/ChangeLog.d/fix-gcc-format-signedness-warnings.txt deleted file mode 100644 index 2d22b942d..000000000 --- a/ChangeLog.d/fix-gcc-format-signedness-warnings.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Fix warnings about signedness issues in format strings. The build is now - clean of -Wformat-signedness warnings. Contributed by Kenneth Soerensen - in #3153. diff --git a/ChangeLog.d/fix-masked-hw-record-init-error.txt b/ChangeLog.d/fix-masked-hw-record-init-error.txt deleted file mode 100644 index 2ef80daae..000000000 --- a/ChangeLog.d/fix-masked-hw-record-init-error.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix issue with a detected HW accelerated record error not being exposed - due to shadowed variable. Contributed by Sander Visser in #3310. diff --git a/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt b/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt deleted file mode 100644 index e631f4d02..000000000 --- a/ChangeLog.d/fix-null-ptr-deref-in-mbedtls_ssl_free.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Avoid NULL pointer dereferencing if mbedtls_ssl_free() is called with a - NULL pointer argument. Contributed by Sander Visser in #3312. diff --git a/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt b/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt deleted file mode 100644 index 6be1e5b54..000000000 --- a/ChangeLog.d/fix-print-non-ascii-string-in-mbedtls_x509_dn_gets.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Fix mbedtls_x509_dn_gets to escape non-ASCII characters as "?". - Contributed by Koh M. Nakagawa in #3326. diff --git a/ChangeLog.d/fix-typo-in-xts-test.txt b/ChangeLog.d/fix-typo-in-xts-test.txt deleted file mode 100644 index 4711b8cf9..000000000 --- a/ChangeLog.d/fix-typo-in-xts-test.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Fix typo in XTS tests. Reported and fix submitted by Kxuan. #3319 diff --git a/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt b/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt deleted file mode 100644 index d0bd1dc6a..000000000 --- a/ChangeLog.d/inline-mbedtls_gcc_group_to_psa.txt +++ /dev/null @@ -1,4 +0,0 @@ -Bugfix - * Fix potential linker errors on dual world platforms by inlining - mbedtls_gcc_group_to_psa(). This allows the pk.c module to link separately - from psa_crypto.c. Fixes #3300. diff --git a/ChangeLog.d/l13-hw-accel.txt b/ChangeLog.d/l13-hw-accel.txt deleted file mode 100644 index 53c79243b..000000000 --- a/ChangeLog.d/l13-hw-accel.txt +++ /dev/null @@ -1,7 +0,0 @@ -Security - * Fix issue in Lucky 13 counter-measure that could make it ineffective when - hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT - macros). This would cause the original Lucky 13 attack to be possible in - those configurations, allowing an active network attacker to recover - plaintext after repeated timing measurements under some conditions. - Reported and fix suggested by Luc Perneel in #3246. diff --git a/ChangeLog.d/make-cpp-check-happy.txt b/ChangeLog.d/make-cpp-check-happy.txt deleted file mode 100644 index 2ae74cb0a..000000000 --- a/ChangeLog.d/make-cpp-check-happy.txt +++ /dev/null @@ -1,3 +0,0 @@ -Bugfix - * Fix false positive uninitialised variable reported by cpp-check. - Contributed by Sander Visser in #3311. diff --git a/ChangeLog.d/max_pathlen.txt b/ChangeLog.d/max_pathlen.txt deleted file mode 100644 index 08f9c65a8..000000000 --- a/ChangeLog.d/max_pathlen.txt +++ /dev/null @@ -1,5 +0,0 @@ -Bugfix - * Fix undefined behavior in X.509 certificate parsing if the - pathLenConstraint basic constraint value is equal to INT_MAX. - The actual effect with almost every compiler is the intended - behavior, so this is unlikely to be exploitable anywhere. #3192 diff --git a/ChangeLog.d/md_switch.txt b/ChangeLog.d/md_switch.txt deleted file mode 100644 index a4d369b51..000000000 --- a/ChangeLog.d/md_switch.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Combine identical cases in switch statements in md.c. Contributed - by irwir in #3208. diff --git a/ChangeLog.d/midipix-support.txt b/ChangeLog.d/midipix-support.txt deleted file mode 100644 index 53599abe4..000000000 --- a/ChangeLog.d/midipix-support.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Add support for midipix, a POSIX layer for Microsoft Windows. diff --git a/ChangeLog.d/montmul-cmp-branch.txt b/ChangeLog.d/montmul-cmp-branch.txt deleted file mode 100644 index 59945188a..000000000 --- a/ChangeLog.d/montmul-cmp-branch.txt +++ /dev/null @@ -1,6 +0,0 @@ -Security - * Fix a side channel vulnerability in modular exponentiation that could - reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, - Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute - of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul - Strackx (Fortanix) in #3394. diff --git a/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt b/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt deleted file mode 100644 index fdea746de..000000000 --- a/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt +++ /dev/null @@ -1,5 +0,0 @@ -Features - * Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows - parsing unsupported certificate extensions via user provided callback. - Contributed by Nicola Di Lieto in #3243 as - a solution to #3241. diff --git a/ChangeLog.d/pass-unsupported-policies-to-callback.txt b/ChangeLog.d/pass-unsupported-policies-to-callback.txt deleted file mode 100644 index d139b4c18..000000000 --- a/ChangeLog.d/pass-unsupported-policies-to-callback.txt +++ /dev/null @@ -1,4 +0,0 @@ -Features - * Pass the "certificate policies" extension to the callback supplied to - mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported - policies (#3419). diff --git a/ChangeLog.d/psa-lifetime-locations.txt b/ChangeLog.d/psa-lifetime-locations.txt deleted file mode 100644 index 6ac02bc61..000000000 --- a/ChangeLog.d/psa-lifetime-locations.txt +++ /dev/null @@ -1,8 +0,0 @@ -Default behavior changes - * In the experimental PSA secure element interface, change the encoding of - key lifetimes to encode a persistence level and the location. Although C - prototypes do not effectively change, code calling - psa_register_se_driver() must be modified to pass the driver's location - instead of the keys' lifetime. If the library is upgraded on an existing - device, keys created with the old lifetime value will not be readable or - removable through Mbed TLS after the upgrade. diff --git a/ChangeLog.d/remove-extra-assignment.txt b/ChangeLog.d/remove-extra-assignment.txt deleted file mode 100644 index a98c42347..000000000 --- a/ChangeLog.d/remove-extra-assignment.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Remove superfluous assignment in mbedtls_ssl_parse_certificate(). Reported - in #3182 and fix submitted by irwir. #3217 diff --git a/ChangeLog.d/ssl_context_info.txt b/ChangeLog.d/ssl_context_info.txt deleted file mode 100644 index 6a15061fa..000000000 --- a/ChangeLog.d/ssl_context_info.txt +++ /dev/null @@ -1,3 +0,0 @@ -Features - * The new utility programs/ssl/ssl_context_info prints a human-readable - dump of an SSL context saved with mbedtls_ssl_context_save(). diff --git a/ChangeLog.d/ssl_write_certificate_request.txt b/ChangeLog.d/ssl_write_certificate_request.txt deleted file mode 100644 index 2d3067aba..000000000 --- a/ChangeLog.d/ssl_write_certificate_request.txt +++ /dev/null @@ -1,3 +0,0 @@ -Changes - * Simplify a bounds check in ssl_write_certificate_request(). Contributed - by irwir in #3150. diff --git a/ChangeLog.d/sysctl-arnd-support.txt b/ChangeLog.d/sysctl-arnd-support.txt deleted file mode 100644 index 14ad67412..000000000 --- a/ChangeLog.d/sysctl-arnd-support.txt +++ /dev/null @@ -1,2 +0,0 @@ -Features - * Added support to entropy_poll for the kern.arandom syscall supported on some BSD systems. Contributed by Nia Alarie in #3423. diff --git a/ChangeLog.d/tests-common-code.txt b/ChangeLog.d/tests-common-code.txt deleted file mode 100644 index 0af2da526..000000000 --- a/ChangeLog.d/tests-common-code.txt +++ /dev/null @@ -1,5 +0,0 @@ -Changes - * The unit tests now rely on header files in tests/include/test and source - files in tests/src. When building with make or cmake, the files in - tests/src are compiled and the resulting object linked into each test - executable. diff --git a/ChangeLog.d/unified-exit-in-examples.txt b/ChangeLog.d/unified-exit-in-examples.txt deleted file mode 100644 index 3ef9798ad..000000000 --- a/ChangeLog.d/unified-exit-in-examples.txt +++ /dev/null @@ -1,4 +0,0 @@ -Changes - * Unify the example programs termination to call mbedtls_exit() instead of - using a return command. This has been done to enable customization of the - behavior in bare metal environments. diff --git a/ChangeLog.d/uniformize_bounds_checks.txt b/ChangeLog.d/uniformize_bounds_checks.txt deleted file mode 100644 index 210ab1051..000000000 --- a/ChangeLog.d/uniformize_bounds_checks.txt +++ /dev/null @@ -1,9 +0,0 @@ -Bugfix - * Add additional bounds checks in ssl_write_client_hello() preventing - output buffer overflow if the configuration declared a buffer that was - too small. -Changes - * Abort the ClientHello writing function as soon as some extension doesn't - fit into the record buffer. Previously, such extensions were silently - dropped. As a consequence, the TLS handshake now fails when the output - buffer is not large enough to hold the ClientHello. diff --git a/ChangeLog.d/use-find-python3-cmake.txt b/ChangeLog.d/use-find-python3-cmake.txt deleted file mode 100644 index 36a5171ee..000000000 --- a/ChangeLog.d/use-find-python3-cmake.txt +++ /dev/null @@ -1,2 +0,0 @@ -Changes - * Use FindPython3 when cmake version >= 3.15.0 From 0435cd8c232b9f8399db3153eef9d71abe77b636 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 26 Jun 2020 12:26:55 +0100 Subject: [PATCH 230/247] Bump version to Mbed TLS 2.23.0 Executed "./scripts/bump_version.sh --version 2.23.0 --so-crypto 5" A symbol has been removed from the mbedcrypto library since the last release: mbedtls_ecc_group_to_psa ( enum mbedtls_ecp_group_id grpid, size_t* bits ) This is an ABI break and we need to increase the SO version. Signed-off-by: Janos Follath --- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 8 ++++---- library/CMakeLists.txt | 6 +++--- library/Makefile | 2 +- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 749d5c1eb..27a840a5b 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -24,7 +24,7 @@ */ /** - * @mainpage mbed TLS v2.22.0 source code documentation + * @mainpage mbed TLS v2.23.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 418318da5..e89021a21 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.22.0" +PROJECT_NAME = "mbed TLS v2.23.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index b89e36efd..0ae4d2271 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -39,7 +39,7 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 22 +#define MBEDTLS_VERSION_MINOR 23 #define MBEDTLS_VERSION_PATCH 0 /** @@ -47,9 +47,9 @@ * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02160000 -#define MBEDTLS_VERSION_STRING "2.22.0" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.22.0" +#define MBEDTLS_VERSION_NUMBER 0x02170000 +#define MBEDTLS_VERSION_STRING "2.23.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.23.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index f6a186fae..05196e86c 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -181,19 +181,19 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.22.0 SOVERSION 4) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.23.0 SOVERSION 5) target_link_libraries(mbedcrypto ${libs}) target_include_directories(mbedcrypto PUBLIC ${MBEDTLS_DIR}/include/) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.22.0 SOVERSION 1) + set_target_properties(mbedx509 PROPERTIES VERSION 2.23.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) target_include_directories(mbedx509 PUBLIC ${MBEDTLS_DIR}/include/) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.22.0 SOVERSION 13) + set_target_properties(mbedtls PROPERTIES VERSION 2.23.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) target_include_directories(mbedtls PUBLIC ${MBEDTLS_DIR}/include/) diff --git a/library/Makefile b/library/Makefile index dbdd3b679..87ea56d37 100644 --- a/library/Makefile +++ b/library/Makefile @@ -37,7 +37,7 @@ endif SOEXT_TLS=so.13 SOEXT_X509=so.1 -SOEXT_CRYPTO=so.4 +SOEXT_CRYPTO=so.5 # Set AR_DASH= (empty string) to use an ar implementation that does not accept # the - prefix for command line options (e.g. llvm-ar) diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 5dc81d334..846ebb731 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.22.0" +check_compiletime_version:"2.23.0" Check runtime library version -check_runtime_version:"2.22.0" +check_runtime_version:"2.23.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From 13cba685be200410907e7652fc79fd3209a4d1ab Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 26 Jun 2020 12:40:52 +0100 Subject: [PATCH 231/247] Update ChangeLog header. Signed-off-by: Janos Follath --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index e18ef0bd5..32853ce43 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.23.0 branch released 2020-07-01 Default behavior changes * In the experimental PSA secure element interface, change the encoding of From 66c3dc44f20a395456ad3f93de55e00873717688 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jun 2020 02:25:17 +0200 Subject: [PATCH 232/247] Include the library directory for the sake of 3rdparty When compiling library files under `3rdparty/`, the directory containing the `.c` file that is being compiled is not the current directory, so headers from the `library/` directory are not found. Fix this by adding `.` to the include path. This was not detected until now because as of this commit, no 3rdparty source file requires a header under `library/`. Signed-off-by: Gilles Peskine --- library/Makefile | 2 +- scripts/generate_visualc_files.pl | 11 ++++++++++- visualc/VS2010/mbedTLS.vcxproj | 8 ++++---- 3 files changed, 15 insertions(+), 6 deletions(-) diff --git a/library/Makefile b/library/Makefile index dbdd3b679..801304bbe 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,7 +5,7 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = ifdef DEBUG diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 8bf8de99e..a3a2925da 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -64,6 +64,15 @@ my @include_directories = qw( ); my $include_directories = join(';', map {"../../$_"} @include_directories); +# Directories to add to the include path when building the library, but not +# when building tests or applications. +my @library_include_directories = qw( + library +); +my $library_include_directories = + join(';', map {"../../$_"} (@library_include_directories, + @include_directories)); + my @excluded_files = qw( 3rdparty/everest/library/Hacl_Curve25519.c ); @@ -202,7 +211,7 @@ sub gen_main_file { my $out = slurp_file( $main_tpl ); $out =~ s/SOURCE_ENTRIES\r\n/$source_entries/m; $out =~ s/HEADER_ENTRIES\r\n/$header_entries/m; - $out =~ s/INCLUDE_DIRECTORIES\r\n/$include_directories/g; + $out =~ s/INCLUDE_DIRECTORIES\r\n/$library_include_directories/g; content_to_file( $out, $main_out ); } diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 98b99138f..4422b7a2d 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -84,7 +84,7 @@ Disabled _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include CompileAsC @@ -98,7 +98,7 @@ Disabled _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include CompileAsC @@ -114,7 +114,7 @@ true NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Windows @@ -131,7 +131,7 @@ true WIN64;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) -../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include +../../library;../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include Windows From db09ef6d22f3043536910833c43faf425a7e0401 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 3 Jun 2020 01:43:33 +0200 Subject: [PATCH 233/247] Include common.h instead of config.h in library source files In library source files, include "common.h", which takes care of including "mbedtls/config.h" (or the alternative MBEDTLS_CONFIG_FILE) and other things that are used throughout the library. FROM=$'#if !defined(MBEDTLS_CONFIG_FILE)\n#include "mbedtls/config.h"\n#else\n#include MBEDTLS_CONFIG_FILE\n#endif' perl -i -0777 -pe 's~\Q$ENV{FROM}~#include "common.h"~' library/*.c 3rdparty/*/library/*.c scripts/data_files/error.fmt scripts/data_files/version_features.fmt Signed-off-by: Gilles Peskine --- 3rdparty/everest/library/Hacl_Curve25519_joined.c | 6 +----- 3rdparty/everest/library/everest.c | 6 +----- 3rdparty/everest/library/x25519.c | 6 +----- library/aes.c | 6 +----- library/aesni.c | 6 +----- library/arc4.c | 6 +----- library/aria.c | 6 +----- library/asn1parse.c | 6 +----- library/asn1write.c | 6 +----- library/base64.c | 6 +----- library/bignum.c | 6 +----- library/blowfish.c | 6 +----- library/camellia.c | 6 +----- library/ccm.c | 6 +----- library/certs.c | 6 +----- library/chacha20.c | 6 +----- library/chachapoly.c | 6 +----- library/cipher.c | 6 +----- library/cipher_wrap.c | 6 +----- library/cmac.c | 6 +----- library/ctr_drbg.c | 6 +----- library/debug.c | 6 +----- library/des.c | 6 +----- library/dhm.c | 6 +----- library/ecdh.c | 6 +----- library/ecdsa.c | 6 +----- library/ecjpake.c | 6 +----- library/ecp.c | 6 +----- library/ecp_curves.c | 6 +----- library/entropy.c | 6 +----- library/entropy_poll.c | 6 +----- library/error.c | 6 +----- library/gcm.c | 6 +----- library/havege.c | 6 +----- library/hkdf.c | 6 +----- library/hmac_drbg.c | 6 +----- library/md.c | 6 +----- library/md2.c | 6 +----- library/md4.c | 6 +----- library/md5.c | 6 +----- library/memory_buffer_alloc.c | 6 +----- library/net_sockets.c | 6 +----- library/nist_kw.c | 6 +----- library/oid.c | 6 +----- library/padlock.c | 6 +----- library/pem.c | 6 +----- library/pk.c | 6 +----- library/pk_wrap.c | 6 +----- library/pkcs12.c | 6 +----- library/pkcs5.c | 6 +----- library/pkparse.c | 6 +----- library/pkwrite.c | 6 +----- library/platform.c | 6 +----- library/platform_util.c | 6 +----- library/poly1305.c | 6 +----- library/psa_crypto.c | 6 +----- library/psa_crypto_se.c | 6 +----- library/psa_crypto_slot_management.c | 6 +----- library/ripemd160.c | 6 +----- library/rsa.c | 6 +----- library/rsa_internal.c | 6 +----- library/sha1.c | 6 +----- library/sha256.c | 6 +----- library/sha512.c | 6 +----- library/ssl_cache.c | 6 +----- library/ssl_ciphersuites.c | 6 +----- library/ssl_cli.c | 6 +----- library/ssl_cookie.c | 6 +----- library/ssl_msg.c | 6 +----- library/ssl_srv.c | 6 +----- library/ssl_ticket.c | 6 +----- library/ssl_tls.c | 6 +----- library/threading.c | 6 +----- library/timing.c | 6 +----- library/version.c | 6 +----- library/version_features.c | 6 +----- library/x509.c | 6 +----- library/x509_create.c | 6 +----- library/x509_crl.c | 6 +----- library/x509_crt.c | 6 +----- library/x509_csr.c | 6 +----- library/x509write_crt.c | 6 +----- library/x509write_csr.c | 6 +----- library/xtea.c | 6 +----- scripts/data_files/error.fmt | 6 +----- scripts/data_files/version_features.fmt | 6 +----- 86 files changed, 86 insertions(+), 430 deletions(-) diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c index 18b32d200..ee62be1ce 100644 --- a/3rdparty/everest/library/Hacl_Curve25519_joined.c +++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) diff --git a/3rdparty/everest/library/everest.c b/3rdparty/everest/library/everest.c index 2e2422f3e..82c4e03ad 100644 --- a/3rdparty/everest/library/everest.c +++ b/3rdparty/everest/library/everest.c @@ -19,11 +19,7 @@ * This file is part of Mbed TLS (https://tls.mbed.org). */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c index 990bb4d6d..9faa9ab7d 100644 --- a/3rdparty/everest/library/x25519.c +++ b/3rdparty/everest/library/x25519.