Merge pull request #6791 from yanrayw/6675-change-some-key-generation-funcs-to-static
TLS 1.3: Key Generation: change some key generation functions to static
diff --git a/.travis.yml b/.travis.yml
index eaf817a..54df776 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -53,7 +53,7 @@
- tests/scripts/test_psa_constant_names.py
- tests/ssl-opt.sh
# Modern OpenSSL does not support fixed ECDH or null ciphers.
- - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH-'
+ - tests/compat.sh -p OpenSSL -e 'NULL\|ECDH_'
- tests/scripts/travis-log-failure.sh
# GnuTLS supports CAMELLIA but compat.sh doesn't properly enable it.
- tests/compat.sh -p GnuTLS -e 'CAMELLIA'
diff --git a/.uncrustify.cfg b/.uncrustify.cfg
index 7ce0905..92b8ce9 100644
--- a/.uncrustify.cfg
+++ b/.uncrustify.cfg
@@ -19,8 +19,6 @@
# limitations under the License.
-# Line length options
-
# Wrap lines at 100 characters
code_width = 100
diff --git a/3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h b/3rdparty/everest/include/everest/vs2013/Hacl_Curve25519.h
similarity index 100%
rename from 3rdparty/everest/include/everest/vs2010/Hacl_Curve25519.h
rename to 3rdparty/everest/include/everest/vs2013/Hacl_Curve25519.h
diff --git a/3rdparty/everest/include/everest/vs2010/inttypes.h b/3rdparty/everest/include/everest/vs2013/inttypes.h
similarity index 100%
rename from 3rdparty/everest/include/everest/vs2010/inttypes.h
rename to 3rdparty/everest/include/everest/vs2013/inttypes.h
diff --git a/3rdparty/everest/include/everest/vs2010/stdbool.h b/3rdparty/everest/include/everest/vs2013/stdbool.h
similarity index 100%
rename from 3rdparty/everest/include/everest/vs2010/stdbool.h
rename to 3rdparty/everest/include/everest/vs2013/stdbool.h
diff --git a/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
new file mode 100644
index 0000000..0a90721
--- /dev/null
+++ b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by
+ Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by
+ Aaron Ucko under Valgrind.
diff --git a/ChangeLog.d/crypto_config_ccm_star.txt b/ChangeLog.d/crypto_config_ccm_star.txt
new file mode 100644
index 0000000..947014a
--- /dev/null
+++ b/ChangeLog.d/crypto_config_ccm_star.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * List PSA_WANT_ALG_CCM_STAR_NO_TAG in psa/crypto_config.h so that it can
+ be toggled with config.py.
diff --git a/ChangeLog.d/fix-rsaalt-test-guards.txt b/ChangeLog.d/fix-rsaalt-test-guards.txt
new file mode 100644
index 0000000..f4f39c9
--- /dev/null
+++ b/ChangeLog.d/fix-rsaalt-test-guards.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are
+ defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174.
diff --git a/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt
new file mode 100644
index 0000000..1764c2f
--- /dev/null
+++ b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt
@@ -0,0 +1,19 @@
+Bugfix
+ * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers
+ whose binary representation is longer than 20 bytes. This was already
+ forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being
+ enforced also at code level.
+
+New deprecations
+ * mbedtls_x509write_crt_set_serial() is now being deprecated in favor of
+ mbedtls_x509write_crt_set_serial_raw(). The goal here is to remove any
+ direct dependency of X509 on BIGNUM_C.
+
+Changes
+ * programs/x509/cert_write:
+ - now it accepts the serial number in 2 different formats: decimal and
+ hex. They cannot be used simultaneously
+ - "serial" is used for the decimal format and it's limted in size to
+ unsigned long long int
+ - "serial_hex" is used for the hex format; max length here is
+ MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN*2
diff --git a/ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt b/ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt
new file mode 100644
index 0000000..cfea661
--- /dev/null
+++ b/ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
+ used on a shared secret from a key agreement since its input must be
+ an ECC public key. Reject this properly.
