Refactor ssl test suite to use pointers more
This way it's easier to track structures that are partially set up.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index d832853..5042d9f 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -797,9 +797,9 @@
*/
typedef struct mbedtls_endpoint_certificate
{
- mbedtls_x509_crt ca_cert;
- mbedtls_x509_crt cert;
- mbedtls_pk_context pkey;
+ mbedtls_x509_crt* ca_cert;
+ mbedtls_x509_crt* cert;
+ mbedtls_pk_context* pkey;
} mbedtls_endpoint_certificate;
/*
@@ -815,6 +815,42 @@
} mbedtls_endpoint;
/*
+ * Deinitializes certificates from endpoint represented by \p ep.
+ */
+void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
+{
+ mbedtls_endpoint_certificate *cert = &( ep->cert );
+ if( cert != NULL )
+ {
+ if( cert->ca_cert != NULL )
+ {
+ mbedtls_x509_crt_free( cert->ca_cert );
+ mbedtls_free( cert->ca_cert );
+ cert->ca_cert = NULL;
+ }
+ if( cert->cert != NULL )
+ {
+ mbedtls_x509_crt_free( cert->cert );
+ mbedtls_free( cert->cert );
+ cert->cert = NULL;
+ }
+ if( cert->pkey != NULL )
+ {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( mbedtls_pk_get_type( cert->pkey ) == MBEDTLS_PK_OPAQUE )
+ {
+ mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
+ psa_destroy_key( *key_slot );
+ }
+#endif
+ mbedtls_pk_free( cert->pkey );
+ mbedtls_free( cert->pkey );
+ cert->pkey = NULL;
+ }
+ }
+}
+
+/*
* Initializes \p ep_cert structure and assigns it to endpoint
* represented by \p ep.
*
@@ -826,7 +862,7 @@
{
int i = 0;
int ret = -1;
- mbedtls_endpoint_certificate *cert;
+ mbedtls_endpoint_certificate *cert = NULL;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
#endif
@@ -837,15 +873,19 @@
}
cert = &( ep->cert );
- mbedtls_x509_crt_init( &( cert->ca_cert ) );
- mbedtls_x509_crt_init( &( cert->cert ) );
- mbedtls_pk_init( &( cert->pkey ) );
+ cert->ca_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
+ cert->cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
+ cert->pkey = mbedtls_calloc( 1, sizeof(mbedtls_pk_context) );
+
+ mbedtls_x509_crt_init( cert->ca_cert );
+ mbedtls_x509_crt_init( cert->cert );
+ mbedtls_pk_init( cert->pkey );
/* Load the trusted CA */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{
- ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
+ ret = mbedtls_x509_crt_parse_der( cert->ca_cert,
(const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i] );
TEST_ASSERT( ret == 0 );
@@ -857,12 +897,12 @@
{
if( pk_alg == MBEDTLS_PK_RSA )
{
- ret = mbedtls_x509_crt_parse( &( cert->cert ),
+ ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
mbedtls_test_srv_crt_rsa_sha256_der_len );
TEST_ASSERT( ret == 0 );
- ret = mbedtls_pk_parse_key( &( cert->pkey ),
+ ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char*) mbedtls_test_srv_key_rsa_der,
mbedtls_test_srv_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
@@ -870,12 +910,12 @@
}
else
{
- ret = mbedtls_x509_crt_parse( &( cert->cert ),
+ ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char*) mbedtls_test_srv_crt_ec_der,
mbedtls_test_srv_crt_ec_der_len );
TEST_ASSERT( ret == 0 );
- ret = mbedtls_pk_parse_key( &( cert->pkey ),
+ ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char*) mbedtls_test_srv_key_ec_der,
mbedtls_test_srv_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
@@ -886,12 +926,12 @@
{
if( pk_alg == MBEDTLS_PK_RSA )
{
- ret = mbedtls_x509_crt_parse( &( cert->cert ),
+ ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char *) mbedtls_test_cli_crt_rsa_der,
mbedtls_test_cli_crt_rsa_der_len );
TEST_ASSERT( ret == 0 );
- ret = mbedtls_pk_parse_key( &( cert->pkey ),
+ ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
mbedtls_test_cli_key_rsa_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
@@ -899,12 +939,12 @@
}
