Merge pull request #6307 from wernerlewis/bignum_test_script_2.28
[Backport 2.28] Add bignum test case generation script
diff --git a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt
new file mode 100644
index 0000000..bac4910
--- /dev/null
+++ b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix bugs and missing dependencies when
+ building and testing configurations with
+ only one encryption type enabled in TLS 1.2.
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index be5c548..40f9253 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -812,6 +812,11 @@
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_SSL_TICKET_C) && \
+ !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
+#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
!defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
@@ -926,6 +931,10 @@
#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION) && !( defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C) )
+#error "MBEDTLS_SSL_CONTEXT_SERIALIZATION defined, but not all prerequisites"
+#endif
+
/*
* Avoid warning from -pedantic. This is a convenient place for this
* workaround since this is included by every single file before the
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1da9802..e0b442a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -1620,6 +1620,8 @@
* saved after the handshake to allow for more efficient serialization, so if
* you don't need this feature you'll save RAM by disabling it.
*
+ * Requires: MBEDTLS_GCM_C or MBEDTLS_CCM_C or MBEDTLS_CHACHAPOLY_C
+ *
* Comment to disable the context serialization APIs.
*/
#define MBEDTLS_SSL_CONTEXT_SERIALIZATION
@@ -3400,7 +3402,8 @@
* Module: library/ssl_ticket.c
* Caller:
*
- * Requires: MBEDTLS_CIPHER_C
+ * Requires: MBEDTLS_CIPHER_C &&
+ * ( MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C )
*/
#define MBEDTLS_SSL_TICKET_C
diff --git a/library/constant_time.c b/library/constant_time.c
index 3cdbac2..2401b04 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -81,7 +81,7 @@
#endif
}
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
size_t mbedtls_ct_size_mask( size_t value )
{
@@ -97,7 +97,7 @@
#endif
}
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_BIGNUM_C)
@@ -404,8 +404,7 @@
#endif /* MBEDTLS_PKCS1_V15 && MBEDTLS_RSA_C && ! MBEDTLS_RSA_ALT */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
void mbedtls_ct_memcpy_if_eq( unsigned char *dest,
const unsigned char *src,
size_t len,
@@ -527,7 +526,7 @@
return( ret );
}
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_BIGNUM_C)
diff --git a/library/constant_time_internal.h b/library/constant_time_internal.h
index a550b38..6725ac1 100644
--- a/library/constant_time_internal.h
+++ b/library/constant_time_internal.h
@@ -32,7 +32,6 @@
#include <stddef.h>
-
/** Turn a value into a mask:
* - if \p value == 0, return the all-bits 0 mask, aka 0
* - otherwise, return the all-bits 1 mask, aka (unsigned) -1
@@ -196,7 +195,7 @@
#endif /* MBEDTLS_BASE64_C */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
/** Conditional memcpy without branches.
*
@@ -292,7 +291,7 @@
size_t max_data_len,
unsigned char *output );
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
#if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 014f386..062df43 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -40,7 +40,7 @@
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_context ticket_ctx;
#endif
unsigned char buf[4096];
@@ -80,7 +80,7 @@
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_init( &ticket_ctx );
#endif
@@ -110,7 +110,7 @@
mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
}
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
if( options & 0x4 )
{
if( mbedtls_ssl_ticket_setup( &ticket_ctx,
@@ -172,7 +172,7 @@
}
exit:
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_free( &ticket_ctx );
#endif
mbedtls_entropy_free( &entropy );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 6169a37..48f50c5 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -277,13 +277,13 @@
#else
#define USAGE_CA_CALLBACK ""
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
#define USAGE_TICKETS \
" tickets=%%d default: 1 (enabled)\n" \
" ticket_timeout=%%d default: 86400 (one day)\n"
#else
#define USAGE_TICKETS ""
-#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)
#define USAGE_EAP_TLS \
@@ -1335,7 +1335,7 @@
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_context cache;
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_context ticket_ctx;
#endif
#if defined(SNI_OPTION)
@@ -1423,7 +1423,7 @@
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_init( &cache );
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_init( &ticket_ctx );
#endif
#if defined(MBEDTLS_SSL_ALPN)
@@ -2776,7 +2776,7 @@
mbedtls_ssl_cache_set );
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
{
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
@@ -4007,7 +4007,7 @@
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_cache_free( &cache );
#endif
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
mbedtls_ssl_ticket_free( &ticket_ctx );
#endif
#if defined(MBEDTLS_SSL_COOKIE_C)
diff --git a/scripts/config.py b/scripts/config.py
index 91e37ad..c106a97 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -7,6 +7,9 @@
if 'MBEDTLS_RSA_C' in config: print('RSA is enabled')
"""
+# Note that the version of this script in the mbedtls-2.28 branch must remain
+# compatible with Python 3.4.