diff --git a/ChangeLog.d/vs2013.txt b/ChangeLog.d/vs2013.txt
new file mode 100644
index 0000000..6fe7a5e
--- /dev/null
+++ b/ChangeLog.d/vs2013.txt
@@ -0,0 +1,4 @@
+Changes
+ * Visual Studio: Rename the directory containing Visual Studio files from
+ visualc/VS2010 to visualc/VS2013 as we do not support building with versions
+ older than 2013. Update the solution file to specify VS2013 as a minimum.
diff --git a/Makefile b/Makefile
index 2f1be65..1f36a06 100644
--- a/Makefile
+++ b/Makefile
@@ -37,7 +37,7 @@
generated_files: visualc_files
.PHONY: visualc_files
-VISUALC_FILES = visualc/VS2010/mbedTLS.sln visualc/VS2010/mbedTLS.vcxproj
+VISUALC_FILES = visualc/VS2013/mbedTLS.sln visualc/VS2013/mbedTLS.vcxproj
# TODO: $(app).vcxproj for each $(app) in programs/
visualc_files: $(VISUALC_FILES)
@@ -46,9 +46,9 @@
# they just need to be present.
$(VISUALC_FILES): | library/generated_files
$(VISUALC_FILES): scripts/generate_visualc_files.pl
-$(VISUALC_FILES): scripts/data_files/vs2010-app-template.vcxproj
-$(VISUALC_FILES): scripts/data_files/vs2010-main-template.vcxproj
-$(VISUALC_FILES): scripts/data_files/vs2010-sln-template.sln
+$(VISUALC_FILES): scripts/data_files/vs2013-app-template.vcxproj
+$(VISUALC_FILES): scripts/data_files/vs2013-main-template.vcxproj
+$(VISUALC_FILES): scripts/data_files/vs2013-sln-template.sln
# TODO: also the list of .c and .h source files, but not their content
$(VISUALC_FILES):
echo " Gen $@ ..."
@@ -124,10 +124,10 @@
$(MAKE) -C programs neat
$(MAKE) -C tests neat
ifndef WINDOWS
- rm -f visualc/VS2010/*.vcxproj visualc/VS2010/mbedTLS.sln
+ rm -f visualc/VS2013/*.vcxproj visualc/VS2013/mbedTLS.sln
else
- if exist visualc\VS2010\*.vcxproj del /Q /F visualc\VS2010\*.vcxproj
- if exist visualc\VS2010\mbedTLS.sln del /Q /F visualc\VS2010\mbedTLS.sln
+ if exist visualc\VS2013\*.vcxproj del /Q /F visualc\VS2013\*.vcxproj
+ if exist visualc\VS2013\mbedTLS.sln del /Q /F visualc\VS2013\mbedTLS.sln
endif
check: lib tests
diff --git a/README.md b/README.md
index cc70f56..7b45a1f 100644
--- a/README.md
+++ b/README.md
@@ -220,7 +220,7 @@
### Microsoft Visual Studio
-The build files for Microsoft Visual Studio are generated for Visual Studio 2010.
+The build files for Microsoft Visual Studio are generated for Visual Studio 2013.
The solution file `mbedTLS.sln` contains all the basic projects needed to build the library and all the programs. The files in tests are not generated and compiled, as these need Python and perl environments as well. However, the selftest program in `programs/test/` is still available.
diff --git a/docs/architecture/psa-migration/outcome-analysis.sh b/docs/architecture/psa-migration/outcome-analysis.sh
index 9084685..b26963b 100755
--- a/docs/architecture/psa-migration/outcome-analysis.sh
+++ b/docs/architecture/psa-migration/outcome-analysis.sh
@@ -1,42 +1,30 @@
#!/bin/sh
-# This script runs tests in various revisions and configurations and analyses
-# the results in order to highlight any difference in the set of tests skipped
-# in the test suites of interest.
+# This script runs tests before and after a PR and analyzes the results in
+# order to highlight any difference in the set of tests skipped.
#
-# It can be used to ensure the testing criteria mentioned in strategy.md,
+# It can be used to check the first testing criterion mentioned in strategy.md,
# end of section "Supporting builds with drivers without the software
-# implementation" are met, namely:
+# implementation", namely: the sets of tests skipped in the default config and
+# the full config must be the same before and after the PR.