else
{
- ret = mbedtls_x509_crt_parse( &( cert->cert ),
+ ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char *) mbedtls_test_cli_crt_ec_der,
mbedtls_test_cli_crt_ec_len );
TEST_ASSERT( ret == 0 );
- ret = mbedtls_pk_parse_key( &( cert->pkey ),
+ ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_ec_der,
mbedtls_test_cli_key_ec_der_len, NULL, 0,
mbedtls_test_rnd_std_rand, NULL );
@@ -915,7 +955,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( opaque_alg != 0 )
{
- TEST_EQUAL( mbedtls_pk_wrap_as_opaque( &( cert->pkey ), &key_slot,
+ TEST_EQUAL( mbedtls_pk_wrap_as_opaque( cert->pkey, &key_slot,
opaque_alg, opaque_usage,
opaque_alg2 ), 0 );
}
@@ -925,10 +965,10 @@
(void) opaque_usage;
#endif
- mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
+ mbedtls_ssl_conf_ca_chain( &( ep->conf ), cert->ca_cert, NULL );
- ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
- &( cert->pkey ) );
+ ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), cert->cert,
+ cert->pkey );
TEST_ASSERT( ret == 0 );
TEST_ASSERT( ep->conf.key_cert != NULL );
@@ -936,20 +976,14 @@
TEST_ASSERT( ret == 0 );
TEST_ASSERT( ep->conf.key_cert == NULL );
- ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
- &( cert->pkey ) );
+ ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), cert->cert,
+ cert->pkey );
TEST_ASSERT( ret == 0 );
exit:
if( ret != 0 )
{
- mbedtls_x509_crt_free( &( cert->ca_cert ) );
- mbedtls_x509_crt_free( &( cert->cert ) );
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( opaque_alg != 0 )
- psa_destroy_key( key_slot );
-#endif
- mbedtls_pk_free( &( cert->pkey ) );
+ mbedtls_endpoint_certificate_free( ep );
}
return ret;
@@ -1076,25 +1110,6 @@
}
/*
- * Deinitializes certificates from endpoint represented by \p ep.
- */
-void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
-{
- mbedtls_endpoint_certificate *cert = &( ep->cert );
- mbedtls_x509_crt_free( &( cert->ca_cert ) );
- mbedtls_x509_crt_free( &( cert->cert ) );
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if( mbedtls_pk_get_type( &( cert->pkey ) ) == MBEDTLS_PK_OPAQUE )
- {
- mbedtls_svc_key_id_t *key_slot = cert->pkey.pk_ctx;
-
- psa_destroy_key( *key_slot );
- }
-#endif
- mbedtls_pk_free( &( cert->pkey ) );
-}
-
-/*
* Deinitializes endpoint represented by \p ep.
*/
void mbedtls_endpoint_free( mbedtls_endpoint *ep,
@@ -2077,7 +2092,8 @@
int expected_handshake_result = options->expected_handshake_result;
USE_PSA_INIT( );
-
+ mbedtls_platform_zeroize( &client, sizeof(client) );
+ mbedtls_platform_zeroize( &server, sizeof(server) );
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
mbedtls_message_socket_init( &server_context );
@@ -5122,6 +5138,8 @@
options.pk_alg = MBEDTLS_PK_RSA;
USE_PSA_INIT( );
+ mbedtls_platform_zeroize( &base_ep, sizeof(base_ep) );
+ mbedtls_platform_zeroize( &second_ep, sizeof(second_ep) );
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, &options,
NULL, NULL, NULL, NULL );
@@ -5827,6 +5845,8 @@
options.srv_log_fun = log_analyzer;
USE_PSA_INIT( );
+ mbedtls_platform_zeroize( &client, sizeof(client) );
+ mbedtls_platform_zeroize( &server, sizeof(server) );
mbedtls_message_socket_init( &server_context );
mbedtls_message_socket_init( &client_context );
@@ -6007,6 +6027,8 @@
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
USE_PSA_INIT( );
+ mbedtls_platform_zeroize( &client, sizeof(client) );
+ mbedtls_platform_zeroize( &server, sizeof(server) );
init_handshake_options( &options );
options.pk_alg = MBEDTLS_PK_ECDSA;
@@ -6081,6 +6103,8 @@
* Test set-up
*/
USE_PSA_INIT( );
+ mbedtls_platform_zeroize( &client_ep, sizeof(client_ep) );
+ mbedtls_platform_zeroize( &server_ep, sizeof(server_ep) );
init_handshake_options( &client_options );
client_options.pk_alg = MBEDTLS_PK_ECDSA;