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDH_C) && defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED) diff --git a/library/aes.c b/library/aes.c index 962b0b92a..80e8134ba 100644 --- a/library/aes.c +++ b/library/aes.c @@ -25,11 +25,7 @@ * http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_AES_C) diff --git a/library/aesni.c b/library/aesni.c index 062708b04..e0d8a69ec 100644 --- a/library/aesni.c +++ b/library/aesni.c @@ -24,11 +24,7 @@ * [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/ */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_AESNI_C) diff --git a/library/arc4.c b/library/arc4.c index b8998ac6c..2109bb2c0 100644 --- a/library/arc4.c +++ b/library/arc4.c @@ -24,11 +24,7 @@ * http://groups.google.com/group/sci.crypt/msg/10a300c9d21afca0 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ARC4_C) diff --git a/library/aria.c b/library/aria.c index aff66d667..107be27cf 100644 --- a/library/aria.c +++ b/library/aria.c @@ -25,11 +25,7 @@ * [2] https://tools.ietf.org/html/rfc5794 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ARIA_C) diff --git a/library/asn1parse.c b/library/asn1parse.c index 34c660775..fe62bc683 100644 --- a/library/asn1parse.c +++ b/library/asn1parse.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ASN1_PARSE_C) diff --git a/library/asn1write.c b/library/asn1write.c index 503db930b..3c411802e 100644 --- a/library/asn1write.c +++ b/library/asn1write.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ASN1_WRITE_C) diff --git a/library/base64.c b/library/base64.c index f06b57b31..3921c4611 100644 --- a/library/base64.c +++ b/library/base64.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_BASE64_C) diff --git a/library/bignum.c b/library/bignum.c index d9ab6f68b..2ab71ca4e 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -35,11 +35,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_BIGNUM_C) diff --git a/library/blowfish.c b/library/blowfish.c index cbf923824..7c9b1a65a 100644 --- a/library/blowfish.c +++ b/library/blowfish.c @@ -25,11 +25,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_BLOWFISH_C) diff --git a/library/camellia.c b/library/camellia.c index 22262b89a..764e4f8a8 100644 --- a/library/camellia.c +++ b/library/camellia.c @@ -25,11 +25,7 @@ * http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/01espec.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CAMELLIA_C) diff --git a/library/ccm.c b/library/ccm.c index eaef106a1..25a627b0a 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -28,11 +28,7 @@ * RFC 5116 "An Interface and Algorithms for Authenticated Encryption" */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CCM_C) diff --git a/library/certs.c b/library/certs.c index f152c283a..fa11d5c95 100644 --- a/library/certs.c +++ b/library/certs.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include "mbedtls/certs.h" diff --git a/library/chacha20.c b/library/chacha20.c index 343b2167c..bda39b2ae 100644 --- a/library/chacha20.c +++ b/library/chacha20.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CHACHA20_C) diff --git a/library/chachapoly.c b/library/chachapoly.c index f0af5ded2..d51227a55 100644 --- a/library/chachapoly.c +++ b/library/chachapoly.c @@ -20,11 +20,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CHACHAPOLY_C) diff --git a/library/cipher.c b/library/cipher.c index 409c3fe67..acbda26b7 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CIPHER_C) diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c index a813426be..e5ee7ff63 100644 --- a/library/cipher_wrap.c +++ b/library/cipher_wrap.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CIPHER_C) diff --git a/library/cmac.c b/library/cmac.c index 2d23be5ff..3a48a6204 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -40,11 +40,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CMAC_C) diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c index 8a2920a32..7872e9b2d 100644 --- a/library/ctr_drbg.c +++ b/library/ctr_drbg.c @@ -24,11 +24,7 @@ * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_CTR_DRBG_C) diff --git a/library/debug.c b/library/debug.c index 2b25e997c..6fb766b5f 100644 --- a/library/debug.c +++ b/library/debug.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_DEBUG_C) diff --git a/library/des.c b/library/des.c index 24e517ed9..e13521996 100644 --- a/library/des.c +++ b/library/des.c @@ -25,11 +25,7 @@ * http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_DES_C) diff --git a/library/dhm.c b/library/dhm.c index 392ed0c15..387f5beda 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -27,11 +27,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_DHM_C) diff --git a/library/ecdh.c b/library/ecdh.c index 3cf533371..987a6ceb3 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -26,11 +26,7 @@ * RFC 4492 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDH_C) diff --git a/library/ecdsa.c b/library/ecdsa.c index 5acd2d00e..3183a902e 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -25,11 +25,7 @@ * SEC1 http://www.secg.org/index.php?action=secg,docs_secg */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECDSA_C) diff --git a/library/ecjpake.c b/library/ecjpake.c index 79ea3cbec..a60785168 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -24,11 +24,7 @@ * available to members of the Thread Group http://threadgroup.org/ */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECJPAKE_C) diff --git a/library/ecp.c b/library/ecp.c index 9522edf77..b00816a2f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -41,11 +41,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" /** * \brief Function level alternative implementation. diff --git a/library/ecp_curves.c b/library/ecp_curves.c index a24a50c03..92bbb896a 100644 --- a/library/ecp_curves.c +++ b/library/ecp_curves.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ECP_C) diff --git a/library/entropy.c b/library/entropy.c index 102f9f1c4..4d4d6cebf 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ENTROPY_C) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index dc621836e..62fb4afbf 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -24,11 +24,7 @@ #define _GNU_SOURCE #endif -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include diff --git a/library/error.c b/library/error.c index 57171b311..68e1f171b 100644 --- a/library/error.c +++ b/library/error.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ERROR_STRERROR_DUMMY) #include diff --git a/library/gcm.c b/library/gcm.c index e34f1dae4..eae9eed77 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -29,11 +29,7 @@ * [MGV] 4.1, pp. 12-13, to enhance speed without using too much memory. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_GCM_C) diff --git a/library/havege.c b/library/havege.c index ca7dd17fb..75e0e84f7 100644 --- a/library/havege.c +++ b/library/havege.c @@ -26,11 +26,7 @@ * Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_HAVEGE_C) diff --git a/library/hkdf.c b/library/hkdf.c index 82df597a4..0e9da59a9 100644 --- a/library/hkdf.c +++ b/library/hkdf.c @@ -18,11 +18,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_HKDF_C) diff --git a/library/hmac_drbg.c b/library/hmac_drbg.c index f811885c9..b25b6838f 100644 --- a/library/hmac_drbg.c +++ b/library/hmac_drbg.c @@ -25,11 +25,7 @@ * References below are based on rev. 1 (January 2012). */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_HMAC_DRBG_C) diff --git a/library/md.c b/library/md.c index 30a580b02..3eb0fe389 100644 --- a/library/md.c +++ b/library/md.c @@ -23,11 +23,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD_C) diff --git a/library/md2.c b/library/md2.c index 82aed8e73..afc6539e0 100644 --- a/library/md2.c +++ b/library/md2.c @@ -25,11 +25,7 @@ * http://www.ietf.org/rfc/rfc1319.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD2_C) diff --git a/library/md4.c b/library/md4.c index 6a658e31d..beb42c954 100644 --- a/library/md4.c +++ b/library/md4.c @@ -25,11 +25,7 @@ * http://www.ietf.org/rfc/rfc1320.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD4_C) diff --git a/library/md5.c b/library/md5.c index 2306855f4..c7b85d124 100644 --- a/library/md5.c +++ b/library/md5.c @@ -24,11 +24,7 @@ * http://www.ietf.org/rfc/rfc1321.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MD5_C) diff --git a/library/memory_buffer_alloc.c b/library/memory_buffer_alloc.c index 51ea7c41d..07bcce0db 100644 --- a/library/memory_buffer_alloc.c +++ b/library/memory_buffer_alloc.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #include "mbedtls/memory_buffer_alloc.h" diff --git a/library/net_sockets.c b/library/net_sockets.c index b26e85818..3c6d29351 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -25,11 +25,7 @@ #define _POSIX_C_SOURCE 200112L #define _XOPEN_SOURCE 600 /* sockaddr_storage */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_NET_C) diff --git a/library/nist_kw.c b/library/nist_kw.c index 03e807202..f6ee486e7 100644 --- a/library/nist_kw.c +++ b/library/nist_kw.c @@ -29,11 +29,7 @@ * the wrapping and unwrapping operation than the definition in NIST SP 800-38F. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_NIST_KW_C) diff --git a/library/oid.c b/library/oid.c index e0c074369..29ced43d3 100644 --- a/library/oid.c +++ b/library/oid.c @@ -21,11 +21,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_OID_C) diff --git a/library/padlock.c b/library/padlock.c index b85ff9cd2..887a386e8 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -25,11 +25,7 @@ * programming_guide.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PADLOCK_C) diff --git a/library/pem.c b/library/pem.c index 31f4a9a25..544f7c41b 100644 --- a/library/pem.c +++ b/library/pem.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C) diff --git a/library/pk.c b/library/pk.c index b83ba8e71..5858a4e82 100644 --- a/library/pk.c +++ b/library/pk.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_C) #include "mbedtls/pk.h" diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f73643149..46fd02c76 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_C) #include "mbedtls/pk_internal.h" diff --git a/library/pkcs12.c b/library/pkcs12.c index 96c64ad63..b26f5669f 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -25,11 +25,7 @@ * ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-12/pkcs-12v1-1.asn */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PKCS12_C) diff --git a/library/pkcs5.c b/library/pkcs5.c index 883232225..fc5224883 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -29,11 +29,7 @@ * http://tools.ietf.org/html/rfc6070 (Test vectors) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PKCS5_C) diff --git a/library/pkparse.c b/library/pkparse.c index 1cbb8cc33..03d597293 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_PARSE_C) diff --git a/library/pkwrite.c b/library/pkwrite.c index b1b5f4685..7ec84f3e8 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PK_WRITE_C) diff --git a/library/platform.c b/library/platform.c index 420d09ea1..cd0e85bbe 100644 --- a/library/platform.c +++ b/library/platform.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PLATFORM_C) diff --git a/library/platform_util.c b/library/platform_util.c index b1f745097..f6882e2c0 100644 --- a/library/platform_util.c +++ b/library/platform_util.c @@ -28,11 +28,7 @@ #define _POSIX_C_SOURCE 200112L #endif -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #include "mbedtls/platform_util.h" #include "mbedtls/platform.h" diff --git a/library/poly1305.c b/library/poly1305.c index bc1e8a649..069b82d95 100644 --- a/library/poly1305.c +++ b/library/poly1305.c @@ -20,11 +20,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_POLY1305_C) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8cd80790a..4c3966ca7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -20,11 +20,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 53a260007..61e6c98d2 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -20,11 +20,7 @@ * This file is part of Mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_SE_C) diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 801caf0a2..5ceac846a 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -20,11 +20,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_PSA_CRYPTO_C) diff --git a/library/ripemd160.c b/library/ripemd160.c index a62f4b824..a2ad32c2f 100644 --- a/library/ripemd160.c +++ b/library/ripemd160.c @@ -25,11 +25,7 @@ * http://ehash.iaik.tugraz.at/wiki/RIPEMD-160 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_RIPEMD160_C) diff --git a/library/rsa.c b/library/rsa.c index 6c457468e..83ed3c937 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -37,11 +37,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_RSA_C) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 9a42d47ce..b4098f494 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -20,11 +20,7 @@ * */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_RSA_C) diff --git a/library/sha1.c b/library/sha1.c index 923394341..79bac6b24 100644 --- a/library/sha1.c +++ b/library/sha1.c @@ -24,11 +24,7 @@ * http://www.itl.nist.gov/fipspubs/fip180-1.htm */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SHA1_C) diff --git a/library/sha256.c b/library/sha256.c index 087a8e349..d8ddda5be 100644 --- a/library/sha256.c +++ b/library/sha256.c @@ -24,11 +24,7 @@ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SHA256_C) diff --git a/library/sha512.c b/library/sha512.c index 30dd71954..37fc96d05 100644 --- a/library/sha512.c +++ b/library/sha512.c @@ -24,11 +24,7 @@ * http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SHA512_C) diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 62a0a2987..3a2df0cc5 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -23,11 +23,7 @@ * to store and retrieve the session information. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_CACHE_C) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index 5da129412..726912e4b 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -21,11 +21,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 48ef30de2..361e6e6d2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_CLI_C) diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 323784c26..151f0c50e 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -23,11 +23,7 @@ * to store and retrieve the session information. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_COOKIE_C) diff --git a/library/ssl_msg.c b/library/ssl_msg.c index ae8d07653..fdffc4def 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -28,11 +28,7 @@ * http://www.ietf.org/rfc/rfc4346.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/ssl_srv.c b/library/ssl_srv.c index 9bfda164a..91bd83aa2 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_SRV_C) diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 6b50b55ec..bfa254607 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TICKET_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 250ef9835..834c632a1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -27,11 +27,7 @@ * http://www.ietf.org/rfc/rfc4346.txt */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SSL_TLS_C) diff --git a/library/threading.c b/library/threading.c index 7c90c7c59..cb9026d1f 100644 --- a/library/threading.c +++ b/library/threading.c @@ -27,11 +27,7 @@ #define _POSIX_C_SOURCE 200112L #endif -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_THREADING_C) diff --git a/library/timing.c b/library/timing.c index 4a654222a..90cfe88ed 100644 --- a/library/timing.c +++ b/library/timing.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" diff --git a/library/version.c b/library/version.c index fd9675088..1e17482e0 100644 --- a/library/version.c +++ b/library/version.