#
-# - the sets of tests skipped in the default config and the full config must be
-# the same before and after the PR that implements step 3;
-# - the set of tests skipped in the driver-only build is the same as in an
-# equivalent software-based configuration, or the difference is small enough,
-# justified, and a github issue is created to track it.
-# This part is verified by tests/scripts/analyze_outcomes.py
+# USAGE:
+# - First, commit any uncommited changes. (Also, see warning below.)
+# - Then launch --> [SKIP_SSL_OPT=1] docs/architecture/psa-migration/outcome-analysis.sh
+# - SKIP_SSL_OPT=1 can optionally be set to skip ssl-opt.sh tests
#
# WARNING: this script checks out a commit other than the head of the current
# branch; it checks out the current branch again when running successfully,
# but while the script is running, or if it terminates early in error, you
# should be aware that you might be at a different commit than expected.
#
-# NOTE: This is only an example/template script, you should make a copy and
-# edit it to suit your needs. The part that needs editing is at the top.
-#
-# Also, you can comment out parts that don't need to be re-done when
+# NOTE: you can comment out parts that don't need to be re-done when
# re-running this script (for example "get numbers before this PR").
-# ----- BEGIN edit this -----
-# Space-separated list of test suites to ignore:
-# if SSS is in that list, test_suite_SSS and test_suite_SSS.* are ignored.
-IGNORE="md mdx shax" # accelerated
-IGNORE="$IGNORE entropy hmac_drbg random" # disabled (ext. RNG)
-IGNORE="$IGNORE psa_crypto_init" # needs internal RNG
-IGNORE="$IGNORE hkdf" # disabled in the all.sh component tested
-# ----- END edit this -----
-
set -eu
+: ${SKIP_SSL_OPT:=0}
+
cleanup() {
make clean
git checkout -- include/mbedtls/mbedtls_config.h include/psa/crypto_config.h
@@ -45,7 +33,14 @@
record() {
export MBEDTLS_TEST_OUTCOME_FILE="$PWD/outcome-$1.csv"
rm -f $MBEDTLS_TEST_OUTCOME_FILE
+
make check
+
+ if [ $SKIP_SSL_OPT -eq 0 ]; then
+ make -C programs ssl/ssl_server2 ssl/ssl_client2 \
+ test/udp_proxy test/query_compile_time_config
+ tests/ssl-opt.sh
+ fi
}
# save current HEAD
@@ -54,21 +49,26 @@
# get the numbers before this PR for default and full
cleanup
git checkout $(git merge-base HEAD development)
+
record "before-default"
cleanup
+
scripts/config.py full
record "before-full"
# get the numbers now for default and full
cleanup
git checkout $HEAD
+
record "after-default"
cleanup
+
scripts/config.py full
record "after-full"
+cleanup
# analysis
@@ -77,15 +77,19 @@
make generated_files >/dev/null
data_files=$(cd tests/suites && echo *.data)
for data in $data_files; do
- suite=${data#test_suite_}
- suite=${suite%.data}
- suite_base=${suite%%.*}
- case " $IGNORE " in
- *" $suite_base "*) :;;
- *) SUITES="$SUITES $suite";;
- esac
+ suite=${data%.data}
+ SUITES="$SUITES $suite"
done
make neat
+
+ if [ $SKIP_SSL_OPT -eq 0 ]; then
+ SUITES="$SUITES ssl-opt"
+ extra_files=$(cd tests/opt-testcases && echo *.sh)
+ for extra in $extra_files; do
+ suite=${extra%.sh}
+ SUITES="$SUITES $suite"
+ done
+ fi
}
compare_suite () {
@@ -93,7 +97,7 @@
new="outcome-$2.csv"
suite="$3"
- pattern_suite=";test_suite_$suite;"
+ pattern_suite=";$suite;"
total=$(grep -c "$pattern_suite" "$ref")
sed_cmd="s/^.*$pattern_suite\(.*\);SKIP.*/\1/p"
sed -n "$sed_cmd" "$ref" > skipped-ref
@@ -101,8 +105,9 @@
nb_ref=$(wc -l <skipped-ref)
nb_new=$(wc -l <skipped-new)
- printf "%36s: total %4d; skipped %4d -> %4d\n" \
- $suite $total $nb_ref $nb_new
+ name=${suite#test_suite_}
+ printf "%40s: total %4d; skipped %4d -> %4d\n" \
+ $name $total $nb_ref $nb_new
if diff skipped-ref skipped-new | grep '^> '; then
ret=1
else
diff --git a/docs/architecture/psa-migration/strategy.md b/docs/architecture/psa-migration/strategy.md
index 0ad5fa0..1542324 100644
--- a/docs/architecture/psa-migration/strategy.md
+++ b/docs/architecture/psa-migration/strategy.md
@@ -386,15 +386,16 @@
result in more tests being skipped, which is easy to miss. Care must be
taken to ensure this does not happen. The following criteria can be used:
-- the sets of tests skipped in the default config and the full config must be
- the same before and after the PR that implements step 3;
-- the set of tests skipped in the driver-only build is the same as in an
- equivalent software-based configuration, or the difference is small enough,
- justified, and a github issue is created to track it.
