Refactor ssl test suite to use pointers more
This way it's easier to track structures that are partially set up.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index a1e660f..606072a 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -734,9 +734,9 @@
*/
typedef struct mbedtls_endpoint_certificate
{
- mbedtls_x509_crt ca_cert;
- mbedtls_x509_crt cert;
- mbedtls_pk_context pkey;
+ mbedtls_x509_crt* ca_cert;
+ mbedtls_x509_crt* cert;
+ mbedtls_pk_context* pkey;
} mbedtls_endpoint_certificate;
/*
@@ -754,6 +754,42 @@
} mbedtls_endpoint;
/*
+ * Deinitializes certificates from endpoint represented by \p ep.
+ */
+void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
+{
+ mbedtls_endpoint_certificate *cert = &( ep->cert );
+ if( cert != NULL )
+ {
+ if( cert->ca_cert != NULL )
+ {
+ mbedtls_x509_crt_free( cert->ca_cert );
+ mbedtls_free( cert->ca_cert );
+ cert->ca_cert = NULL;
+ }
+ if( cert->cert != NULL )
+ {
+ mbedtls_x509_crt_free( cert->cert );
+ mbedtls_free( cert->cert );
+ cert->cert = NULL;
+ }
+ if( cert->pkey != NULL )
+ {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if( mbedtls_pk_get_type( cert->pkey ) == MBEDTLS_PK_OPAQUE )
+ {
+ mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
+ psa_destroy_key( *key_slot );
+ }
+#endif
+ mbedtls_pk_free( cert->pkey );
+ mbedtls_free( cert->pkey );
+ cert->pkey = NULL;
+ }
+ }
+}
+
+/*
* Initializes \p ep_cert structure and assigns it to endpoint
* represented by \p ep.
*
@@ -763,7 +799,7 @@
{
int i = 0;
int ret = -1;
- mbedtls_endpoint_certificate *cert;
+ mbedtls_endpoint_certificate *cert = NULL;
if( ep == NULL )
{
@@ -771,15 +807,19 @@
}
cert = &( ep->cert );
- mbedtls_x509_crt_init( &( cert->ca_cert ) );
- mbedtls_x509_crt_init( &( cert->cert ) );
- mbedtls_pk_init( &( cert->pkey ) );
+ cert->ca_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
+ cert->cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
+ cert->pkey = mbedtls_calloc( 1, sizeof(mbedtls_pk_context) );
+
+ mbedtls_x509_crt_init( cert->ca_cert );
+ mbedtls_x509_crt_init( cert->cert );
+ mbedtls_pk_init( cert->pkey );
/* Load the trusted CA */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{
- ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
+ ret = mbedtls_x509_crt_parse_der( cert->ca_cert,
(const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i] );
TEST_ASSERT( ret == 0 );
@@ -791,24 +831,24 @@
{
if( pk_alg == MBEDTLS_PK_RSA )
{
- ret = mbedtls_x509_crt_parse( &( cert->cert ),
+ ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
mbedtls_test_srv_crt_rsa_sha256_der_len );
TEST_ASSERT( ret == 0 );
- ret = mbedtls_pk_parse_key( &( cert->pkey ),
+ ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char*) mbedtls_test_srv_key_rsa_der,
mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
TEST_ASSERT( ret == 0 );
}
else
{
- ret = mbedtls_x509_crt_parse( &( cert->cert ),
+ ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char*) mbedtls_test_srv_crt_ec_der,
mbedtls_test_srv_crt_ec_der_len );
TEST_ASSERT( ret == 0 );
- ret = mbedtls_pk_parse_key( &( cert->pkey ),
+ ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char*) mbedtls_test_srv_key_ec_der,
mbedtls_test_srv_key_ec_der_len, NULL, 0 );
TEST_ASSERT( ret == 0 );
@@ -818,42 +858,40 @@
{
if( pk_alg == MBEDTLS_PK_RSA )
{
- ret = mbedtls_x509_crt_parse( &( cert->cert ),
+ ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char *) mbedtls_test_cli_crt_rsa_der,
mbedtls_test_cli_crt_rsa_der_len );
TEST_ASSERT( ret == 0 );
- ret = mbedtls_pk_parse_key( &( cert->pkey ),
+ ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
TEST_ASSERT( ret == 0 );
}
else
{
- ret = mbedtls_x509_crt_parse( &( cert->cert ),
+ ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char *) mbedtls_test_cli_crt_ec_der,
mbedtls_test_cli_crt_ec_len );
TEST_ASSERT( ret == 0 );
- ret = mbedtls_pk_parse_key( &( cert->pkey ),
+ ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_ec_der,
mbedtls_test_cli_key_ec_der_len, NULL, 0 );
TEST_ASSERT( ret == 0 );
}
}
- mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
+ mbedtls_ssl_conf_ca_chain( &( ep->conf ), cert->ca_cert, NULL );
- ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
- &( cert->pkey ) );
+ ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), cert->cert,
+ cert->pkey );
TEST_ASSERT( ret == 0 );
exit:
if( ret != 0 )
{
- mbedtls_x509_crt_free( &( cert->ca_cert ) );
- mbedtls_x509_crt_free( &( cert->cert ) );
- mbedtls_pk_free( &( cert->pkey ) );
+ mbedtls_endpoint_certificate_free( ep );
}
return ret;
@@ -960,17 +998,6 @@
}
/*
- * Deinitializes certificates from endpoint represented by \p ep.
- */
-void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
-{
- mbedtls_endpoint_certificate *cert = &( ep->cert );
- mbedtls_x509_crt_free( &( cert->ca_cert ) );
- mbedtls_x509_crt_free( &( cert->cert ) );
- mbedtls_pk_free( &( cert->pkey ) );
-}
-
-/*
* Deinitializes endpoint represented by \p ep.
*/
void mbedtls_endpoint_free( mbedtls_endpoint *ep,
@@ -1709,6 +1736,10 @@
#endif
int expected_handshake_result = 0;
+ USE_PSA_INIT( );
+ mbedtls_platform_zeroize( &client, sizeof(client) );
+ mbedtls_platform_zeroize( &server, sizeof(server) );
+
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
mbedtls_message_socket_init( &server_context );
@@ -4185,6 +4216,9 @@
mbedtls_endpoint base_ep, second_ep;
int ret = -1;
+ mbedtls_platform_zeroize( &base_ep, sizeof(base_ep) );
+ mbedtls_platform_zeroize( &second_ep, sizeof(second_ep) );
+
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
NULL, NULL, NULL, NULL );
TEST_ASSERT( ret == 0 );
@@ -4571,6 +4605,8 @@
mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
MBEDTLS_ECP_DP_NONE };
USE_PSA_INIT( );
+ mbedtls_platform_zeroize( &client, sizeof(client) );
+ mbedtls_platform_zeroize( &server, sizeof(server) );
/* Client side, force SECP256R1 to make one key bitflip fail
* the raw key agreement. Flipping the first byte makes the