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_VERSION_C) diff --git a/library/version_features.c b/library/version_features.c index adc61a1fe..bc4077837 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_VERSION_C) diff --git a/library/x509.c b/library/x509.c index e969b8da6..55afbab83 100644 --- a/library/x509.c +++ b/library/x509.c @@ -29,11 +29,7 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_USE_C) diff --git a/library/x509_create.c b/library/x509_create.c index 7df2f0ed5..8d5877535 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CREATE_C) diff --git a/library/x509_crl.c b/library/x509_crl.c index 371c446be..d89faccad 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -29,11 +29,7 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CRL_PARSE_C) diff --git a/library/x509_crt.c b/library/x509_crt.c index 04822e8ab..8fd8b865d 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -31,11 +31,7 @@ * [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/x509_csr.c b/library/x509_csr.c index 7e2cfba2a..8385e50c4 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -29,11 +29,7 @@ * http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CSR_PARSE_C) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 5947e439d..2baff35e1 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -25,11 +25,7 @@ * - attributes: PKCS#9 v2.0 aka RFC 2985 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CRT_WRITE_C) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 7c5179862..7dd3d45c7 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -24,11 +24,7 @@ * - attributes: PKCS#9 v2.0 aka RFC 2985 */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_X509_CSR_WRITE_C) diff --git a/library/xtea.c b/library/xtea.c index a33707bc1..dab6cd3ee 100644 --- a/library/xtea.c +++ b/library/xtea.c @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_XTEA_C) diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index f65881bc8..ddd1be7a6 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_ERROR_STRERROR_DUMMY) #include diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt index 63ae94cb6..79d220ebc 100644 --- a/scripts/data_files/version_features.fmt +++ b/scripts/data_files/version_features.fmt @@ -19,11 +19,7 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif +#include "common.h" #if defined(MBEDTLS_VERSION_C) From 0d7216511fe90abaf1c1293f829a45a8c6e0ab72 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 26 Jun 2020 23:35:53 +0200 Subject: [PATCH 234/247] Fix erroneous skip of test cases for disabled ciphersuites Test cases that force a specific ciphersuites are only executed if this ciphersuite is enabled. But there are test cases (for RC4) whose goal is to check that the ciphersuite is not used. These test cases must run even if (or only if) the ciphersuite is disable, so add an exception for these test cases. Signed-off-by: Gilles Peskine --- tests/ssl-opt.sh | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 8d28b63c3..5864a87a7 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -241,6 +241,33 @@ requires_ciphersuite_enabled() { fi } +# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...] +# If CMD (call to a TLS client or server program) requires a specific +# ciphersuite, arrange to only run the test case if this ciphersuite is +# enabled. As an exception, do run the test case if it expects a ciphersuite +# mismatch. +maybe_requires_ciphersuite_enabled() { + case "$1" in + *\ force_ciphersuite=*) :;; + *) return;; # No specific required ciphersuite + esac + ciphersuite="${1##*\ force_ciphersuite=}" + ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}" + shift + + case "$*" in + *"-s SSL - The server has no ciphersuites in common"*) + # This test case expects a ciphersuite mismatch, so it doesn't + # require the ciphersuite to be enabled. + ;; + *) + requires_ciphersuite_enabled "$ciphersuite" + ;; + esac + + unset ciphersuite +} + # skip next test if OpenSSL doesn't support FALLBACK_SCSV requires_openssl_with_fallback_scsv() { if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then @@ -658,17 +685,9 @@ run_test() { requires_config_enabled MBEDTLS_FS_IO fi - # Check if server forces ciphersuite - FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p') - if [ ! -z "$FORCE_CIPHERSUITE" ]; then - requires_ciphersuite_enabled $FORCE_CIPHERSUITE - fi - - # Check if client forces ciphersuite - FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p') - if [ ! -z "$FORCE_CIPHERSUITE" ]; then - requires_ciphersuite_enabled $FORCE_CIPHERSUITE - fi + # If the client or serve requires a ciphersuite, check that it's enabled. + maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@" + maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@" # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then From 3ca8a9285ee2664ff3a9c9aeffac0e313e362357 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 13:07:37 +0200 Subject: [PATCH 235/247] Factor common library properties All libraries (should) rely on the same directory structure. Instead of repeating the same clauses 6 times (3 libraries times 2 build modes), set the include paths, compile definitions and install instructions with a single piece of code. Include the 3rdparty directory for all libraries, not just crypto. It's currently only needed for crypto, but that's just happenstance. Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 42 +++++++++++++++--------------------------- 1 file changed, 15 insertions(+), 27 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 0a8b87cc7..75dccdf86 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -148,10 +148,15 @@ if (NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) message(FATAL_ERROR "Need to choose static or shared mbedtls build!") endif(NOT USE_STATIC_MBEDTLS_LIBRARY AND NOT USE_SHARED_MBEDTLS_LIBRARY) +set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") + if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) set(mbedtls_static_target "mbedtls_static") set(mbedx509_static_target "mbedx509_static") set(mbedcrypto_static_target "mbedcrypto_static") + set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") + list(APPEND target_libraries + "mbedcrypto_static" "mbedx509_static" "mbedtls_static") elseif(USE_STATIC_MBEDTLS_LIBRARY) set(mbedtls_static_target "mbedtls") set(mbedx509_static_target "mbedx509") @@ -162,58 +167,41 @@ if(USE_STATIC_MBEDTLS_LIBRARY) add_library(${mbedcrypto_static_target} STATIC ${src_crypto}) set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto) target_link_libraries(${mbedcrypto_static_target} ${libs}) - target_include_directories(${mbedcrypto_static_target} - PUBLIC ${MBEDTLS_DIR}/include/ - PUBLIC ${thirdparty_inc_public} - PRIVATE ${thirdparty_inc}) - target_compile_definitions(${mbedcrypto_static_target} - PRIVATE ${thirdparty_def}) add_library(${mbedx509_static_target} STATIC ${src_x509}) set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509) target_link_libraries(${mbedx509_static_target} ${libs} ${mbedcrypto_static_target}) - target_include_directories(${mbedx509_static_target} - PUBLIC ${MBEDTLS_DIR}/include/) add_library(${mbedtls_static_target} STATIC ${src_tls}) set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls) target_link_libraries(${mbedtls_static_target} ${libs} ${mbedx509_static_target}) - target_include_directories(${mbedtls_static_target} - PUBLIC ${MBEDTLS_DIR}/include/) - - install(TARGETS ${mbedtls_static_target} ${mbedx509_static_target} ${mbedcrypto_static_target} - DESTINATION ${LIB_INSTALL_DIR} - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) - add_library(mbedcrypto SHARED ${src_crypto}) set_target_properties(mbedcrypto PROPERTIES VERSION 2.22.0 SOVERSION 4) target_link_libraries(mbedcrypto ${libs}) - target_include_directories(mbedcrypto - PUBLIC ${MBEDTLS_DIR}/include/ - PUBLIC ${thirdparty_inc_public} - PRIVATE ${thirdparty_inc}) - target_compile_definitions(mbedcrypto - PRIVATE ${thirdparty_def}) add_library(mbedx509 SHARED ${src_x509}) set_target_properties(mbedx509 PROPERTIES VERSION 2.22.0 SOVERSION 1) target_link_libraries(mbedx509 ${libs} mbedcrypto) - target_include_directories(mbedx509 - PUBLIC ${MBEDTLS_DIR}/include/) add_library(mbedtls SHARED ${src_tls}) set_target_properties(mbedtls PROPERTIES VERSION 2.22.0 SOVERSION 13) target_link_libraries(mbedtls ${libs} mbedx509) - target_include_directories(mbedtls - PUBLIC ${MBEDTLS_DIR}/include/) +endif(USE_SHARED_MBEDTLS_LIBRARY) - install(TARGETS mbedtls mbedx509 mbedcrypto +foreach(target IN LISTS target_libraries) + target_include_directories(${target} + PUBLIC ${MBEDTLS_DIR}/include/ + PUBLIC ${thirdparty_inc_public} + PRIVATE ${thirdparty_inc}) + target_compile_definitions(${target} + PRIVATE ${thirdparty_def}) + install(TARGETS ${target} DESTINATION ${LIB_INSTALL_DIR} PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) -endif(USE_SHARED_MBEDTLS_LIBRARY) +endforeach(target) add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) From dedff7a57dc5e34412b6d50f2040c095705ab2b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 13:13:27 +0200 Subject: [PATCH 236/247] CMake: Include the library directory for the sake of 3rdparty "Include the library directory for the sake of 3rdparty" did the job for Make and Visual Studio. This commit does the job for CMake. Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 75dccdf86..dc15ad6e0 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -195,6 +195,7 @@ foreach(target IN LISTS target_libraries) target_include_directories(${target} PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${thirdparty_inc_public} + PRIVATE ${MBEDTLS_DIR}/library/ PRIVATE ${thirdparty_inc}) target_compile_definitions(${target} PRIVATE ${thirdparty_def}) From 280165c9b39091c7c7ffe031430c7cf93ebc4dec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 13:19:17 +0200 Subject: [PATCH 237/247] Library files aren't supposed to be executable Signed-off-by: Gilles Peskine --- ChangeLog.d/cmake-install.txt | 3 +++ library/CMakeLists.txt | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/cmake-install.txt diff --git a/ChangeLog.d/cmake-install.txt b/ChangeLog.d/cmake-install.txt new file mode 100644 index 000000000..1bcec4aa9 --- /dev/null +++ b/ChangeLog.d/cmake-install.txt @@ -0,0 +1,3 @@ +Bugfix + * Library files installed after a CMake build no longer have execute + permission. diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index dc15ad6e0..c551ee557 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -201,7 +201,7 @@ foreach(target IN LISTS target_libraries) PRIVATE ${thirdparty_def}) install(TARGETS ${target} DESTINATION ${LIB_INSTALL_DIR} - PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) + PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ) endforeach(target) add_custom_target(lib DEPENDS mbedcrypto mbedx509 mbedtls) From 76dd3aa5bb51c11e46003521961a2499a0d7976e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 15:58:37 +0200 Subject: [PATCH 238/247] Add comments explaining include paths Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 5 +++++ library/Makefile | 4 ++++ tests/CMakeLists.txt | 4 ++++ tests/Makefile | 3 +++ 4 files changed, 16 insertions(+) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index c551ee557..8fd959c1a 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -192,6 +192,11 @@ if(USE_SHARED_MBEDTLS_LIBRARY) endif(USE_SHARED_MBEDTLS_LIBRARY) foreach(target IN LISTS target_libraries) + # Include public header files from /include and other directories + # declared by /3rdparty/**/CMakeLists.txt. Include private header files + # from /library and others declared by /3rdparty/**/CMakeLists.txt. + # /library needs to be listed explicitly when building .c files outside + # of /library (which currently means: under /3rdparty). target_include_directories(${target} PUBLIC ${MBEDTLS_DIR}/include/ PUBLIC ${thirdparty_inc_public} diff --git a/library/Makefile b/library/Makefile index 801304bbe..20a598481 100644 --- a/library/Makefile +++ b/library/Makefile @@ -5,6 +5,10 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= +# Include ../include for public headers and . for private headers. +# Note that . needs to be included explicitly for the sake of library +# files that are not in the /library directory (which currently means +# under /3rdparty). LOCAL_CFLAGS = $(WARNING_CFLAGS) -I. -I../include -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 8a74c6bfb..cc6866309 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -48,6 +48,10 @@ function(add_test_suite suite_name) add_executable(test_suite_${data_name} test_suite_${data_name}.c $) target_link_libraries(test_suite_${data_name} ${libs}) + # Include test-specific header files from ./include and private header + # files (used by some invasive tests) from ../library. Public header + # files are automatically included because the library targets declare + # them as PUBLIC. target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library) diff --git a/tests/Makefile b/tests/Makefile index 80c84fa19..ffa4812bd 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,6 +6,9 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= +# Include public header files from ../include, test-specific header files +# from ./include, and private header files (used by some invasive tests) +# from ../library. LOCAL_CFLAGS = $(WARNING_CFLAGS) -I./include -I../include -I../library -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = -L../library \ -lmbedtls$(SHARED_SUFFIX) \ From e1c43629666f40218562ed819ac4ebf850481fd2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 2 Jul 2020 17:50:20 +0200 Subject: [PATCH 239/247] Remove redundant assignment Signed-off-by: Gilles Peskine --- library/CMakeLists.txt | 1 - 1 file changed, 1 deletion(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 8fd959c1a..3e0a5f258 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -154,7 +154,6 @@ if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY) set(mbedtls_static_target "mbedtls_static") set(mbedx509_static_target "mbedx509_static") set(mbedcrypto_static_target "mbedcrypto_static") - set(target_libraries "mbedcrypto" "mbedx509" "mbedtls") list(APPEND target_libraries "mbedcrypto_static" "mbedx509_static" "mbedtls_static") elseif(USE_STATIC_MBEDTLS_LIBRARY) From 8ff510ac26d09aca1638f01a9ba67dc65213ccb8 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Tue, 2 Jun 2020 17:19:28 +0100 Subject: [PATCH 240/247] Rename ECC Family Macros According to PSA Spec Rename PSA_ECC_CURVE_xxx to PSA_ECC_FAMILY_xxx, also rename PSA_KEY_TYPE_GET_CURVE to PSA_KEY_TYPE_ECC_GET_FAMILY and rename psa_ecc_curve_t to psa_ecc_family_t. Old defines are provided in include/crypto_compat.h for backward compatibility. Signed-off-by: Paul Elliott --- docs/getting_started.md | 2 +- include/mbedtls/psa_util.h | 8 +- include/psa/crypto.h | 10 +- include/psa/crypto_compat.h | 85 +++++--- include/psa/crypto_extra.h | 34 ++-- include/psa/crypto_types.h | 2 +- include/psa/crypto_values.h | 34 ++-- library/pk.c | 2 +- library/pk_wrap.c | 2 +- library/pkwrite.c | 4 +- library/psa_crypto.c | 24 +-- programs/psa/psa_constant_names.c | 20 +- scripts/generate_psa_constants.py | 6 +- tests/suites/test_suite_pk.data | 18 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_psa_crypto.data | 188 +++++++++--------- tests/suites/test_suite_psa_crypto.function | 69 ++++--- .../test_suite_psa_crypto_metadata.data | 16 +- .../test_suite_psa_crypto_metadata.function | 6 +- .../test_suite_psa_crypto_se_driver_hal.data | 18 +- ...st_suite_psa_crypto_se_driver_hal.function | 8 +- ...test_suite_psa_crypto_slot_management.data | 12 +- 22 files changed, 301 insertions(+), 269 deletions(-) diff --git a/docs/getting_started.md b/docs/getting_started.md index f3c1341dd..e274f49d7 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -865,7 +865,7 @@ Mbed Crypto provides a simple way to generate a key or key pair. psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)); psa_set_key_type(&attributes, - PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1)); + PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)); psa_set_key_bits(&attributes, key_bits); status = psa_generate_key(&attributes, &handle); if (status != PSA_SUCCESS) { diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h index 513bc5feb..f7620b0f2 100644 --- a/include/mbedtls/psa_util.h +++ b/include/mbedtls/psa_util.h @@ -160,12 +160,12 @@ static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg /* Translations for ECC. */ static inline int mbedtls_psa_get_ecc_oid_from_id( - psa_ecc_curve_t curve, size_t bits, + psa_ecc_family_t curve, size_t bits, char const **oid, size_t *oid_len ) { switch( curve ) { - case PSA_ECC_CURVE_SECP_R1: + case PSA_ECC_FAMILY_SECP_R1: switch( bits ) { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) @@ -200,7 +200,7 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ } break; - case PSA_ECC_CURVE_SECP_K1: + case PSA_ECC_FAMILY_SECP_K1: switch( bits ) { #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) @@ -223,7 +223,7 @@ static inline int mbedtls_psa_get_ecc_oid_from_id( #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ } break; - case PSA_ECC_CURVE_BRAINPOOL_P_R1: + case PSA_ECC_FAMILY_BRAINPOOL_P_R1: switch( bits ) { #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) diff --git a/include/psa/crypto.h b/include/psa/crypto.h index 2b07b7471..c9b3c15ba 100644 --- a/include/psa/crypto.h +++ b/include/psa/crypto.h @@ -735,9 +735,9 @@ psa_status_t psa_import_key(const psa_key_attributes_t *attributes, * where `m` is the bit size associated with the curve, i.e. the bit size * of the order of the curve's coordinate field. This byte string is * in little-endian order for Montgomery curves (curve types - * `PSA_ECC_CURVE_CURVEXXX`), and in big-endian order for Weierstrass - * curves (curve types `PSA_ECC_CURVE_SECTXXX`, `PSA_ECC_CURVE_SECPXXX` - * and `PSA_ECC_CURVE_BRAINPOOL_PXXX`). + * `PSA_ECC_FAMILY_CURVEXXX`), and in big-endian order for Weierstrass + * curves (curve types `PSA_ECC_FAMILY_SECTXXX`, `PSA_ECC_FAMILY_SECPXXX` + * and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`). * This is the content of the `privateKey` field of the `ECPrivateKey` * format defined by RFC 5915. * - For Diffie-Hellman key exchange key pairs (key types for which @@ -3502,9 +3502,9 @@ psa_status_t psa_key_derivation_output_bytes( * length is determined by the curve, and sets the mandatory bits * accordingly. That is: * - * - Curve25519 (#PSA_ECC_CURVE_MONTGOMERY, 255 bits): draw a 32-byte + * - Curve25519 (#PSA_ECC_FAMILY_MONTGOMERY, 255 bits): draw a 32-byte * string and process it as specified in RFC 7748 §5. - * - Curve448 (#PSA_ECC_CURVE_MONTGOMERY, 448 bits): draw a 56-byte + * - Curve448 (#PSA_ECC_FAMILY_MONTGOMERY, 448 bits): draw a 56-byte * string and process it as specified in RFC 7748 §5. * * - For key types for which the key is represented by a single sequence of diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index 1ed5f052b..cc95a13cd 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -50,8 +50,11 @@ extern "C" { typedef MBEDTLS_PSA_DEPRECATED size_t mbedtls_deprecated_size_t; typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t; typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_t; -typedef MBEDTLS_PSA_DEPRECATED psa_ecc_curve_t mbedtls_deprecated_psa_ecc_curve_t; +typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t mbedtls_deprecated_psa_ecc_family_t; typedef MBEDTLS_PSA_DEPRECATED psa_dh_group_t mbedtls_deprecated_psa_dh_group_t; +typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t psa_ecc_curve_t; + +#define PSA_KEY_TYPE_GET_CURVE PSA_KEY_TYPE_ECC_GET_FAMILY #define