-
-Note that the favourable case is when the number of tests skipped is 0 in the
-driver-only build. In other cases, analysis of the outcome files is needed,
-see the example script `outcome-analysis.sh` in the same directory.
+1. The sets of tests skipped in the default config and the full config must be
+ the same before and after the PR that implements step 3. This is tested
+manually for each PR that changes dependency declarations by using the script
+`outcome-analysis.sh` in the present directory.
+2. The set of tests skipped in the driver-only build is the same as in an
+ equivalent software-based configuration. This is tested automatically by the
+CI in the "Results analysis" stage, by running
+`tests/scripts/analyze_outcomes.py`. See the
+`analyze_driver_vs_reference_xxx` actions in the script and the comments above
+their declaration for how to do that locally.
Migrating away from the legacy API
diff --git a/docs/getting_started.md b/docs/getting_started.md
index fdbf0e9..507afa1 100644
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -1,8 +1,9 @@
-## Getting started with Mbed Crypto
+## Getting started with Mbed TLS
-### What is Mbed Crypto?
+### What is Mbed TLS?
-Mbed Crypto is an open source cryptographic library that supports a wide range of cryptographic operations, including:
+Mbed TLS is an open source cryptographic library that supports a wide range of
+cryptographic operations, including:
* Key management
* Hashing
* Symmetric cryptography
@@ -11,20 +12,25 @@
* Key generation and derivation
* Authenticated encryption with associated data (AEAD)
-The Mbed Crypto library is a reference implementation of the cryptography interface of the Arm Platform Security Architecture (PSA). It is written in portable C.
+Mbed TLS provides a reference implementation of the cryptography interface of
+the Arm Platform Security Architecture (PSA). It is written in portable C.
-The Mbed Crypto library is distributed under the Apache License, version 2.0.
+Mbed TLS is distributed under the Apache License, version 2.0.
#### Platform Security Architecture (PSA)
Arm's Platform Security Architecture (PSA) is a holistic set of threat models,
-security analyses, hardware and firmware architecture specifications, and an open source firmware reference implementation. PSA provides a recipe, based on industry best practice, that enables you to design security into both hardware and firmware consistently. Part of the API provided by PSA is the cryptography interface, which provides access to a set of primitives.
+security analyses, hardware and firmware architecture specifications, and an
+open source firmware reference implementation. PSA provides a recipe, based on
+industry best practice, that enables you to design security into both hardware
+and firmware consistently. Part of the API provided by PSA is the cryptography
+interface, which provides access to a set of primitives.