+
## Copyright The Mbed TLS Contributors
## SPDX-License-Identifier: Apache-2.0
##
diff --git a/scripts/mbedtls_dev/test_case.py b/scripts/mbedtls_dev/test_case.py
index 6a46e42..d0afa59 100644
--- a/scripts/mbedtls_dev/test_case.py
+++ b/scripts/mbedtls_dev/test_case.py
@@ -92,9 +92,11 @@
"""
if caller is None:
caller = os.path.basename(sys.argv[0])
- with open(filename, 'w') as out:
+ tempfile = filename + '.new'
+ with open(tempfile, 'w') as out:
out.write('# Automatically generated by {}. Do not edit!\n'
.format(caller))
for tc in test_cases:
tc.write(out)
out.write('\n# End of automatically generated file.\n')
+ os.replace(tempfile, filename)
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index 0d97e80..757a43b 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -58,6 +58,13 @@
#include "mbedtls/bignum.h"
#endif
+/** The type of test case arguments that contain binary data. */
+typedef struct data_tag
+{
+ uint8_t * x;
+ uint32_t len;
+} data_t;
+
typedef enum
{
MBEDTLS_TEST_RESULT_SUCCESS = 0,
@@ -379,7 +386,6 @@
*
* \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
*/
-/* Since the library has exactly the desired behavior, this is trivial. */
int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s );
#endif /* MBEDTLS_BIGNUM_C */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 4705fe8..12e3efa 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -120,6 +120,9 @@
# Treat uninitialised variables as errors.
set -e -o pipefail -u
+# Enable ksh/bash extended file matching patterns
+shopt -s extglob
+
pre_check_environment () {
if [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2
@@ -294,7 +297,7 @@
-iname CTestTestfile.cmake -o \
-iname CMakeCache.txt \) -exec rm {} \+
# Recover files overwritten by in-tree CMake builds
- rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
+ rm -f include/Makefile include/mbedtls/Makefile programs/!(fuzz)/Makefile
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
@@ -303,7 +306,9 @@
# Restore files that may have been clobbered by the job
for x in $files_to_back_up; do
- cp -p "$x$backup_suffix" "$x"
+ if [[ -e "$x$backup_suffix" ]]; then
+ cp -p "$x$backup_suffix" "$x"
+ fi
done
}
@@ -1263,6 +1268,163 @@
# no SSL tests as they all depend on having a DRBG
}
+component_test_tls1_2_default_stream_cipher_only () {
+ msg "build: default with only stream cipher"
+
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+ make
+
+ msg "test: default with only stream cipher"
+ make test
+
+ # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
+}
+
+component_test_tls1_2_default_stream_cipher_only_use_psa () {
+ msg "build: default with only stream cipher use psa"
+
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Disable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py unset MBEDTLS_CIPHER_MODE_CBC
+ # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py set MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+ make
+
+ msg "test: default with only stream cipher use psa"
+ make test
+
+ # Not running ssl-opt.sh because most tests require a non-NULL ciphersuite.