MBEDTLS_DEPRECATED_CONSTANT( type, value ) \ ( (mbedtls_deprecated_##type) ( value ) ) @@ -118,65 +121,85 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key * Size-specific elliptic curve and Diffie-Hellman group names */ #define PSA_ECC_CURVE_SECP160K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 ) #define PSA_ECC_CURVE_SECP192K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 ) #define PSA_ECC_CURVE_SECP224K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 ) #define PSA_ECC_CURVE_SECP256K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 ) #define PSA_ECC_CURVE_SECP160R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 ) #define PSA_ECC_CURVE_SECP192R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 ) #define PSA_ECC_CURVE_SECP224R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 ) #define PSA_ECC_CURVE_SECP256R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 ) #define PSA_ECC_CURVE_SECP384R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 ) #define PSA_ECC_CURVE_SECP521R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 ) #define PSA_ECC_CURVE_SECP160R2 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECP_R2 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 ) #define PSA_ECC_CURVE_SECT163K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 ) #define PSA_ECC_CURVE_SECT233K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 ) #define PSA_ECC_CURVE_SECT239K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 ) #define PSA_ECC_CURVE_SECT283K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 ) #define PSA_ECC_CURVE_SECT409K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 ) #define PSA_ECC_CURVE_SECT571K1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_K1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 ) #define PSA_ECC_CURVE_SECT163R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 ) #define PSA_ECC_CURVE_SECT193R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 ) #define PSA_ECC_CURVE_SECT233R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 ) #define PSA_ECC_CURVE_SECT283R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 ) #define PSA_ECC_CURVE_SECT409R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 ) #define PSA_ECC_CURVE_SECT571R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 ) #define PSA_ECC_CURVE_SECT163R2 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R2 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 ) #define PSA_ECC_CURVE_SECT193R2 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_SECT_R2 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 ) #define PSA_ECC_CURVE_BRAINPOOL_P256R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_BRAINPOOL_P_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ) #define PSA_ECC_CURVE_BRAINPOOL_P384R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_BRAINPOOL_P_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ) #define PSA_ECC_CURVE_BRAINPOOL_P512R1 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_BRAINPOOL_P_R1 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ) #define PSA_ECC_CURVE_CURVE25519 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_MONTGOMERY ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY ) #define PSA_ECC_CURVE_CURVE448 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_curve_t, PSA_ECC_CURVE_MONTGOMERY ) + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY ) + +/* + * Curves that changed name due to PSA specification. + */ +#define PSA_ECC_CURVE_SECP_K1 \ + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 ) +#define PSA_ECC_CURVE_SECP_R1 \ + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 ) +#define PSA_ECC_CURVE_SECP_R2 \ + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 ) +#define PSA_ECC_CURVE_SECT_K1 \ + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 ) +#define PSA_ECC_CURVE_SECT_R1 \ + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 ) +#define PSA_ECC_CURVE_SECT_R2 \ + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 ) +#define PSA_ECC_CURVE_BRAINPOOL_P_R1 \ + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ) +#define PSA_ECC_CURVE_MONTGOMERY \ + MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY ) #define PSA_DH_GROUP_FFDHE2048 \ MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 ) diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index 84cc5ab0b..ceca3e384 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -575,53 +575,53 @@ psa_status_t psa_get_key_domain_parameters( * \param[out] bits On success, the bit size of the curve. * * \return The corresponding PSA elliptic curve identifier - * (`PSA_ECC_CURVE_xxx`). + * (`PSA_ECC_FAMILY_xxx`). * \return \c 0 on failure (\p grpid is not recognized). */ -static inline psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid, +static inline psa_ecc_family_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grpid, size_t *bits ) { switch( grpid ) { case MBEDTLS_ECP_DP_SECP192R1: *bits = 192; - return( PSA_ECC_CURVE_SECP_R1 ); + return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_SECP224R1: *bits = 224; - return( PSA_ECC_CURVE_SECP_R1 ); + return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_SECP256R1: *bits = 256; - return( PSA_ECC_CURVE_SECP_R1 ); + return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_SECP384R1: *bits = 384; - return( PSA_ECC_CURVE_SECP_R1 ); + return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_SECP521R1: *bits = 521; - return( PSA_ECC_CURVE_SECP_R1 ); + return( PSA_ECC_FAMILY_SECP_R1 ); case MBEDTLS_ECP_DP_BP256R1: *bits = 256; - return( PSA_ECC_CURVE_BRAINPOOL_P_R1 ); + return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); case MBEDTLS_ECP_DP_BP384R1: *bits = 384; - return( PSA_ECC_CURVE_BRAINPOOL_P_R1 ); + return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); case MBEDTLS_ECP_DP_BP512R1: *bits = 512; - return( PSA_ECC_CURVE_BRAINPOOL_P_R1 ); + return( PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); case MBEDTLS_ECP_DP_CURVE25519: *bits = 255; - return( PSA_ECC_CURVE_MONTGOMERY ); + return( PSA_ECC_FAMILY_MONTGOMERY ); case MBEDTLS_ECP_DP_SECP192K1: *bits = 192; - return( PSA_ECC_CURVE_SECP_K1 ); + return( PSA_ECC_FAMILY_SECP_K1 ); case MBEDTLS_ECP_DP_SECP224K1: *bits = 224; - return( PSA_ECC_CURVE_SECP_K1 ); + return( PSA_ECC_FAMILY_SECP_K1 ); case MBEDTLS_ECP_DP_SECP256K1: *bits = 256; - return( PSA_ECC_CURVE_SECP_K1 ); + return( PSA_ECC_FAMILY_SECP_K1 ); case MBEDTLS_ECP_DP_CURVE448: *bits = 448; - return( PSA_ECC_CURVE_MONTGOMERY ); + return( PSA_ECC_FAMILY_MONTGOMERY ); default: *bits = 0; return( 0 ); @@ -634,7 +634,7 @@ static inline psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grp * Mbed TLS and may be removed at any time without notice. * * \param curve A PSA elliptic curve identifier - * (`PSA_ECC_CURVE_xxx`). + * (`PSA_ECC_FAMILY_xxx`). * \param byte_length The byte-length of a private key on \p curve. * * \return The corresponding Mbed TLS elliptic curve identifier @@ -643,7 +643,7 @@ static inline psa_ecc_curve_t mbedtls_ecc_group_to_psa( mbedtls_ecp_group_id grp * \return #MBEDTLS_ECP_DP_NONE if \p byte_length is not * correct for \p curve. */ -mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve, +mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ); #endif /* MBEDTLS_ECP_C */ diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 41f1bea77..8e98eafb4 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -74,7 +74,7 @@ typedef uint16_t psa_key_type_t; * Values defined by this standard will never be in the range 0x80-0xff. * Vendors who define additional families must use an encoding in this range. */ -typedef uint8_t psa_ecc_curve_t; +typedef uint8_t psa_ecc_family_t; /** The type of PSA Diffie-Hellman group family identifiers. * diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index f33946ab9..3feaa1c98 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -426,15 +426,15 @@ #define PSA_KEY_TYPE_ECC_CURVE_MASK ((psa_key_type_t)0x00ff) /** Elliptic curve key pair. * - * \param curve A value of type ::psa_ecc_curve_t that identifies the - * ECC curve to be used. + * \param curve A value of type ::psa_ecc_family_t that + * identifies the ECC curve to be used. */ #define PSA_KEY_TYPE_ECC_KEY_PAIR(curve) \ (PSA_KEY_TYPE_ECC_KEY_PAIR_BASE | (curve)) /** Elliptic curve public key. * - * \param curve A value of type ::psa_ecc_curve_t that identifies the - * ECC curve to be used. + * \param curve A value of type ::psa_ecc_family_t that + * identifies the ECC curve to be used. */ #define PSA_KEY_TYPE_ECC_PUBLIC_KEY(curve) \ (PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE | (curve)) @@ -453,8 +453,8 @@ PSA_KEY_TYPE_ECC_PUBLIC_KEY_BASE) /** Extract the curve from an elliptic curve key type. */ -#define PSA_KEY_TYPE_GET_CURVE(type) \ - ((psa_ecc_curve_t) (PSA_KEY_TYPE_IS_ECC(type) ? \ +#define PSA_KEY_TYPE_ECC_GET_FAMILY(type) \ + ((psa_ecc_family_t) (PSA_KEY_TYPE_IS_ECC(type) ? \ ((type) & PSA_KEY_TYPE_ECC_CURVE_MASK) : \ 0)) @@ -466,7 +466,7 @@ * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf */ -#define PSA_ECC_CURVE_SECP_K1 ((psa_ecc_curve_t) 0x17) +#define PSA_ECC_FAMILY_SECP_K1 ((psa_ecc_family_t) 0x17) /** SEC random curves over prime fields. * @@ -476,9 +476,9 @@ * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf */ -#define PSA_ECC_CURVE_SECP_R1 ((psa_ecc_curve_t) 0x12) +#define PSA_ECC_FAMILY_SECP_R1 ((psa_ecc_family_t) 0x12) /* SECP160R2 (SEC2 v1, obsolete) */ -#define PSA_ECC_CURVE_SECP_R2 ((psa_ecc_curve_t) 0x1b) +#define PSA_ECC_FAMILY_SECP_R2 ((psa_ecc_family_t) 0x1b) /** SEC Koblitz curves over binary fields. * @@ -488,7 +488,7 @@ * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf */ -#define PSA_ECC_CURVE_SECT_K1 ((psa_ecc_curve_t) 0x27) +#define PSA_ECC_FAMILY_SECT_K1 ((psa_ecc_family_t) 0x27) /** SEC random curves over binary fields. * @@ -498,7 +498,7 @@ * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf */ -#define PSA_ECC_CURVE_SECT_R1 ((psa_ecc_curve_t) 0x22) +#define PSA_ECC_FAMILY_SECT_R1 ((psa_ecc_family_t) 0x22) /** SEC additional random curves over binary fields. * @@ -508,7 +508,7 @@ * _SEC 2: Recommended Elliptic Curve Domain Parameters_. * https://www.secg.org/sec2-v2.pdf */ -#define PSA_ECC_CURVE_SECT_R2 ((psa_ecc_curve_t) 0x2b) +#define PSA_ECC_FAMILY_SECT_R2 ((psa_ecc_family_t) 0x2b) /** Brainpool P random curves. * @@ -517,7 +517,7 @@ * brainpoolP320r1, brainpoolP384r1, brainpoolP512r1. * It is defined in RFC 5639. */ -#define PSA_ECC_CURVE_BRAINPOOL_P_R1 ((psa_ecc_curve_t) 0x30) +#define PSA_ECC_FAMILY_BRAINPOOL_P_R1 ((psa_ecc_family_t) 0x30) /** Curve25519 and Curve448. * @@ -529,7 +529,7 @@ * _Ed448-Goldilocks, a new elliptic curve_, NIST ECC Workshop, 2015. * The algorithm #PSA_ALG_ECDH performs X448 when used with this curve. */ -#define PSA_ECC_CURVE_MONTGOMERY ((psa_ecc_curve_t) 0x41) +#define PSA_ECC_FAMILY_MONTGOMERY ((psa_ecc_family_t) 0x41) #define PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE ((psa_key_type_t)0x4200) #define PSA_KEY_TYPE_DH_KEY_PAIR_BASE ((psa_key_type_t)0x7200) @@ -1483,17 +1483,17 @@ * is padded with zero bits. The byte order is either little-endian * or big-endian depending on the curve type. * - * - For Montgomery curves (curve types `PSA_ECC_CURVE_CURVEXXX`), + * - For Montgomery curves (curve types `PSA_ECC_FAMILY_CURVEXXX`), * the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A` * in little-endian byte order. * The bit size is 448 for Curve448 and 255 for Curve25519. * - For Weierstrass curves over prime fields (curve types - * `PSA_ECC_CURVE_SECPXXX` and `PSA_ECC_CURVE_BRAINPOOL_PXXX`), + * `PSA_ECC_FAMILY_SECPXXX` and `PSA_ECC_FAMILY_BRAINPOOL_PXXX`), * the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A` * in big-endian byte order. * The bit size is `m = ceiling(log_2(p))` for the field `F_p`. * - For Weierstrass curves over binary fields (curve types - * `PSA_ECC_CURVE_SECTXXX`), + * `PSA_ECC_FAMILY_SECTXXX`), * the shared secret is the x-coordinate of `d_A Q_B = d_B Q_A` * in big-endian byte order. * The bit size is `m` for the field `F_{2^m}`. diff --git a/library/pk.c b/library/pk.c index b83ba8e71..b44948b2a 100644 --- a/library/pk.c +++ b/library/pk.c @@ -602,7 +602,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk, const mbedtls_ecp_keypair *ec; unsigned char d[MBEDTLS_ECP_MAX_BYTES]; size_t d_len; - psa_ecc_curve_t curve_id; + psa_ecc_family_t curve_id; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; size_t bits; diff --git a/library/pk_wrap.c b/library/pk_wrap.c index f73643149..7e553425a 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -559,7 +559,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg, mbedtls_pk_info_t pk_info = mbedtls_eckey_info; psa_algorithm_t psa_sig_md, psa_md; size_t curve_bits; - psa_ecc_curve_t curve = + psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( ctx->grp.id, &curve_bits ); const size_t signature_part_size = ( ctx->grp.nbits + 7 ) / 8; diff --git a/library/pkwrite.c b/library/pkwrite.c index b1b5f4685..b36a77308 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -272,7 +272,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_type_t key_type; psa_key_handle_t handle; - psa_ecc_curve_t curve; + psa_ecc_family_t curve; size_t bits; handle = *((psa_key_handle_t*) key->pk_ctx ); @@ -282,7 +282,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si bits = psa_get_key_bits( &attributes ); psa_reset_key_attributes( &attributes ); - curve = PSA_KEY_TYPE_GET_CURVE( key_type ); + curve = PSA_KEY_TYPE_ECC_GET_FAMILY( key_type ); if( curve == 0 ) return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ); diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 8cd80790a..bb83db0c8 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -376,12 +376,12 @@ static inline int psa_key_slot_is_external( const psa_key_slot_t *slot ) #endif /* MBEDTLS_PSA_CRYPTO_SE_C */ #if defined(MBEDTLS_ECP_C) -mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve, +mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_family_t curve, size_t byte_length ) { switch( curve ) { - case PSA_ECC_CURVE_SECP_R1: + case PSA_ECC_FAMILY_SECP_R1: switch( byte_length ) { case PSA_BITS_TO_BYTES( 192 ): @@ -399,7 +399,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve, } break; - case PSA_ECC_CURVE_BRAINPOOL_P_R1: + case PSA_ECC_FAMILY_BRAINPOOL_P_R1: switch( byte_length ) { case PSA_BITS_TO_BYTES( 256 ): @@ -413,7 +413,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve, } break; - case PSA_ECC_CURVE_MONTGOMERY: + case PSA_ECC_FAMILY_MONTGOMERY: switch( byte_length ) { case PSA_BITS_TO_BYTES( 255 ): @@ -425,7 +425,7 @@ mbedtls_ecp_group_id mbedtls_ecc_group_of_psa( psa_ecc_curve_t curve, } break; - case PSA_ECC_CURVE_SECP_K1: + case PSA_ECC_FAMILY_SECP_K1: switch( byte_length ) { case PSA_BITS_TO_BYTES( 192 ): @@ -586,7 +586,7 @@ exit: #endif /* defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_PARSE_C) */ #if defined(MBEDTLS_ECP_C) -static psa_status_t psa_prepare_import_ec_key( psa_ecc_curve_t curve, +static psa_status_t psa_prepare_import_ec_key( psa_ecc_family_t curve, size_t data_length, int is_public, mbedtls_ecp_keypair **p_ecp ) @@ -620,7 +620,7 @@ static psa_status_t psa_prepare_import_ec_key( psa_ecc_curve_t curve, /* Import a public key given as the uncompressed representation defined by SEC1 * 2.3.3 as the content of an ECPoint. */ -static psa_status_t psa_import_ec_public_key( psa_ecc_curve_t curve, +static psa_status_t psa_import_ec_public_key( psa_ecc_family_t curve, const uint8_t *data, size_t data_length, mbedtls_ecp_keypair **p_ecp ) @@ -659,7 +659,7 @@ exit: /* Import a private key given as a byte string which is the private value * in big-endian order. */ -static psa_status_t psa_import_ec_private_key( psa_ecc_curve_t curve, +static psa_status_t psa_import_ec_private_key( psa_ecc_family_t curve, const uint8_t *data, size_t data_length, mbedtls_ecp_keypair **p_ecp ) @@ -769,14 +769,14 @@ psa_status_t psa_import_key_into_slot( psa_key_slot_t *slot, #if defined(MBEDTLS_ECP_C) if( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( slot->attr.type ) ) { - status = psa_import_ec_private_key( PSA_KEY_TYPE_GET_CURVE( slot->attr.type ), + status = psa_import_ec_private_key( PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ), data, data_length, &slot->data.ecp ); } else if( PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY( slot->attr.type ) ) { status = psa_import_ec_public_key( - PSA_KEY_TYPE_GET_CURVE( slot->attr.type ), + PSA_KEY_TYPE_ECC_GET_FAMILY( slot->attr.type ), data, data_length, &slot->data.ecp ); } @@ -5275,7 +5275,7 @@ static psa_status_t psa_key_agreement_ecdh( const uint8_t *peer_key, mbedtls_ecdh_context ecdh; psa_status_t status; size_t bits = 0; - psa_ecc_curve_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits ); + psa_ecc_family_t curve = mbedtls_ecc_group_to_psa( our_key->grp.id, &bits ); mbedtls_ecdh_init( &ecdh ); status = psa_import_ec_public_key( curve, @@ -5588,7 +5588,7 @@ static psa_status_t psa_generate_key_internal( #if defined(MBEDTLS_ECP_C) if ( PSA_KEY_TYPE_IS_ECC( type ) && PSA_KEY_TYPE_IS_KEY_PAIR( type ) ) { - psa_ecc_curve_t curve = PSA_KEY_TYPE_GET_CURVE( type ); + psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY( type ); mbedtls_ecp_group_id grp_id = mbedtls_ecc_group_of_psa( curve, PSA_BITS_TO_BYTES( bits ) ); const mbedtls_ecp_curve_info *curve_info = diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index 964e7b347..a5a223707 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -82,21 +82,21 @@ static void append_integer(char **buffer, size_t buffer_size, } /* The code of these function is automatically generated and included below. */ -static const char *psa_ecc_curve_name(psa_ecc_curve_t curve); +static const char *psa_ecc_family_name(psa_ecc_family_t curve); static const char *psa_dh_group_name(psa_dh_group_t group); static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg); static void append_with_curve(char **buffer, size_t buffer_size, size_t *required_size, const char *string, size_t length, - psa_ecc_curve_t curve) + psa_ecc_family_t curve) { - const char *curve_name = psa_ecc_curve_name(curve); + const char *family_name = psa_ecc_family_name(curve); append(buffer, buffer_size, required_size, string, length); append(buffer, buffer_size, required_size, "(", 1); - if (curve_name != NULL) { + if (family_name != NULL) { append(buffer, buffer_size, required_size, - curve_name, strlen(curve_name)); + family_name, strlen(family_name)); } else { append_integer(buffer, buffer_size, required_size, "0x%02x", curve); @@ -159,9 +159,9 @@ static int psa_snprint_status(char *buffer, size_t buffer_size, } static int psa_snprint_ecc_curve(char *buffer, size_t buffer_size, - psa_ecc_curve_t curve) + psa_ecc_family_t curve) { - const char *name = psa_ecc_curve_name(curve); + const char *name = psa_ecc_family_name(curve); if (name == NULL) { return snprintf(buffer, buffer_size, "0x%02x", (unsigned) curve); } else { @@ -199,7 +199,7 @@ static void usage(const char *program_name) printf("Print the symbolic name whose numerical value is VALUE in TYPE.