-### Using Mbed Crypto
+### Using Mbed TLS
-* [Getting the Mbed Crypto library](#getting-the-mbed-crypto-library)
-* [Building the Mbed Crypto library](#building-the-mbed-crypto-library)
-* [Using the Mbed Crypto library](#using-the-mbed-crypto-library)
+* [Getting the Mbed TLS library](#getting-the-mbed-tls-library)
+* [Building the Mbed TLS library](#building-the-mbed-tls-library)
+* [Using the PSA Crypto API](#using-the-psa-crypto-api)
* [Importing a key](#importing-a-key)
* [Signing a message using RSA](#signing-a-message-using-RSA)
* [Encrypting or decrypting using symmetric ciphers](#encrypting-or-decrypting-using-symmetric-ciphers)
@@ -33,37 +39,45 @@
* [Generating a random value](#generating-a-random-value)
* [Authenticating and encrypting or decrypting a message](#authenticating-and-encrypting-or-decrypting-a-message)
* [Generating and exporting keys](#generating-and-exporting-keys)
-* [More about the Mbed Crypto library](#more-about-the-mbed-crypto-library)
+* [More about the PSA Crypto API](#more-about-the-psa-crypto-api)
-### Getting the Mbed Crypto library
+### Getting the Mbed TLS library
-Mbed Crypto releases are available in the [public GitHub repository](https://github.com/ARMmbed/mbed-crypto).
+Mbed TLS releases are available in the [public GitHub repository](https://github.com/Mbed-TLS/mbedtls).
-### Building the Mbed Crypto library
+### Building the Mbed TLS library
**Prerequisites to building the library with the provided makefiles:**
* GNU Make.
-* A C toolchain (compiler, linker, archiver).
-* Python 2 or Python 3 (either works) to generate the test code.
+* A C toolchain (compiler, linker, archiver) that supports C99.
+* Python 3.6 to generate the test code.
* Perl to run the tests.
-If you have a C compiler such as GCC or Clang, just run `make` in the top-level directory to build the library, a set of unit tests and some sample programs.
+If you have a C compiler such as GCC or Clang, just run `make` in the top-level
+directory to build the library, a set of unit tests and some sample programs.
-To select a different compiler, set the `CC` variable to the name or path of the compiler and linker (default: `cc`) and set `AR` to a compatible archiver (default: `ar`); for example:
+To select a different compiler, set the `CC` variable to the name or path of the
+compiler and linker (default: `cc`) and set `AR` to a compatible archiver
+(default: `ar`); for example:
```
make CC=arm-linux-gnueabi-gcc AR=arm-linux-gnueabi-ar
```
-The provided makefiles pass options to the compiler that assume a GCC-like command line syntax. To use a different compiler, you may need to pass different values for `CFLAGS`, `WARNINGS_CFLAGS` and `LDFLAGS`.
+The provided makefiles pass options to the compiler that assume a GCC-like
+command line syntax. To use a different compiler, you may need to pass different
+values for `CFLAGS`, `WARNINGS_CFLAGS` and `LDFLAGS`.
-To run the unit tests on the host machine, run `make test` from the top-level directory. If you are cross-compiling, copy the test executable from the `tests` directory to the target machine.
+To run the unit tests on the host machine, run `make test` from the top-level
+directory. If you are cross-compiling, copy the test executable from the `tests`
+directory to the target machine.
-### Using the Mbed Crypto library
+### Using the PSA Crypto API
-To use the Mbed Crypto APIs, call `psa_crypto_init()` before calling any other API. This initializes the library.
+If using PSA Crypto, you must initialize the library by calling
+`psa_crypto_init()` before any other PSA API.
### Importing a key
-To use a key for cryptography operations in Mbed Crypto, you need to first
+To use a key for cryptography operations in PSA, you need to first
import it. The import operation returns the identifier of the key for use
with other function calls.
@@ -114,7 +128,8 @@
### Signing a message using RSA
-Mbed Crypto supports encrypting, decrypting, signing and verifying messages using public key signature algorithms, such as RSA or ECDSA.
+The PSA Crypto API supports encrypting, decrypting, signing and verifying
+messages using public key signature algorithms, such as RSA or ECDSA.
**Prerequisites to performing asymmetric signature operations:**
* Initialize the library with a successful call to `psa_crypto_init()`.
@@ -184,21 +199,33 @@
### Using symmetric ciphers
-Mbed Crypto supports encrypting and decrypting messages using various symmetric cipher algorithms (both block and stream ciphers).