+}
+
+component_test_tls1_2_default_cbc_legacy_cipher_only () {
+ msg "build: default with only CBC-legacy cipher"
+
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+ make
+
+ msg "test: default with only CBC-legacy cipher"
+ make test
+
+ msg "test: default with only CBC-legacy cipher - ssl-opt.sh (subset)"
+ tests/ssl-opt.sh -f "TLS 1.2"
+}
+
+component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa () {
+ msg "build: default with only CBC-legacy cipher use psa"
+
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+ make
+
+ msg "test: default with only CBC-legacy cipher use psa"
+ make test
+
+ msg "test: default with only CBC-legacy cipher use psa - ssl-opt.sh (subset)"
+ tests/ssl-opt.sh -f "TLS 1.2"
+}
+
+component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
+ msg "build: default with only CBC-legacy and CBC-EtM ciphers"
+
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+ make
+
+ msg "test: default with only CBC-legacy and CBC-EtM ciphers"
+ make test
+
+ msg "test: default with only CBC-legacy and CBC-EtM ciphers - ssl-opt.sh (subset)"
+ tests/ssl-opt.sh -f "TLS 1.2"
+}
+
+component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
+ msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
+
+ scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+ # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ # Enable CBC-legacy (controlled by MBEDTLS_CIPHER_MODE_CBC plus at least one block cipher (AES, ARIA, Camellia, DES))
+ scripts/config.py set MBEDTLS_CIPHER_MODE_CBC
+ # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
+ # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
+ scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
+ # Modules that depend on AEAD
+ scripts/config.py unset MBEDTLS_SSL_CONTEXT_SERIALIZATION
+ scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+ make
+
+ msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa"
+ make test
+
+ msg "test: default with only CBC-legacy and CBC-EtM ciphers use psa - ssl-opt.sh (subset)"
+ tests/ssl-opt.sh -f "TLS 1.2"
+}
+
component_test_new_ecdh_context () {
msg "build: new ECDH context (ASan build)" # ~ 6 min
scripts/config.py unset MBEDTLS_ECDH_LEGACY_CONTEXT
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index c310d48..bfd2189 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -15,6 +15,7 @@
* limitations under the License.
*/
+#include <test/constant_flow.h>
#include <test/helpers.h>
#include <test/macros.h>
#include <string.h>
@@ -120,8 +121,12 @@
int mbedtls_test_equal( const char *test, int line_no, const char* filename,
unsigned long long value1, unsigned long long value2 )
{
+ TEST_CF_PUBLIC( &value1, sizeof( value1 ) );
+ TEST_CF_PUBLIC( &value2, sizeof( value2 ) );
+
if( value1 == value2 )
return( 1 );
+
if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
{
/* We've already recorded the test as having failed. Don't
@@ -143,8 +148,12 @@
int mbedtls_test_le_u( const char *test, int line_no, const char* filename,
unsigned long long value1, unsigned long long value2 )
{
+ TEST_CF_PUBLIC( &value1, sizeof( value1 ) );
+ TEST_CF_PUBLIC( &value2, sizeof( value2 ) );
+
if( value1 <= value2 )
return( 1 );
+
if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
{
/* We've already recorded the test as having failed. Don't
@@ -166,8 +175,12 @@
int mbedtls_test_le_s( const char *test, int line_no, const char* filename,
long long value1, long long value2 )
{
+ TEST_CF_PUBLIC( &value1, sizeof( value1 ) );
+ TEST_CF_PUBLIC( &value2, sizeof( value2 ) );
+
if( value1 <= value2 )
return( 1 );
+
if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
{
/* We've already recorded the test as having failed. Don't
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 75ba4b7..fbf3bf7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -6595,6 +6595,7 @@
requires_config_enabled MBEDTLS_CAMELLIA_C
requires_config_enabled MBEDTLS_AES_C
+requires_config_enabled MBEDTLS_GCM_C