\n"); printf("Supported types (with = between aliases):\n"); printf(" alg=algorithm Algorithm (psa_algorithm_t)\n"); - printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_curve_t)\n"); + printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_family_t)\n"); printf(" group=dh_group Diffie-Hellman group identifier (psa_dh_group_t)\n"); printf(" type=key_type Key type (psa_key_type_t)\n"); printf(" usage=key_usage Key usage (psa_key_usage_t)\n"); @@ -271,7 +271,7 @@ int process_unsigned(unsigned_value_type type, unsigned long max, char **argp) break; case TYPE_ECC_CURVE: psa_snprint_ecc_curve(buffer, sizeof(buffer), - (psa_ecc_curve_t) value); + (psa_ecc_family_t) value); break; case TYPE_DH_GROUP: psa_snprint_dh_group(buffer, sizeof(buffer), @@ -311,7 +311,7 @@ int main(int argc, char *argv[]) return process_unsigned(TYPE_ALGORITHM, (psa_algorithm_t) (-1), argv + 2); } else if (!strcmp(argv[1], "curve") || !strcmp(argv[1], "ecc_curve")) { - return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_curve_t) (-1), + return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_family_t) (-1), argv + 2); } else if (!strcmp(argv[1], "group") || !strcmp(argv[1], "dh_group")) { return process_unsigned(TYPE_DH_GROUP, (psa_dh_group_t) (-1), diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 3d2e6815a..539856489 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -43,7 +43,7 @@ static const char *psa_strerror(psa_status_t status) } } -static const char *psa_ecc_curve_name(psa_ecc_curve_t curve) +static const char *psa_ecc_family_name(psa_ecc_family_t curve) { switch (curve) { %(ecc_curve_cases)s @@ -179,7 +179,7 @@ static int psa_snprint_key_usage(char *buffer, size_t buffer_size, KEY_TYPE_FROM_CURVE_TEMPLATE = '''if (%(tester)s(type)) { append_with_curve(&buffer, buffer_size, &required_size, "%(builder)s", %(builder_length)s, - PSA_KEY_TYPE_GET_CURVE(type)); + PSA_KEY_TYPE_ECC_GET_FAMILY(type)); } else ''' KEY_TYPE_FROM_GROUP_TEMPLATE = '''if (%(tester)s(type)) { @@ -264,7 +264,7 @@ class MacroCollector: self.key_types_from_curve[name] = name[:13] + 'IS_' + name[13:] elif name.startswith('PSA_KEY_TYPE_') and parameter == 'group': self.key_types_from_group[name] = name[:13] + 'IS_' + name[13:] - elif name.startswith('PSA_ECC_CURVE_') and not parameter: + elif name.startswith('PSA_ECC_FAMILY_') and not parameter: self.ecc_curves.add(name) elif name.startswith('PSA_DH_GROUP_') and not parameter: self.dh_groups.add(name) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index f44189682..9ebdc7e5f 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -273,37 +273,37 @@ pk_sign_verify_restart:MBEDTLS_PK_ECKEY:MBEDTLS_ECP_DP_SECP256R1:"C9AFA9D845BA75 PSA wrapped sign: SECP256R1 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_CURVE_SECP_R1:256 +pk_psa_sign:MBEDTLS_ECP_DP_SECP256R1:PSA_ECC_FAMILY_SECP_R1:256 PSA wrapped sign: SECP384R1 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_CURVE_SECP_R1:384 +pk_psa_sign:MBEDTLS_ECP_DP_SECP384R1:PSA_ECC_FAMILY_SECP_R1:384 PSA wrapped sign: SECP521R1 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_CURVE_SECP_R1:521 +pk_psa_sign:MBEDTLS_ECP_DP_SECP521R1:PSA_ECC_FAMILY_SECP_R1:521 PSA wrapped sign: SECP192K1 depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_CURVE_SECP_K1:192 +pk_psa_sign:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192 ## Currently buggy: https://github.com/ARMmbed/mbed-crypto/issues/336 # PSA wrapped sign: SECP224K1 # depends_on:MBEDTLS_ECP_DP_SECP224K1_ENABLED -# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_CURVE_SECP_K1:224 +# pk_psa_sign:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224 PSA wrapped sign: SECP256K1 depends_on:MBEDTLS_ECP_DP_SECP256K1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_CURVE_SECP_K1:256 +pk_psa_sign:MBEDTLS_ECP_DP_SECP256K1:PSA_ECC_FAMILY_SECP_K1:256 PSA wrapped sign: BP256R1 depends_on:MBEDTLS_ECP_DP_BP256R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_CURVE_BRAINPOOL_P_R1:256 +pk_psa_sign:MBEDTLS_ECP_DP_BP256R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:256 PSA wrapped sign: BP384R1 depends_on:MBEDTLS_ECP_DP_BP384R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_CURVE_BRAINPOOL_P_R1:384 +pk_psa_sign:MBEDTLS_ECP_DP_BP384R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:384 PSA wrapped sign: BP512R1 depends_on:MBEDTLS_ECP_DP_BP512R1_ENABLED -pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_CURVE_BRAINPOOL_P_R1:512 +pk_psa_sign:MBEDTLS_ECP_DP_BP512R1:PSA_ECC_FAMILY_BRAINPOOL_P_R1:512 diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index f9c10c960..43b491473 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -109,7 +109,7 @@ psa_key_handle_t pk_psa_genkey( void ) psa_key_handle_t key; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; const psa_key_type_t type = - PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ); + PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ); const size_t bits = 256; psa_set_key_usage_flags( &attributes, PSA_KEY_USAGE_SIGN_HASH ); diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data index 48bdbed94..d7a568eba 100644 --- a/tests/suites/test_suite_psa_crypto.data +++ b/tests/suites/test_suite_psa_crypto.data @@ -166,59 +166,59 @@ import_with_data:"3082025a0201000281806c49704e91f3df44fc99e9b3c0fee5025cc04d0952 PSA import/export EC secp224r1 key pair: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED -import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:224:0:PSA_SUCCESS:1 +import_export:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:224:0:PSA_SUCCESS:1 PSA import/export-public EC secp224r1: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP224R1_ENABLED -import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7" +import_export_public_key:"6849f97d1066f6997759637c7e3899464cee3ec7ac970653a0be0742":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"041693a290f7f0b571fe2b41d5d84b01327631f4a860f995fa332c097f54192bb10f00113f2affb13c1a24ce44914571a95440ae014a00cbf7" PSA import/export EC secp256r1 key pair: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 +import_export:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 PSA import/export-public EC secp256r1: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" +import_export_public_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45" PSA import/export EC secp384r1 key pair: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1 +import_export:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1 PSA import/export-public EC secp384r1: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" +import_export_public_key:"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747" PSA import/export EC secp521r1 key pair: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1 +import_export:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1 PSA import/export-public EC secp521r1: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" +import_export_public_key:"01b1b6ad07bb79e7320da59860ea28e055284f6058f279de666e06d435d2af7bda28d99fa47b7dd0963e16b0073078ee8b8a38d966a582f46d19ff95df3ad9685aae":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1" PSA import/export EC brainpool256r1 key pair: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED -import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 +import_export:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool256r1: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED -import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" +import_export_public_key:"2161d6f2db76526fa62c16f356a80f01f32f776784b36aa99799a8b7662080ff":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d" PSA import/export EC brainpool384r1 key pair: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED -import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1 +import_export:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:384:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool384r1: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED -import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" +import_export_public_key:"3dd92e750d90d7d39fc1885cd8ad12ea9441f22b9334b4d965202adb1448ce24c5808a85dd9afc229af0a3124f755bcb":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a" PSA import/export EC brainpool512r1 key pair: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:512:0:PSA_SUCCESS:1 +import_export:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:512:0:PSA_SUCCESS:1 PSA import/export-public EC brainpool512r1: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED -import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" +import_export_public_key:"372c9778f69f726cbca3f4a268f16b4d617d10280d79a6a029cd51879fe1012934dfe5395455337df6906dc7d6d2eea4dbb2065c0228f73b3ed716480e7d71d2":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_ALG_ECDSA_ANY:0:PSA_SUCCESS:"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a" PSA import/export-public: cannot export-public a symmetric key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_RSA_C @@ -226,15 +226,15 @@ import_export_public_key:"2b7e151628aed2a6abf7158809cf4f3c":PSA_KEY_TYPE_AES:PSA PSA import/export EC secp256r1 public key: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 +import_export:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 PSA import/export EC secp521r1 public key: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED -import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1 +import_export:"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:521:0:PSA_SUCCESS:1 PSA import/export EC brainpoolP256r1 public key: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED -import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 +import_export:"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA_ANY:256:0:PSA_SUCCESS:1 PSA import/export AES key: policy forbids export depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR @@ -276,39 +276,39 @@ import_with_data:"":PSA_KEY_TYPE_RAW_DATA:8:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: DER format depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT +import_with_data:"3077020101042049c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eeea00a06082a8648ce3d030107a144034200047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: too short depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT +import_with_data:"0123456789abcdef0123456789abcdef":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: public key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_with_data:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT +import_with_data:"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: secp256r1, all-bits-zero (bad) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_with_data:"0000000000000000000000000000000000000000000000000000000000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT +import_with_data:"0000000000000000000000000000000000000000000000000000000000000000":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: secp256r1, d == n - 1 (good) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):0:PSA_SUCCESS +import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632550":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_SUCCESS PSA import EC keypair: secp256r1, d == n (bad) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT +import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: secp256r1, d > n (bad) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT +import_with_data:"ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632552":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC public key: key pair depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -import_with_data:"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT +import_with_data:"3078020101042100ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3aa00a06082a8648ce3d030107a14403420004dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import EC keypair: valid key but RSA depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_RSA_C -import_with_data:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):0:PSA_ERROR_INVALID_ARGUMENT +import_with_data:"3082013b020100024100ee2b131d6b1818a94ca8e91c42387eb15a7c271f57b89e7336b144d4535b16c83097ecdefbbb92d1b5313b5a37214d0e8f25922dca778b424b25295fc8a1a7070203010001024100978ac8eadb0dc6035347d6aba8671215ff21283385396f7897c04baf5e2a835f3b53ef80a82ed36ae687a925380b55a0c73eb85656e989dcf0ed7fb4887024e1022100fdad8e1c6853563f8b921d2d112462ae7d6b176082d2ba43e87e1a37fc1a8b33022100f0592cf4c55ba44307b18981bcdbda376c51e590ffa5345ba866f6962dca94dd02201995f1a967d44ff4a4cd1de837bc65bf97a2bf7eda730a9a62cea53254591105022027f96cf4b8ee68ff8d04062ec1ce7f18c0b74e4b3379b29f9bfea3fc8e592731022100cefa6d220496b43feb83194255d8fb930afcf46f36606e3aa0eb7a93ad88c10c":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):0:PSA_ERROR_INVALID_ARGUMENT PSA import AES: bits=0 ok depends_on:MBEDTLS_AES_C @@ -352,11 +352,11 @@ check_key_policy:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CBC_NO_PADDI PSA key policy: ECC SECP256R1, sign depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA_ANY +check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA_ANY PSA key policy: ECC SECP256R1, sign+verify depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY +check_key_policy:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY Key attributes initializers zero properly key_attributes_init: @@ -483,7 +483,7 @@ asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_H PSA key policy: asymmetric signature, wildcard in policy, ECDSA SHA-256 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32 +asymmetric_signature_key_policy:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDSA(PSA_ALG_SHA_256):32 PSA key policy: asymmetric signature, wildcard in policy, PKCS#1v1.5 SHA-256 depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C @@ -539,39 +539,39 @@ derive_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):PSA_KE PSA key policy: agreement + KDF, permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) PSA key policy: agreement + KDF, not permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:0:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) PSA key policy: agreement + KDF, wrong agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) PSA key policy: agreement + KDF, wrong KDF algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_224)) PSA key policy: agreement + KDF, key only permits raw agreement depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) PSA key policy: raw agreement, permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH PSA key policy: raw agreement, not permitted depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH +raw_agreement_key_policy:0:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_ECDH PSA key policy: raw agreement, wrong algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_FFDH PSA key policy: raw agreement, key only permits a KDF depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) +raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)) PSA key policy algorithm2: CTR, CBC depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC_NOPAD @@ -579,7 +579,7 @@ key_policy_alg2:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_USAG PSA key policy algorithm2: ECDH, ECDSA depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C -key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA_ANY +key_policy_alg2:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA_ANY Copy key: raw, 1 byte copy_success:PSA_KEY_USAGE_COPY:0:0:PSA_KEY_TYPE_RAW_DATA:"2a":1:-1:-1:0:PSA_KEY_USAGE_COPY:0:0 @@ -650,23 +650,23 @@ copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_EXPORT Copy key: source=ECDSA+ECDH, target=ECDSA+ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDSA+ECDH, target=ECDSA+0 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0 +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):0 Copy key: source=ECDSA+ECDH, target=0+ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:0:PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:0:PSA_ALG_ECDH Copy key: source=ECDSA(any)+ECDH, target=ECDSA(SHA256)+ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH Copy key: source=ECDH+ECDSA(any), target=ECDH+ECDSA(SHA256) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) +copy_success:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256) Copy fail: raw data, no COPY flag copy_fail:PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"404142434445464748494a4b4c4d4e4f":0:0:PSA_KEY_USAGE_EXPORT:0:0:PSA_ERROR_NOT_PERMITTED @@ -703,11 +703,11 @@ copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_EXPORT:0:0:PSA_KEY_TYPE_RAW_DATA:"4 Copy fail: source=ECDSA(SHA224)+ECDH, target=ECDSA(SHA256)+ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_ECDH:PSA_ERROR_INVALID_ARGUMENT Copy fail: source=ECDH+ECDSA(SHA224), target=ECDH+ECDSA(SHA256) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_PK_WRITE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT +copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_224):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ERROR_INVALID_ARGUMENT Hash operation object initializers zero properly hash_operation_init: @@ -1598,15 +1598,15 @@ import_and_exercise_key:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa PSA import/exercise: ECP SECP256R1 keypair, ECDSA depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C -import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):256:PSA_ALG_ECDSA_ANY +import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDSA_ANY PSA import/exercise: ECP SECP256R1 keypair, deterministic ECDSA depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_MD_C:MBEDTLS_SHA256_C -import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) +import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ) PSA import/exercise: ECP SECP256R1 keypair, ECDH depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):256:PSA_ALG_ECDH +import_and_exercise_key:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_ALG_ECDH PSA import/exercise: HKDF SHA-256 depends_on:MBEDTLS_SHA256_C @@ -1626,15 +1626,15 @@ sign_deterministic:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee8 PSA sign: deterministic ECDSA SECP256R1 SHA-256 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA sign: deterministic ECDSA SECP256R1 SHA-384 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_ECDSA_C -sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca" +sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca" PSA sign: deterministic ECDSA SECP384R1 SHA-256 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" +sign_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824":"52d92aac1fcc0fea3ecce01a9ed4bc9ac342f92470fd3f54d0d6d2fa5d2940405057a9d49a817c2b193322f05fc93ac1c7a055edac93bec0ade6814ab27b86b5295ac1ddb323818200f00c3d94d959f714f128b64a2e19628037ac009b14774f" PSA sign: RSA PKCS#1 v1.5 SHA-256, wrong hash size depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C @@ -1656,7 +1656,7 @@ sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb PSA sign: deterministic ECDSA SECP256R1 SHA-256, output buffer too small depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL +sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":63:PSA_ERROR_BUFFER_TOO_SMALL PSA sign: RSA PKCS#1 v1.5 SHA-256, empty output buffer depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C @@ -1664,15 +1664,15 @@ sign_fail:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fdbb PSA sign: deterministic ECDSA SECP256R1 SHA-256, empty output buffer depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_ERROR_BUFFER_TOO_SMALL +sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":0:PSA_ERROR_BUFFER_TOO_SMALL PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (0) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT +sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( 0 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign: deterministic ECDSA SECP256R1, invalid hash algorithm (wildcard) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_MD_C -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT +sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign: invalid key type, signing with a public key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C @@ -1680,7 +1680,7 @@ sign_fail:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13 PSA sign: invalid algorithm for ECC key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V21 -sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT +sign_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":72:PSA_ERROR_INVALID_ARGUMENT PSA sign/verify: RSA PKCS#1 v1.5, raw depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V15 @@ -1704,27 +1704,27 @@ sign_verify:PSA_KEY_TYPE_RSA_KEY_PAIR:"3082025e02010002818100af057d396ee84fb75fd PSA sign/verify: randomized ECDSA SECP256R1 SHA-256 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/verify: deterministic ECDSA SECP256R1 SHA-256 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/verify: randomized ECDSA SECP256R1 SHA-384 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" +sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" PSA sign/verify: deterministic ECDSA SECP256R1 SHA-384 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_MD_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_ECDSA_C -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" +sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f" PSA sign/verify: randomized ECDSA SECP384R1 SHA-256 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA sign/verify: deterministic ECDSA SECP384R1 SHA-256 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_MD_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" +sign_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"3f5d8d9be280b5696cc5cc9f94cf8af7e6b61dd6592b2ab2b3a4c607450417ec327dcdcaed7c10053d719a0574f0a76a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b" PSA verify: RSA PKCS#1 v1.5 SHA-256, good signature depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C @@ -1772,39 +1772,39 @@ asymmetric_verify:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fd PSA verify: ECDSA SECP256R1, good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -asymmetric_verify:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +asymmetric_verify:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA verify with keypair: ECDSA SECP256R1, good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C -asymmetric_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" +asymmetric_verify:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f" PSA verify: ECDSA SECP256R1, wrong signature size (correct but ASN1-encoded) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE +asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"304502206a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151022100ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE PSA verify: ECDSA SECP256R1, wrong signature of correct size depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE +asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50e":PSA_ERROR_INVALID_SIGNATURE PSA verify: ECDSA SECP256R1, wrong signature (empty) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE +asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"":PSA_ERROR_INVALID_SIGNATURE PSA verify: ECDSA SECP256R1, wrong signature (truncated) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE +asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f5":PSA_ERROR_INVALID_SIGNATURE PSA verify: ECDSA SECP256R1, wrong signature (trailing junk) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE +asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f21":PSA_ERROR_INVALID_SIGNATURE PSA verify: ECDSA SECP256R1, wrong signature (leading junk) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE +asymmetric_verify_fail:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04dea5e45d0ea37fc566232a508f4ad20ea13d47e4bf5fa4d54a57a0ba012042087097496efc583fed8b24a5b9be9a51de063f5a00a8b698a16fd7f29b5485f320":PSA_ALG_ECDSA_ANY:"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"216a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f":PSA_ERROR_INVALID_SIGNATURE PSA verify: invalid algorithm for ECC key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_MD_C:MBEDTLS_PKCS1_V21 -asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT +asymmetric_verify_fail:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):"":"":PSA_ERROR_INVALID_ARGUMENT PSA encrypt: RSA PKCS#1 v1.5, good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 @@ -2391,79 +2391,79 @@ derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b PSA key agreement setup: ECDH + HKDF-SHA-256: good depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_SUCCESS PSA key agreement setup: ECDH + HKDF-SHA-256: public key on different curve depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH + HKDF-SHA-256: public key instead of private key depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_CURVE_SECP_R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: ECDH, unknown KDF depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(0)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_NOT_SUPPORTED PSA key agreement setup: bad key agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_KEY_AGREEMENT(0, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA key agreement setup: KDF instead of a key agreement algorithm depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT +key_agreement_setup:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":PSA_ERROR_INVALID_ARGUMENT PSA raw key agreement: ECDH SECP256R1 (RFC 5903) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de" +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de" PSA raw key agreement: ECDH SECP384R1 (RFC 5903) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECDH_C -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746" +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"099f3c7034d4a2c699884d73a375a67f7624ef7c6b3c0f160647b67414dce655e35b538041e649ee3faef896783ab194":"04e558dbef53eecde3d3fccfc1aea08a89a987475d12fd950d83cfa41732bc509d0d1ac43a0336def96fda41d0774a3571dcfbec7aacf3196472169e838430367f66eebe3c6e70c416dd5f0c68759dd1fff83fa40142209dff5eaad96db9e6386c":"11187331c279962d93d604243fd592cb9d0a926f422e47187521287e7156c5c4d603135569b9e9d09cf5d4a270f59746" PSA raw key agreement: ECDH SECP521R1 (RFC 5903) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_ECDH_C -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea" +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"0037ade9319a89f4dabdb3ef411aaccca5123c61acab57b5393dce47608172a095aa85a30fe1c2952c6771d937ba9777f5957b2639bab072462f68c27a57382d4a52":"0400d0b3975ac4b799f5bea16d5e13e9af971d5e9b984c9f39728b5e5739735a219b97c356436adc6e95bb0352f6be64a6c2912d4ef2d0433ced2b6171640012d9460f015c68226383956e3bd066e797b623c27ce0eac2f551a10c2c724d9852077b87220b6536c5c408a1d2aebb8e86d678ae49cb57091f4732296579ab44fcd17f0fc56a":"01144c7d79ae6956bc8edb8e7c787c4521cb086fa64407f97894e5e6b2d79b04d1427e73ca4baa240a34786859810c06b3c715a3a8cc3151f2bee417996d19f3ddea" PSA raw key agreement: ECDH brainpoolP256r1 (RFC 7027) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP256R1_ENABLED:MBEDTLS_ECDH_C -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b" +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"81db1ee100150ff2ea338d708271be38300cb54241d79950f77b063039804f1d":"048d2d688c6cf93e1160ad04cc4429117dc2c41825e1e9fca0addd34e6f1b39f7b990c57520812be512641e47034832106bc7d3e8dd0e4c7f1136d7006547cec6a":"89afc39d41d3b327814b80940b042590f96556ec91e6ae7939bce31f3a18bf2b" PSA raw key agreement: ECDH brainpoolP384r1 (RFC 7027) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP384R1_ENABLED:MBEDTLS_ECDH_C -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42" +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"1e20f5e048a5886f1f157c74e91bde2b98c8b52d58e5003d57053fc4b0bd65d6f15eb5d1ee1610df870795143627d042":"044d44326f269a597a5b58bba565da5556ed7fd9a8a9eb76c25f46db69d19dc8ce6ad18e404b15738b2086df37e71d1eb462d692136de56cbe93bf5fa3188ef58bc8a3a0ec6c1e151a21038a42e9185329b5b275903d192f8d4e1f32fe9cc78c48":"0bd9d3a7ea0b3d519d09d8e48d0785fb744a6b355e6304bc51c229fbbce239bbadf6403715c35d4fb2a5444f575d4f42" PSA raw key agreement: ECDH brainpoolP512r1 (RFC 7027) depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED:MBEDTLS_ECDH_C -raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_BRAINPOOL_P_R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f" +raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"16302ff0dbbb5a8d733dab7141c1b45acbc8715939677f6a56850a38bd87bd59b09e80279609ff333eb9d4c061231fb26f92eeb04982a5f1d1764cad57665422":"049d45f66de5d67e2e6db6e93a59ce0bb48106097ff78a081de781cdb31fce8ccbaaea8dd4320c4119f1e9cd437a2eab3731fa9668ab268d871deda55a5473199f2fdc313095bcdd5fb3a91636f07a959c8e86b5636a1e930e8396049cb481961d365cc11453a06c719835475b12cb52fc3c383bce35e27ef194512b71876285fa":"a7927098655f1f9976fa50a9d566865dc530331846381c87256baf3226244b76d36403c024d7bbf0aa0803eaff405d3d24f11a9b5c0bef679fe1454b21c4cd1f" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160 +key_agreement_capacity:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":8160 PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":"" +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":"" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4":"41" +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4":"41" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3b":"f511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441" +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3b":"f511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441" +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+32 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":"7883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992" +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c441":"7883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992" PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 64+0 depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C -key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":"" +key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":"" PSA generate random: 0 bytes generate_random:0 @@ -2590,13 +2590,13 @@ generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+1:PSA_KEY_USA PSA generate key: ECC, SECP256R1, good depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C -generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS +generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS PSA generate key: ECC, SECP256R1, incorrect bit size depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C # INVALID_ARGUMENT would make more sense, but our code as currently structured # doesn't fully relate the curve with its size. -generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED +generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_ERROR_NOT_SUPPORTED PSA generate key: RSA, default e generate_key_rsa:512:"":PSA_SUCCESS @@ -2650,7 +2650,7 @@ persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_RSA_KEY_PAIR:1024:PSA_KEY_U PSA generate persistent key: ECC, SECP256R1, exportable depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECDSA_C:MBEDTLS_PSA_CRYPTO_STORAGE_C -persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:GENERATE_KEY +persistent_key_load_key_from_storage:"":PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:GENERATE_KEY PSA derive persistent key: HKDF SHA-256, exportable depends_on:MBEDTLS_SHA256_C:MBEDTLS_PSA_CRYPTO_STORAGE_C diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ae4045c74..ff79872e4 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1259,36 +1259,45 @@ void static_checks( ) TEST_EQUAL( PSA_KEY_USAGE_VERIFY, PSA_KEY_USAGE_VERIFY_HASH ); TEST_EQUAL( PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE, PSA_SIGNATURE_MAX_SIZE ); - TEST_EQUAL( PSA_ECC_CURVE_SECP160K1, PSA_ECC_CURVE_SECP_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP192K1, PSA_ECC_CURVE_SECP_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP224K1, PSA_ECC_CURVE_SECP_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP256K1, PSA_ECC_CURVE_SECP_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP160R1, PSA_ECC_CURVE_SECP_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP192R1, PSA_ECC_CURVE_SECP_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP224R1, PSA_ECC_CURVE_SECP_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP256R1, PSA_ECC_CURVE_SECP_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP384R1, PSA_ECC_CURVE_SECP_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP521R1, PSA_ECC_CURVE_SECP_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECP160R2, PSA_ECC_CURVE_SECP_R2 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT163K1, PSA_ECC_CURVE_SECT_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT233K1, PSA_ECC_CURVE_SECT_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT239K1, PSA_ECC_CURVE_SECT_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT283K1, PSA_ECC_CURVE_SECT_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT409K1, PSA_ECC_CURVE_SECT_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT571K1, PSA_ECC_CURVE_SECT_K1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT163R1, PSA_ECC_CURVE_SECT_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT193R1, PSA_ECC_CURVE_SECT_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT233R1, PSA_ECC_CURVE_SECT_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT283R1, PSA_ECC_CURVE_SECT_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT409R1, PSA_ECC_CURVE_SECT_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT571R1, PSA_ECC_CURVE_SECT_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT163R2, PSA_ECC_CURVE_SECT_R2 ); - TEST_EQUAL( PSA_ECC_CURVE_SECT193R2, PSA_ECC_CURVE_SECT_R2 ); - TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P256R1, PSA_ECC_CURVE_BRAINPOOL_P_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P384R1, PSA_ECC_CURVE_BRAINPOOL_P_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P512R1, PSA_ECC_CURVE_BRAINPOOL_P_R1 ); - TEST_EQUAL( PSA_ECC_CURVE_CURVE25519, PSA_ECC_CURVE_MONTGOMERY ); - TEST_EQUAL( PSA_ECC_CURVE_CURVE448, PSA_ECC_CURVE_MONTGOMERY ); + TEST_EQUAL( PSA_ECC_CURVE_SECP160K1, PSA_ECC_FAMILY_SECP_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP192K1, PSA_ECC_FAMILY_SECP_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP224K1, PSA_ECC_FAMILY_SECP_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP256K1, PSA_ECC_FAMILY_SECP_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP160R1, PSA_ECC_FAMILY_SECP_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP192R1, PSA_ECC_FAMILY_SECP_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP224R1, PSA_ECC_FAMILY_SECP_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP256R1, PSA_ECC_FAMILY_SECP_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP384R1, PSA_ECC_FAMILY_SECP_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP521R1, PSA_ECC_FAMILY_SECP_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP160R2, PSA_ECC_FAMILY_SECP_R2 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT163K1, PSA_ECC_FAMILY_SECT_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT233K1, PSA_ECC_FAMILY_SECT_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT239K1, PSA_ECC_FAMILY_SECT_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT283K1, PSA_ECC_FAMILY_SECT_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT409K1, PSA_ECC_FAMILY_SECT_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT571K1, PSA_ECC_FAMILY_SECT_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT163R1, PSA_ECC_FAMILY_SECT_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT193R1, PSA_ECC_FAMILY_SECT_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT233R1, PSA_ECC_FAMILY_SECT_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT283R1, PSA_ECC_FAMILY_SECT_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT409R1, PSA_ECC_FAMILY_SECT_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT571R1, PSA_ECC_FAMILY_SECT_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT163R2, PSA_ECC_FAMILY_SECT_R2 