+The PSA Crypto API supports encrypting and decrypting messages using various
+symmetric cipher algorithms (both block and stream ciphers).
**Prerequisites to working with the symmetric cipher API:**
* Initialize the library with a successful call to `psa_crypto_init()`.
-* Have a symmetric key. This key's usage flags must include `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to allow decryption.
+* Have a symmetric key. This key's usage flags must include
+ `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to
+ allow decryption.
**To encrypt a message with a symmetric cipher:**
-1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions.
+1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the
+ cipher functions.
1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`.
-1. Call `psa_cipher_encrypt_setup()` to specify the algorithm and the key to be used.
-1. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate or set the initialization vector (IV). We recommend calling `psa_cipher_generate_iv()`, unless you require a specific IV value.
-1. Call `psa_cipher_update()` with the message to encrypt. You may call this function multiple times, passing successive fragments of the message on successive calls.
-1. Call `psa_cipher_finish()` to end the operation and output the encrypted message.
+1. Call `psa_cipher_encrypt_setup()` to specify the algorithm and the key to be
+ used.
+1. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate
+ or set the initialization vector (IV). We recommend calling
+ `psa_cipher_generate_iv()`, unless you require a specific IV value.
+1. Call `psa_cipher_update()` with the message to encrypt. You may call this
+ function multiple times, passing successive fragments of the message on
+ successive calls.
+1. Call `psa_cipher_finish()` to end the operation and output the encrypted
+ message.
-This example shows how to encrypt data using an AES (Advanced Encryption Standard) key in CBC (Cipher Block Chaining) mode with no padding (assuming all prerequisites have been fulfilled):
+This example shows how to encrypt data using an AES (Advanced Encryption
+Standard) key in CBC (Cipher Block Chaining) mode with no padding (assuming all
+prerequisites have been fulfilled):
```c
void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
{
@@ -275,15 +302,20 @@
```
**To decrypt a message with a symmetric cipher:**
-1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the cipher functions.
+1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the
+ cipher functions.
1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`.
-1. Call `psa_cipher_decrypt_setup()` to specify the algorithm and the key to be used.
+1. Call `psa_cipher_decrypt_setup()` to specify the algorithm and the key to be
+ used.
1. Call `psa_cipher_set_iv()` with the IV for the decryption.
-1. Call `psa_cipher_update()` with the message to encrypt. You may call this function multiple times, passing successive fragments of the message on successive calls.
-1. Call `psa_cipher_finish()` to end the operation and output the decrypted message.
+1. Call `psa_cipher_update()` with the message to encrypt. You may call this
+ function multiple times, passing successive fragments of the message on
+ successive calls.
+1. Call `psa_cipher_finish()` to end the operation and output the decrypted
+ message.
-This example shows how to decrypt encrypted data using an AES key in CBC mode with no padding
-(assuming all prerequisites have been fulfilled):
+This example shows how to decrypt encrypted data using an AES key in CBC mode
+with no padding (assuming all prerequisites have been fulfilled):
```c
void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
{
@@ -360,34 +392,49 @@
#### Handling cipher operation contexts
-After you've initialized the operation structure with a successful call to `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`, you can terminate the operation at any time by calling `psa_cipher_abort()`.
+After you've initialized the operation structure with a successful call to
+`psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`, you can terminate
+the operation at any time by calling `psa_cipher_abort()`.
-The call to `psa_cipher_abort()` frees any resources associated with the operation, except for the operation structure itself.
+The call to `psa_cipher_abort()` frees any resources associated with the
+operation, except for the operation structure itself.
-Mbed Crypto implicitly calls `psa_cipher_abort()` when:
-* A call to `psa_cipher_generate_iv()`, `psa_cipher_set_iv()` or `psa_cipher_update()` fails (returning any status other than `PSA_SUCCESS`).
+The PSA Crypto API implicitly calls `psa_cipher_abort()` when:
+* A call to `psa_cipher_generate_iv()`, `psa_cipher_set_iv()` or
+ `psa_cipher_update()` fails (returning any status other than `PSA_SUCCESS`).
* A call to `psa_cipher_finish()` succeeds or fails.