run_test "Per-version suites: TLS 1.2" \
"$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
"$P_CLI force_version=tls12" \
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 91ad925..a7531e7 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -51,13 +51,6 @@
#include <strings.h>
#endif
-/* Type for Hex parameters */
-typedef struct data_tag
-{
- uint8_t * x;
- uint32_t len;
-} data_t;
-
/*----------------------------------------------------------------------------*/
/* Status and error constants */
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 93bff1e..4fe54c0 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1,9 +1,6 @@
/* BEGIN_HEADER */
#include "mbedtls/cipher.h"
-
-#if defined(MBEDTLS_AES_C)
#include "mbedtls/aes.h"
-#endif
#if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h"
diff --git a/tests/suites/test_suite_cmac.data b/tests/suites/test_suite_cmac.data
index 70b7609..5956a69 100644
--- a/tests/suites/test_suite_cmac.data
+++ b/tests/suites/test_suite_cmac.data
@@ -22,15 +22,15 @@
CMAC init #5 AES-224: bad key size
depends_on:MBEDTLS_AES_C
-mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:224:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:224:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC init #6 AES-0: bad key size
depends_on:MBEDTLS_AES_C
-mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_AES:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+mbedtls_cmac_setkey:MBEDTLS_CIPHER_AES_128_ECB:0:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC init #7 Camellia: wrong cipher
depends_on:MBEDTLS_CAMELLIA_C
-mbedtls_cmac_setkey:MBEDTLS_CIPHER_ID_CAMELLIA:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
+mbedtls_cmac_setkey:MBEDTLS_CIPHER_CAMELLIA_192_ECB:128:MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
CMAC Single Blocks #1 - Empty block, no updates
mbedtls_cmac_multiple_blocks:MBEDTLS_CIPHER_AES_128_ECB:"2b7e151628aed2a6abf7158809cf4f3c":128:16:"":-1:"":-1:"":-1:"":-1:"bb1d6929e95937287fa37d129b756746"
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index bf3411d..cd1b368 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -65,6 +65,8 @@
int invalid_side = 42;
mbedtls_ecp_group_id valid_grp = MBEDTLS_ECP_DP_SECP192R1;
+ mbedtls_ecp_keypair_init( &kp );
+ mbedtls_ecdh_init( &ctx );
TEST_INVALID_PARAM( mbedtls_ecdh_init( NULL ) );
#if defined(MBEDTLS_ECP_RESTARTABLE)
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 549373a..e5ae5dd 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -20,6 +20,12 @@
size_t slen;
unsigned char buf[42] = { 0 };
+ mbedtls_ecdsa_init( &ctx );
+ mbedtls_ecp_keypair_init( &key );
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_point_init( &P );
+ mbedtls_mpi_init( &m );
+
TEST_INVALID_PARAM( mbedtls_ecdsa_init( NULL ) );
TEST_VALID_PARAM( mbedtls_ecdsa_free( NULL ) );
@@ -200,6 +206,12 @@
mbedtls_ecdsa_from_keypair( &ctx, NULL ) );
exit:
+ mbedtls_ecdsa_free( &ctx );
+ mbedtls_ecp_keypair_free( &key );
+ mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_point_free( &P );
+ mbedtls_mpi_free( &m );
+
return;
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index ab672a8..2246f2d 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -110,6 +110,8 @@
mbedtls_md_type_t valid_md = MBEDTLS_MD_SHA256;
mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP256R1;
+ mbedtls_ecjpake_init( &ctx );
+
TEST_INVALID_PARAM( mbedtls_ecjpake_init( NULL ) );
TEST_VALID_PARAM( mbedtls_ecjpake_free( NULL ) );
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index ae966a2..59812b4 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -57,6 +57,9 @@
mbedtls_ecp_restart_ctx restart_ctx;
#endif /* MBEDTLS_ECP_RESTARTABLE */
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_point_init( &P );
+
TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) );
TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) );
TEST_INVALID_PARAM( mbedtls_ecp_group_init( NULL ) );