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT193R2, PSA_ECC_FAMILY_SECT_R2 ); + TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY ); + TEST_EQUAL( PSA_ECC_CURVE_CURVE448, PSA_ECC_FAMILY_MONTGOMERY ); + + TEST_EQUAL( PSA_ECC_CURVE_SECP_K1, PSA_ECC_FAMILY_SECP_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP_R1, PSA_ECC_FAMILY_SECP_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECP_R2, PSA_ECC_FAMILY_SECP_R2 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT_K1, PSA_ECC_FAMILY_SECT_K1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT_R1, PSA_ECC_FAMILY_SECT_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_SECT_R2, PSA_ECC_FAMILY_SECT_R2 ); + TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P_R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); + TEST_EQUAL( PSA_ECC_CURVE_MONTGOMERY, PSA_ECC_FAMILY_MONTGOMERY ); TEST_EQUAL( PSA_DH_GROUP_FFDHE2048, PSA_DH_GROUP_RFC7919 ); TEST_EQUAL( PSA_DH_GROUP_FFDHE3072, PSA_DH_GROUP_RFC7919 ); diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index b771e5823..5813d2f5f 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -352,28 +352,28 @@ depends_on:MBEDTLS_DSA_C key_type:PSA_KEY_TYPE_DSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_DSA ECC key family: SECP K1 -ecc_key_family:PSA_ECC_CURVE_SECP_K1 +ecc_key_family:PSA_ECC_FAMILY_SECP_K1 ECC key family: SECP R1 -ecc_key_family:PSA_ECC_CURVE_SECP_R1 +ecc_key_family:PSA_ECC_FAMILY_SECP_R1 ECC key family: SECP R2 -ecc_key_family:PSA_ECC_CURVE_SECP_R2 +ecc_key_family:PSA_ECC_FAMILY_SECP_R2 ECC key family: SECT K1 -ecc_key_family:PSA_ECC_CURVE_SECT_K1 +ecc_key_family:PSA_ECC_FAMILY_SECT_K1 ECC key family: SECT R1 -ecc_key_family:PSA_ECC_CURVE_SECT_R1 +ecc_key_family:PSA_ECC_FAMILY_SECT_R1 ECC key family: SECT R2 -ecc_key_family:PSA_ECC_CURVE_SECT_R2 +ecc_key_family:PSA_ECC_FAMILY_SECT_R2 ECC key family: Brainpool P R1 -ecc_key_family:PSA_ECC_CURVE_BRAINPOOL_P_R1 +ecc_key_family:PSA_ECC_FAMILY_BRAINPOOL_P_R1 ECC key family: Montgomery (Curve25519, Curve448) -ecc_key_family:PSA_ECC_CURVE_MONTGOMERY +ecc_key_family:PSA_ECC_FAMILY_MONTGOMERY DH group family: RFC 7919 dh_key_family:PSA_DH_GROUP_RFC7919 diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index ed41f3bc5..d4ae85520 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -493,7 +493,7 @@ void stream_cipher_key_type( int type_arg ) /* BEGIN_CASE depends_on:MBEDTLS_ECP_C */ void ecc_key_family( int curve_arg ) { - psa_ecc_curve_t curve = curve_arg; + psa_ecc_family_t curve = curve_arg; psa_key_type_t public_type = PSA_KEY_TYPE_ECC_PUBLIC_KEY( curve ); psa_key_type_t pair_type = PSA_KEY_TYPE_ECC_KEY_PAIR( curve ); @@ -502,8 +502,8 @@ void ecc_key_family( int curve_arg ) test_key_type( public_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_PUBLIC_KEY ); test_key_type( pair_type, KEY_TYPE_IS_ECC | KEY_TYPE_IS_KEY_PAIR ); - TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( public_type ), curve ); - TEST_EQUAL( PSA_KEY_TYPE_GET_CURVE( pair_type ), curve ); + TEST_EQUAL( PSA_KEY_TYPE_ECC_GET_FAMILY( public_type ), curve ); + TEST_EQUAL( PSA_KEY_TYPE_ECC_GET_FAMILY( pair_type ), curve ); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data index 023024d39..32e2ecb06 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data @@ -109,13 +109,13 @@ Key import smoke test: RSA OAEP encryption import_key_smoke:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_ALG_RSA_OAEP( PSA_ALG_SHA_256 ):"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001" Key import smoke test: ECDSA secp256r1 -import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee" +import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee" Key import smoke test: ECDH secp256r1 -import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDH:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee" +import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDH:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee" Key import smoke test: ECDH secp256r1 with HKDF -import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee" +import_key_smoke:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_KEY_AGREEMENT( PSA_ALG_ECDH, PSA_ALG_HKDF( PSA_ALG_SHA_256 ) ):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee" Generate key: not supported generate_key_not_supported:PSA_KEY_TYPE_AES:128 @@ -155,24 +155,24 @@ register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:PSA_KEY_ID_VENDOR_MAX:1:PSA_ Import-sign-verify: sign in driver, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" +sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" Import-sign-verify: sign in driver then export_public, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" +sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" Import-sign-verify: sign in software, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" +sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" Generate-sign-verify: sign in driver, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" +sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" Generate-sign-verify: sign in driver then export_public, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" +sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" Generate-sign-verify: sign in software, ECDSA depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_CURVE_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" +sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e" diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 7f9b4c215..c9ce8667b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -97,15 +97,15 @@ /****************************************************************/ /* Return the exact bit size given a curve family and a byte length. */ -static size_t ecc_curve_bits( psa_ecc_curve_t curve, size_t data_length ) +static size_t ecc_curve_bits( psa_ecc_family_t curve, size_t data_length ) { switch( curve ) { - case PSA_ECC_CURVE_SECP_R1: + case PSA_ECC_FAMILY_SECP_R1: if( data_length == PSA_BYTES_TO_BITS( 521 ) ) return( 521 ); break; - case PSA_ECC_CURVE_MONTGOMERY: + case PSA_ECC_FAMILY_MONTGOMERY: if( data_length == PSA_BYTES_TO_BITS( 255 ) ) return( 255 ); } @@ -327,7 +327,7 @@ static psa_status_t ram_import( psa_drv_se_context_t *context, *bits = PSA_BYTES_TO_BITS( data_length ); else if ( PSA_KEY_TYPE_IS_ECC_KEY_PAIR( type ) ) { - *bits = ecc_curve_bits( PSA_KEY_TYPE_GET_CURVE( type ), data_length ); + *bits = ecc_curve_bits( PSA_KEY_TYPE_ECC_GET_FAMILY( type ), data_length ); if( *bits == 0 ) return( PSA_ERROR_DETECTED_BY_DRIVER ); } diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data index e01ba854d..84caef916 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.data +++ b/tests/suites/test_suite_psa_crypto_slot_management.data @@ -39,27 +39,27 @@ persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_ID_USER_MAX:0:0:0: Persistent slot: ECP keypair (ECDSA, exportable), close depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE Persistent slot: ECP keypair (ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN Persistent slot: ECP keypair (ECDSA, exportable), restart depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:0:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE Persistent slot: ECP keypair (ECDH+ECDSA, exportable), close+restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_CLOSE_WITH_SHUTDOWN Persistent slot: ECP keypair (ECDH+ECDSA, exportable), restart depends_on:MBEDTLS_ECDH_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN +persistent_slot_lifecycle:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_ALG_ECDSA_ANY:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":CLOSE_BY_SHUTDOWN Attempt to overwrite: close before create_existent:PSA_KEY_LIFETIME_PERSISTENT:1:CLOSE_BEFORE From 75e27032d3ab6826714e4f12c42d921502685d79 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 3 Jun 2020 15:17:39 +0100 Subject: [PATCH 241/247] Rename DH Family Macros According to PSA Spec Rename PSA_DH_GROUP_xxx to PSA_DH_FAMILY_xxx, also rename PSA_KEY_TYPE_GET_GROUP to PSA_KEY_TYPE_DH_GET_FAMILY and rename psa_dh_group_t to psa_dh_family_t. Old defines are provided in include/crypto_compat.h for backward compatibility. Signed-off-by: Paul Elliott --- include/psa/crypto_compat.h | 27 ++++++++++++++----- include/psa/crypto_extra.h | 10 +++---- include/psa/crypto_types.h | 2 +- include/psa/crypto_values.h | 10 +++---- programs/psa/psa_constant_names.c | 16 +++++------ scripts/generate_psa_constants.py | 6 ++--- tests/suites/test_suite_psa_crypto.function | 13 +++++---- .../test_suite_psa_crypto_metadata.data | 2 +- .../test_suite_psa_crypto_metadata.function | 6 ++--- 9 files changed, 54 insertions(+), 38 deletions(-) diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h index cc95a13cd..cb2be7fd1 100644 --- a/include/psa/crypto_compat.h +++ b/include/psa/crypto_compat.h @@ -51,10 +51,12 @@ typedef MBEDTLS_PSA_DEPRECATED size_t mbedtls_deprecated_size_t; typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t; typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_t; typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t mbedtls_deprecated_psa_ecc_family_t; -typedef MBEDTLS_PSA_DEPRECATED psa_dh_group_t mbedtls_deprecated_psa_dh_group_t; +typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t mbedtls_deprecated_psa_dh_family_t; typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t psa_ecc_curve_t; +typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t psa_dh_group_t; #define PSA_KEY_TYPE_GET_CURVE PSA_KEY_TYPE_ECC_GET_FAMILY +#define PSA_KEY_TYPE_GET_GROUP PSA_KEY_TYPE_DH_GET_FAMILY #define MBEDTLS_DEPRECATED_CONSTANT( type, value ) \ ( (mbedtls_deprecated_##type) ( value ) ) @@ -118,7 +120,7 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key #endif /* MBEDTLS_DEPRECATED_REMOVED */ /* - * Size-specific elliptic curve and Diffie-Hellman group names + * Size-specific elliptic curve families. */ #define PSA_ECC_CURVE_SECP160K1 \ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 ) @@ -201,16 +203,27 @@ MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key #define PSA_ECC_CURVE_MONTGOMERY \ MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY ) +/* + * Finite-field Diffie-Hellman families. + */ #define PSA_DH_GROUP_FFDHE2048 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 ) #define PSA_DH_GROUP_FFDHE3072 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 ) #define PSA_DH_GROUP_FFDHE4096 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 ) #define PSA_DH_GROUP_FFDHE6144 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 ) #define PSA_DH_GROUP_FFDHE8192 \ - MBEDTLS_DEPRECATED_CONSTANT( psa_dh_group_t, PSA_DH_GROUP_RFC7919 ) + MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 ) + +/* + * Diffie-Hellman families that changed name due to PSA specification. + */ +#define PSA_DH_GROUP_RFC7919 \ + MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 ) +#define PSA_DH_GROUP_CUSTOM \ + MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_CUSTOM ) #ifdef __cplusplus } diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h index ceca3e384..afb16ad5c 100644 --- a/include/psa/crypto_extra.h +++ b/include/psa/crypto_extra.h @@ -414,11 +414,11 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, /** Custom Diffie-Hellman group. * - * For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or - * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM), the group data comes + * For keys of type #PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or + * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM), the group data comes * from domain parameters set by psa_set_key_domain_parameters(). */ -#define PSA_DH_GROUP_CUSTOM ((psa_dh_group_t) 0x7e) +#define PSA_DH_FAMILY_CUSTOM ((psa_dh_family_t) 0x7e) /** @@ -448,8 +448,8 @@ psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed, * } * ``` * - For Diffie-Hellman key exchange keys - * (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_GROUP_CUSTOM) or - * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_GROUP_CUSTOM)), the + * (#PSA_KEY_TYPE_DH_PUBLIC_KEY(#PSA_DH_FAMILY_CUSTOM) or + * #PSA_KEY_TYPE_DH_KEY_PAIR(#PSA_DH_FAMILY_CUSTOM)), the * `DomainParameters` format as defined by RFC 3279 §2.3.3. * ``` * DomainParameters ::= SEQUENCE { diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h index 8e98eafb4..29e1f2939 100644 --- a/include/psa/crypto_types.h +++ b/include/psa/crypto_types.h @@ -85,7 +85,7 @@ typedef uint8_t psa_ecc_family_t; * Values defined by this standard will never be in the range 0x80-0xff. * Vendors who define additional families must use an encoding in this range. */ -typedef uint8_t psa_dh_group_t; +typedef uint8_t psa_dh_family_t; /** \brief Encoding of a cryptographic algorithm. * diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h index 3feaa1c98..73d7d9d14 100644 --- a/include/psa/crypto_values.h +++ b/include/psa/crypto_values.h @@ -536,14 +536,14 @@ #define PSA_KEY_TYPE_DH_GROUP_MASK ((psa_key_type_t)0x00ff) /** Diffie-Hellman key pair. * - * \param group A value of type ::psa_dh_group_t that identifies the + * \param group A value of type ::psa_dh_family_t that identifies the * Diffie-Hellman group to be used. */ #define PSA_KEY_TYPE_DH_KEY_PAIR(group) \ (PSA_KEY_TYPE_DH_KEY_PAIR_BASE | (group)) /** Diffie-Hellman public key. * - * \param group A value of type ::psa_dh_group_t that identifies the + * \param group A value of type ::psa_dh_family_t that identifies the * Diffie-Hellman group to be used. */ #define PSA_KEY_TYPE_DH_PUBLIC_KEY(group) \ @@ -563,8 +563,8 @@ PSA_KEY_TYPE_DH_PUBLIC_KEY_BASE) /** Extract the group from a Diffie-Hellman key type. */ -#define PSA_KEY_TYPE_GET_GROUP(type) \ - ((psa_dh_group_t) (PSA_KEY_TYPE_IS_DH(type) ? \ +#define PSA_KEY_TYPE_DH_GET_FAMILY(type) \ + ((psa_dh_family_t) (PSA_KEY_TYPE_IS_DH(type) ? \ ((type) & PSA_KEY_TYPE_DH_GROUP_MASK) : \ 0)) @@ -574,7 +574,7 @@ * 2048, 3072, 4096, 6144, 8192. A given implementation may support * all of these sizes or only a subset. */ -#define PSA_DH_GROUP_RFC7919 ((psa_dh_group_t) 0x03) +#define PSA_DH_FAMILY_RFC7919 ((psa_dh_family_t) 0x03) #define PSA_GET_KEY_TYPE_BLOCK_SIZE_EXPONENT(type) \ (((type) >> 8) & 7) diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index a5a223707..5fc4f9e4e 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -83,7 +83,7 @@ static void append_integer(char **buffer, size_t buffer_size, /* The code of these function is automatically generated and included below. */ static const char *psa_ecc_family_name(psa_ecc_family_t curve); -static const char *psa_dh_group_name(psa_dh_group_t group); +static const char *psa_dh_family_name(psa_dh_family_t group); static const char *psa_hash_algorithm_name(psa_algorithm_t hash_alg); static void append_with_curve(char **buffer, size_t buffer_size, @@ -107,9 +107,9 @@ static void append_with_curve(char **buffer, size_t buffer_size, static void append_with_group(char **buffer, size_t buffer_size, size_t *required_size, const char *string, size_t length, - psa_dh_group_t group) + psa_dh_family_t group) { - const char *group_name = psa_dh_group_name(group); + const char *group_name = psa_dh_family_name(group); append(buffer, buffer_size, required_size, string, length); append(buffer, buffer_size, required_size, "(", 1); if (group_name != NULL) { @@ -176,9 +176,9 @@ static int psa_snprint_ecc_curve(char *buffer, size_t buffer_size, } static int psa_snprint_dh_group(char *buffer, size_t buffer_size, - psa_dh_group_t group) + psa_dh_family_t group) { - const char *name = psa_dh_group_name(group); + const char *name = psa_dh_family_name(group); if (name == NULL) { return snprintf(buffer, buffer_size, "0x%02x", (unsigned) group); } else { @@ -200,7 +200,7 @@ static void usage(const char *program_name) printf("Supported types (with = between aliases):\n"); printf(" alg=algorithm Algorithm (psa_algorithm_t)\n"); printf(" curve=ecc_curve Elliptic curve identifier (psa_ecc_family_t)\n"); - printf(" group=dh_group Diffie-Hellman group identifier (psa_dh_group_t)\n"); + printf(" group=dh_group Diffie-Hellman group identifier (psa_dh_family_t)\n"); printf(" type=key_type Key type (psa_key_type_t)\n"); printf(" usage=key_usage Key usage (psa_key_usage_t)\n"); printf(" error=status Status code (psa_status_t)\n"); @@ -275,7 +275,7 @@ int process_unsigned(unsigned_value_type type, unsigned long max, char **argp) break; case TYPE_DH_GROUP: psa_snprint_dh_group(buffer, sizeof(buffer), - (psa_dh_group_t) value); + (psa_dh_family_t) value); break; case TYPE_KEY_TYPE: psa_snprint_key_type(buffer, sizeof(buffer), @@ -314,7 +314,7 @@ int main(int argc, char *argv[]) return process_unsigned(TYPE_ECC_CURVE, (psa_ecc_family_t) (-1), argv + 2); } else if (!strcmp(argv[1], "group") || !strcmp(argv[1], "dh_group")) { - return process_unsigned(TYPE_DH_GROUP, (psa_dh_group_t) (-1), + return process_unsigned(TYPE_DH_GROUP, (psa_dh_family_t) (-1), argv + 2); } else if (!strcmp(argv[1], "type") || !strcmp(argv[1], "key_type")) { return process_unsigned(TYPE_KEY_TYPE, (psa_key_type_t) (-1), diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 539856489..c84b83857 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -51,7 +51,7 @@ static const char *psa_ecc_family_name(psa_ecc_family_t curve) } } -static const char *psa_dh_group_name(psa_dh_group_t group) +static const char *psa_dh_family_name(psa_dh_family_t group) { switch (group) { %(dh_group_cases)s @@ -185,7 +185,7 @@ KEY_TYPE_FROM_CURVE_TEMPLATE = '''if (%(tester)s(type)) { KEY_TYPE_FROM_GROUP_TEMPLATE = '''if (%(tester)s(type)) { append_with_group(&buffer, buffer_size, &required_size, "%(builder)s", %(builder_length)s, - PSA_KEY_TYPE_GET_GROUP(type)); + PSA_KEY_TYPE_DH_GET_FAMILY(type)); } else ''' ALGORITHM_FROM_HASH_TEMPLATE = '''if (%(tester)s(core_alg)) { @@ -266,7 +266,7 @@ class MacroCollector: self.key_types_from_group[name] = name[:13] + 'IS_' + name[13:] elif name.startswith('PSA_ECC_FAMILY_') and not parameter: self.ecc_curves.add(name) - elif name.startswith('PSA_DH_GROUP_') and not parameter: + elif name.startswith('PSA_DH_FAMILY_') and not parameter: self.dh_groups.add(name) elif name.startswith('PSA_ALG_') and not parameter: if name in ['PSA_ALG_ECDSA_BASE', diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index