-After an implicit or explicit call to `psa_cipher_abort()`, the operation structure is invalidated; in other words, you cannot reuse the operation structure for the same operation. You can, however, reuse the operation structure for a different operation by calling either `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` again.
+After an implicit or explicit call to `psa_cipher_abort()`, the operation
+structure is invalidated; in other words, you cannot reuse the operation
+structure for the same operation. You can, however, reuse the operation
+structure for a different operation by calling either
+`psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` again.
-You must call `psa_cipher_abort()` at some point for any operation that is initialized successfully (by a successful call to `psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`).
+You must call `psa_cipher_abort()` at some point for any operation that is
+initialized successfully (by a successful call to `psa_cipher_encrypt_setup()`
+or `psa_cipher_decrypt_setup()`).
-Making multiple sequential calls to `psa_cipher_abort()` on an operation that is terminated (either implicitly or explicitly) is safe and has no effect.
+Making multiple sequential calls to `psa_cipher_abort()` on an operation that
+is terminated (either implicitly or explicitly) is safe and has no effect.
### Hashing a message
-Mbed Crypto lets you compute and verify hashes using various hashing
+The PSA Crypto API lets you compute and verify hashes using various hashing
algorithms.
**Prerequisites to working with the hash APIs:**
* Initialize the library with a successful call to `psa_crypto_init()`.
**To calculate a hash:**
-1. Allocate an operation structure (`psa_hash_operation_t`) to pass to the hash functions.
+1. Allocate an operation structure (`psa_hash_operation_t`) to pass to the hash
+ functions.
1. Initialize the operation structure to zero or to `PSA_HASH_OPERATION_INIT`.
1. Call `psa_hash_setup()` to specify the hash algorithm.
-1. Call `psa_hash_update()` with the message to encrypt. You may call this function multiple times, passing successive fragments of the message on successive calls.
-1. Call `psa_hash_finish()` to calculate the hash, or `psa_hash_verify()` to compare the computed hash with an expected hash value.
+1. Call `psa_hash_update()` with the message to encrypt. You may call this
+ function multiple times, passing successive fragments of the message on
+ successive calls.
+1. Call `psa_hash_finish()` to calculate the hash, or `psa_hash_verify()` to
+ compare the computed hash with an expected hash value.
This example shows how to calculate the SHA-256 hash of a message:
```c
@@ -482,33 +529,46 @@
mbedtls_psa_crypto_free();
```
-The API provides the macro `PSA_HASH_LENGTH`, which returns the expected hash length (in bytes) for the specified algorithm.
+The API provides the macro `PSA_HASH_LENGTH`, which returns the expected hash
+length (in bytes) for the specified algorithm.
#### Handling hash operation contexts
-After a successful call to `psa_hash_setup()`, you can terminate the operation at any time by calling `psa_hash_abort()`. The call to `psa_hash_abort()` frees any resources associated with the operation, except for the operation structure itself.
+After a successful call to `psa_hash_setup()`, you can terminate the operation
+at any time by calling `psa_hash_abort()`. The call to `psa_hash_abort()` frees
+any resources associated with the operation, except for the operation structure
+itself.
-Mbed Crypto implicitly calls `psa_hash_abort()` when:
-1. A call to `psa_hash_update()` fails (returning any status other than `PSA_SUCCESS`).
+The PSA Crypto API implicitly calls `psa_hash_abort()` when:
+1. A call to `psa_hash_update()` fails (returning any status other than
+ `PSA_SUCCESS`).
1. A call to `psa_hash_finish()` succeeds or fails.
1. A call to `psa_hash_verify()` succeeds or fails.
-After an implicit or explicit call to `psa_hash_abort()`, the operation structure is invalidated; in other words, you cannot reuse the operation structure for the same operation. You can, however, reuse the operation structure for a different operation by calling `psa_hash_setup()` again.
+After an implicit or explicit call to `psa_hash_abort()`, the operation
+structure is invalidated; in other words, you cannot reuse the operation
+structure for the same operation. You can, however, reuse the operation
+structure for a different operation by calling `psa_hash_setup()` again.