ff79872e4..4576b8bb4 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -1299,11 +1299,14 @@ void static_checks( ) TEST_EQUAL( PSA_ECC_CURVE_BRAINPOOL_P_R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1 ); TEST_EQUAL( PSA_ECC_CURVE_MONTGOMERY, PSA_ECC_FAMILY_MONTGOMERY ); - TEST_EQUAL( PSA_DH_GROUP_FFDHE2048, PSA_DH_GROUP_RFC7919 ); - TEST_EQUAL( PSA_DH_GROUP_FFDHE3072, PSA_DH_GROUP_RFC7919 ); - TEST_EQUAL( PSA_DH_GROUP_FFDHE4096, PSA_DH_GROUP_RFC7919 ); - TEST_EQUAL( PSA_DH_GROUP_FFDHE6144, PSA_DH_GROUP_RFC7919 ); - TEST_EQUAL( PSA_DH_GROUP_FFDHE8192, PSA_DH_GROUP_RFC7919 ); + TEST_EQUAL( PSA_DH_GROUP_FFDHE2048, PSA_DH_FAMILY_RFC7919 ); + TEST_EQUAL( PSA_DH_GROUP_FFDHE3072, PSA_DH_FAMILY_RFC7919 ); + TEST_EQUAL( PSA_DH_GROUP_FFDHE4096, PSA_DH_FAMILY_RFC7919 ); + TEST_EQUAL( PSA_DH_GROUP_FFDHE6144, PSA_DH_FAMILY_RFC7919 ); + TEST_EQUAL( PSA_DH_GROUP_FFDHE8192, PSA_DH_FAMILY_RFC7919 ); + + TEST_EQUAL( PSA_DH_GROUP_RFC7919, PSA_DH_FAMILY_RFC7919 ); + TEST_EQUAL( PSA_DH_GROUP_CUSTOM, PSA_DH_FAMILY_CUSTOM ); #endif } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data index 5813d2f5f..4abdd27be 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.data +++ b/tests/suites/test_suite_psa_crypto_metadata.data @@ -376,4 +376,4 @@ ECC key family: Montgomery (Curve25519, Curve448) ecc_key_family:PSA_ECC_FAMILY_MONTGOMERY DH group family: RFC 7919 -dh_key_family:PSA_DH_GROUP_RFC7919 +dh_key_family:PSA_DH_FAMILY_RFC7919 diff --git a/tests/suites/test_suite_psa_crypto_metadata.function b/tests/suites/test_suite_psa_crypto_metadata.function index d4ae85520..1ba846695 100644 --- a/tests/suites/test_suite_psa_crypto_metadata.function +++ b/tests/suites/test_suite_psa_crypto_metadata.function @@ -510,7 +510,7 @@ void ecc_key_family( int curve_arg ) /* BEGIN_CASE depends_on:MBEDTLS_DHM_C */ void dh_key_family( int group_arg ) { - psa_dh_group_t group = group_arg; + psa_dh_family_t group = group_arg; psa_key_type_t public_type = PSA_KEY_TYPE_DH_PUBLIC_KEY( group ); psa_key_type_t pair_type = PSA_KEY_TYPE_DH_KEY_PAIR( group ); @@ -519,7 +519,7 @@ void dh_key_family( int group_arg ) test_key_type( public_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_PUBLIC_KEY ); test_key_type( pair_type, KEY_TYPE_IS_DH | KEY_TYPE_IS_KEY_PAIR ); - TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( public_type ), group ); - TEST_EQUAL( PSA_KEY_TYPE_GET_GROUP( pair_type ), group ); + TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( public_type ), group ); + TEST_EQUAL( PSA_KEY_TYPE_DH_GET_FAMILY( pair_type ), group ); } /* END_CASE */ From 06a28082afbd1761702f74105a4c94f83042df9b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 2 Jul 2020 16:34:27 +0100 Subject: [PATCH 242/247] Add Changelog entry for PSA DH/ECC Macros rename Signed-off-by: Paul Elliott --- ChangeLog.d/psa_ecc_dh_macros.txt | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 ChangeLog.d/psa_ecc_dh_macros.txt diff --git a/ChangeLog.d/psa_ecc_dh_macros.txt b/ChangeLog.d/psa_ecc_dh_macros.txt new file mode 100644 index 000000000..033f3d8ae --- /dev/null +++ b/ChangeLog.d/psa_ecc_dh_macros.txt @@ -0,0 +1,9 @@ +API changes + * In the PSA API, rename the types of elliptic curve and Diffie-Hellman group families to + psa_ecc_family_t and psa_dh_family_t, in line with the PSA Crypto API specification version 1.0.0. + Rename associated macros as well: + PSA_ECC_CURVE_xxx renamed to PSA_ECC_FAMILY_xxx + PSA_DH_GROUP_xxx renamed to PSA_DH_FAMILY_xxx + PSA_KEY_TYPE_GET_CURVE renamed to to PSA_KEY_TYPE_ECC_GET_FAMILY + PSA_KEY_TYPE_GET_GROUP renamed to PSA_KEY_TYPE_DH_GET_FAMILY + From bbb36649578ff4a5c020db44b0127dd8ca093149 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Jul 2020 00:30:12 +0200 Subject: [PATCH 243/247] Documentation improvements Signed-off-by: Gilles Peskine --- tests/scripts/check_test_cases.py | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py index 2df4c7a68..3360d2817 100755 --- a/tests/scripts/check_test_cases.py +++ b/tests/scripts/check_test_cases.py @@ -1,6 +1,9 @@ #!/usr/bin/env python3 """Sanity checks for test data. + +This program contains a class for traversing test cases that can be used +independently of the checks. """ # Copyright (C) 2019, Arm Limited, All Rights Reserved @@ -60,14 +63,15 @@ the process_test_case method, and call walk_all(). file_name, line_number, description): """Process a test case. -per_file_state: a new object returned by per_file_state() for each file. +per_file_state: an object created by new_per_file_state() at the beginning + of each file. file_name: a relative path to the file containing the test case. line_number: the line number in the given file. description: the test case description as a byte string. """ raise NotImplementedError - def per_file_state(self): + def new_per_file_state(self): """Return a new per-file state object. The default per-file state object is None. Child classes that require per-file @@ -79,7 +83,7 @@ state may override this method. def walk_test_suite(self, data_file_name): """Iterate over the test cases in the given unit test data file.""" in_paragraph = False - descriptions = self.per_file_state() # pylint: disable=assignment-from-none + descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none with open(data_file_name, 'rb') as data_file: for line_number, line in enumerate(data_file, 1): line = line.rstrip(b'\r\n') @@ -96,7 +100,7 @@ state may override this method. def walk_ssl_opt_sh(self, file_name): """Iterate over the test cases in ssl-opt.sh or a file with a similar format.""" - descriptions = self.per_file_state() # pylint: disable=assignment-from-none + descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none with open(file_name, 'rb') as file_contents: for line_number, line in enumerate(file_contents, 1): # Assume that all run_test calls have the same simple form @@ -142,7 +146,7 @@ class DescriptionChecker(TestDescriptionExplorer): def __init__(self, results): self.results = results - def per_file_state(self): + def new_per_file_state(self): """Dictionary mapping descriptions to their line number.""" return {} From 0cd8e0f6a70fd17a3565ce41620355244a8f7344 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?okhowang=28=E7=8E=8B=E6=B2=9B=E6=96=87=29?= Date: Fri, 3 Jul 2020 11:41:38 +0800 Subject: [PATCH 244/247] Only pass -Wformat-signedness to versions of GCC that support it. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #3478 Signed-off-by: okhowang(王沛文) --- CMakeLists.txt | 5 ++++- ChangeLog.d/format-signedness.txt | 3 +++ 2 files changed, 7 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/format-signedness.txt diff --git a/CMakeLists.txt b/CMakeLists.txt index f7e2ed08b..f8df14007 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -165,7 +165,10 @@ if(CMAKE_COMPILER_IS_GNU) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wlogical-op") endif() if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8) - set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow -Wformat-signedness") + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wshadow") + endif() + if (GCC_VERSION VERSION_GREATER 5.0) + set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat-signedness") endif() set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") diff --git a/ChangeLog.d/format-signedness.txt b/ChangeLog.d/format-signedness.txt new file mode 100644 index 000000000..ee1ee4bb3 --- /dev/null +++ b/ChangeLog.d/format-signedness.txt @@ -0,0 +1,3 @@ +Changes + * Only pass -Wformat-signedness to versions of GCC that support it. Reported + in #3478 and fix contributed in #3479 by okhowang. From 0c4bbda16abae83b5365a1ddd50625f54586b147 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?okhowang=28=E7=8E=8B=E6=B2=9B=E6=96=87=29?= Date: Wed, 24 Jun 2020 16:02:10 +0800 Subject: [PATCH 245/247] Use local labels in padlock.c MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #3451 Signed-off-by: okhowang(王沛文) --- ChangeLog.d/bugfix_PR3452.txt | 3 +++ library/padlock.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 ChangeLog.d/bugfix_PR3452.txt diff --git a/ChangeLog.d/bugfix_PR3452.txt b/ChangeLog.d/bugfix_PR3452.txt new file mode 100644 index 000000000..acf593eb8 --- /dev/null +++ b/ChangeLog.d/bugfix_PR3452.txt @@ -0,0 +1,3 @@ +Bugfix + * Use local labels in mbedtls_padlock_has_support() to fix an invalid symbol redefinition if the function is inlined. + Reported in #3451 and fix contributed in #3452 by okhowang. diff --git a/library/padlock.c b/library/padlock.c index 887a386e8..96463b90b 100644 --- a/library/padlock.c +++ b/library/padlock.c @@ -54,10 +54,10 @@ int mbedtls_padlock_has_support( int feature ) "cpuid \n\t" "cmpl $0xC0000001, %%eax \n\t" "movl $0, %%edx \n\t" - "jb unsupported \n\t" + "jb 1f \n\t" "movl $0xC0000001, %%eax \n\t" "cpuid \n\t" - "unsupported: \n\t" + "1: \n\t" "movl %%edx, %1 \n\t" "movl %2, %%ebx \n\t" : "=m" (ebx), "=m" (edx) From 2957b35157ea965e13dea3fb775b364485069c9c Mon Sep 17 00:00:00 2001 From: Doru Gucea Date: Fri, 14 Dec 2018 21:08:35 +0200 Subject: [PATCH 246/247] Avoid stack-allocation of large memory buffers Using a stack-buffer with a size > 2K could easily produce a stack overflow for an embedded device which has a limited stack size. This commit dynamically allocates the large CSR buffer. This commit avoids using a temporary buffer for storing the OIDs. A single buffer is used: a) OIDs are written backwards starting with the end of the buffer; b) OIDs are memmove'd to the beginning of the buffer; c) signature over this OIDs is computed and written backwards from the end of the buffer; d) the two memory regions are compacted. Signed-off-by: Doru Gucea --- library/x509write_csr.c | 114 ++++++++++++++++++++++++++-------------- 1 file changed, 74 insertions(+), 40 deletions(-) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 7c5179862..df2ebb26a 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -50,6 +50,14 @@ #include "mbedtls/pem.h" #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_calloc calloc +#define mbedtls_free free +#endif + void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); @@ -130,17 +138,17 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, return( 0 ); } -int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, + unsigned char *buf, + size_t size, unsigned char *sig, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; const char *sig_oid; size_t sig_oid_len = 0; unsigned char *c, *c2; unsigned char hash[64]; - unsigned char sig[MBEDTLS_PK_SIGNATURE_MAX_SIZE]; - unsigned char tmp_buf[2048]; size_t pub_len = 0, sig_and_oid_len = 0, sig_len; size_t len = 0; mbedtls_pk_type_t pk_alg; @@ -150,52 +158,58 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ /* - * Prepare data to be signed in tmp_buf + * Writing strategy: + * 1. start writing from the back of buf + * 2. sign the written data and place the signature at the start of buf + * 3. compact memory locations by moving the signature towards right */ - c = tmp_buf + sizeof( tmp_buf ); + c = buf + size; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf, + ctx->extensions ) ); if( len ) { - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SET ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, tmp_buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, - MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, buf, + MBEDTLS_OID_PKCS9_CSR_EXT_REQ, + MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); } - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key, - tmp_buf, c - tmp_buf ) ); + buf, c - buf ) ); c -= pub_len; len += pub_len; /* * Subject ::= Name */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, tmp_buf, ctx->subject ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_names( &c, buf, + ctx->subject ) ); /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, tmp_buf, 0 ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); /* * Prepare signature @@ -232,32 +246,52 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s return( MBEDTLS_ERR_X509_INVALID_ALG ); if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) + &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } - /* - * Write data to output buffer - */ + /* reserve space for the signature at the end of buf */ + memmove( buf, c, len ); + + /* copy the signature */ c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, buf, - sig_oid, sig_oid_len, sig, sig_len ) ); - - if( len > (size_t)( c2 - buf ) ) - return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); + MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, + buf + len, sig_oid, sig_oid_len, sig, sig_len ) ); + /* compact oids and signature memory locations */ c2 -= len; - memcpy( c2, c, len ); + memmove( c2, buf, len ); len += sig_and_oid_len; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + memset( buf, 0, c2 - buf); return( (int) len ); } +int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, + size_t size, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret; + unsigned char *sig; + + if( ( sig = mbedtls_calloc( 1, MBEDTLS_MPI_MAX_SIZE ) ) == NULL ) + { + return( MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + } + + ret = x509write_csr_der_internal( ctx, buf, size, sig, f_rng, p_rng ); + + mbedtls_free( sig ); + + return( ret ); +} + #define PEM_BEGIN_CSR "-----BEGIN CERTIFICATE REQUEST-----\n" #define PEM_END_CSR "-----END CERTIFICATE REQUEST-----\n" From 40ca54a9ace6571918a7e562a4a822c6d7f1bedb Mon Sep 17 00:00:00 2001 From: Simon Leet Date: Fri, 26 Jun 2020 21:23:32 +0000 Subject: [PATCH 247/247] Revise comments for x509write_csr_der_internal Address remaining PR comments for #2118 - Add ChangeLog.d/x509write_csr_heap_alloc.txt. - Fix parameter alignment per Gille's recommendation. - Update comments to more explicitly describe the manipulation of buf. - Replace use of `MBEDTLS_MPI_MAX_SIZE` as `sig` buffer size for call to `x509write_csr_der_internal()` with more intuitive `MBEDTLS_PK_SIGNATURE_MAX_SIZE`. - Update `mbedtls_x509write_csr_der()` to return `MBEDTLS_ERR_X509_ALLOC_FAILED` on mbedtls_calloc error. Signed-off-by: Simon Leet --- ChangeLog.d/x509write_csr_heap_alloc.txt | 4 ++ library/x509write_csr.c | 84 +++++++++++++++--------- 2 files changed, 58 insertions(+), 30 deletions(-) create mode 100644 ChangeLog.d/x509write_csr_heap_alloc.txt diff --git a/ChangeLog.d/x509write_csr_heap_alloc.txt b/ChangeLog.d/x509write_csr_heap_alloc.txt new file mode 100644 index 000000000..abce20c4d --- /dev/null +++ b/ChangeLog.d/x509write_csr_heap_alloc.txt @@ -0,0 +1,4 @@ +Changes + * Reduce the stack consumption of mbedtls_x509write_csr_der() which + previously could lead to stack overflow on constrained devices. + Contributed by Doru Gucea and Simon Leet in #3464. diff --git a/library/x509write_csr.c b/library/x509write_csr.c index df2ebb26a..4d51bbd03 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -140,7 +140,8 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx, static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, unsigned char *buf, - size_t size, unsigned char *sig, + size_t size, + unsigned char *sig, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { @@ -157,12 +158,8 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, size_t hash_len; psa_algorithm_t hash_alg = mbedtls_psa_translate_md( ctx->md_alg ); #endif /* MBEDTLS_USE_PSA_CRYPTO */ - /* - * Writing strategy: - * 1. start writing from the back of buf - * 2. sign the written data and place the signature at the start of buf - * 3. compact memory locations by moving the signature towards right - */ + + /* Write the CSR backwards starting from the end of buf */ c = buf + size; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, buf, @@ -171,25 +168,34 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, if( len ) { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_oid( &c, buf, - MBEDTLS_OID_PKCS9_CSR_EXT_REQ, - MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_oid( + &c, buf, MBEDTLS_OID_PKCS9_CSR_EXT_REQ, + MBEDTLS_OID_SIZE( MBEDTLS_OID_PKCS9_CSR_EXT_REQ ) ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); } MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ); MBEDTLS_ASN1_CHK_ADD( pub_len, mbedtls_pk_write_pubkey_der( ctx->key, buf, c - buf ) ); @@ -208,11 +214,13 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); /* - * Prepare signature + * Sign the written CSR data into the sig buffer * Note: hash errors can happen only after an internal error */ #if defined(MBEDTLS_USE_PSA_CRYPTO) @@ -251,22 +259,38 @@ static int x509write_csr_der_internal( mbedtls_x509write_csr *ctx, return( ret ); } - /* reserve space for the signature at the end of buf */ + /* + * Move the written CSR data to the start of buf to create space for + * writing the signature into buf. + */ memmove( buf, c, len ); - /* copy the signature */ + /* + * Write sig and its OID into buf backwards from the end of buf. + * Note: mbedtls_x509_write_sig will check for c2 - ( buf + len ) < sig_len + * and return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if needed. + */ c2 = buf + size; - MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, mbedtls_x509_write_sig( &c2, - buf + len, sig_oid, sig_oid_len, sig, sig_len ) ); + MBEDTLS_ASN1_CHK_ADD( sig_and_oid_len, + mbedtls_x509_write_sig( &c2, buf + len, sig_oid, sig_oid_len, + sig, sig_len ) ); - /* compact oids and signature memory locations */ + /* + * Compact the space between the CSR data and signature by moving the + * CSR data to the start of the signature. + */ c2 -= len; memmove( c2, buf, len ); + /* ASN encode the total size and tag the CSR data with it. */ len += sig_and_oid_len; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c2, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c2, buf, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, + mbedtls_asn1_write_tag( + &c2, buf, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); + + /* Zero the unused bytes at the start of buf */ memset( buf, 0, c2 - buf); return( (int) len ); @@ -280,9 +304,9 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, int ret; unsigned char *sig; - if( ( sig = mbedtls_calloc( 1, MBEDTLS_MPI_MAX_SIZE ) ) == NULL ) + if( ( sig = mbedtls_calloc( 1, MBEDTLS_PK_SIGNATURE_MAX_SIZE ) ) == NULL ) { - return( MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + return( MBEDTLS_ERR_X509_ALLOC_FAILED ); } ret = x509write_csr_der_internal( ctx, buf, size, sig, f_rng, p_rng );