-You must call `psa_hash_abort()` at some point for any operation that is initialized successfully (by a successful call to `psa_hash_setup()`) .
+You must call `psa_hash_abort()` at some point for any operation that is
+initialized successfully (by a successful call to `psa_hash_setup()`) .
-Making multiple sequential calls to `psa_hash_abort()` on an operation that has already been terminated (either implicitly or explicitly) is safe and has no effect.
+Making multiple sequential calls to `psa_hash_abort()` on an operation that has
+already been terminated (either implicitly or explicitly) is safe and has no
+effect.
### Generating a random value
-Mbed Crypto can generate random data.
+The PSA Crypto API can generate random data.
**Prerequisites to generating random data:**
* Initialize the library with a successful call to `psa_crypto_init()`.
-<span class="notes">**Note:** To generate a random key, use `psa_generate_key()` instead of `psa_generate_random()`.</span>
+<span class="notes">**Note:** To generate a random key, use `psa_generate_key()`
+instead of `psa_generate_random()`.</span>
-This example shows how to generate ten bytes of random data by calling `psa_generate_random()`:
+This example shows how to generate ten bytes of random data by calling
+`psa_generate_random()`:
```C
psa_status_t status;
uint8_t random[10] = { 0 };
@@ -537,16 +597,19 @@
### Deriving a new key from an existing key
-Mbed Crypto provides a key derivation API that lets you derive new keys from
-existing ones. The key derivation API has functions to take inputs, including
-other keys and data, and functions to generate outputs, such as new keys or
-other data.
+The PSA Crypto API provides a key derivation API that lets you derive new keys
+from existing ones. The key derivation API has functions to take inputs,
+including other keys and data, and functions to generate outputs, such as
+new keys or other data.
You must first initialize and set up a key derivation context,
-provided with a key and, optionally, other data. Then, use the key derivation context to either read derived data to a buffer or send derived data directly to a key slot.
+provided with a key and, optionally, other data. Then, use the key derivation
+context to either read derived data to a buffer or send derived data directly
+to a key slot.
-See the documentation for the particular algorithm (such as HKDF or the TLS1.2 PRF) for
-information about which inputs to pass when, and when you can obtain which outputs.
+See the documentation for the particular algorithm (such as HKDF or the
+TLS 1.2 PRF) for information about which inputs to pass when, and when you can
+obtain which outputs.
**Prerequisites to working with the key derivation APIs:**
* Initialize the library with a successful call to `psa_crypto_init()`.
@@ -563,11 +626,11 @@
function, specifying the derivation algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`.
1. Provide an optional salt with `psa_key_derivation_input_bytes()`.
1. Provide info with `psa_key_derivation_input_bytes()`.
-1. Provide a secret with `psa_key_derivation_input_key()`, referencing a key that
- can be used for key derivation.
+1. Provide a secret with `psa_key_derivation_input_key()`, referencing a key
+ that can be used for key derivation.
1. Set the key attributes desired for the new derived key. We'll set
- the `PSA_KEY_USAGE_ENCRYPT` usage flag and the `PSA_ALG_CTR` algorithm for this
- example.
+ the `PSA_KEY_USAGE_ENCRYPT` usage flag and the `PSA_ALG_CTR` algorithm for
+ this example.
1. Derive the key by calling `psa_key_derivation_output_key()`.
1. Clean up the key derivation context.
@@ -675,11 +738,13 @@
### Authenticating and encrypting or decrypting a message
-Mbed Crypto provides a simple way to authenticate and encrypt with associated data (AEAD), supporting the `PSA_ALG_CCM` algorithm.
+The PSA Crypto API provides a simple way to authenticate and encrypt with
+associated data (AEAD), supporting the `PSA_ALG_CCM` algorithm.
**Prerequisites to working with the AEAD cipher APIs:**
* Initialize the library with a successful call to `psa_crypto_init()`.
-* The key attributes for the key used for derivation must have the `PSA_KEY_USAGE_ENCRYPT` or `PSA_KEY_USAGE_DECRYPT` usage flags.
+* The key attributes for the key used for derivation must have the
+ `PSA_KEY_USAGE_ENCRYPT` or `PSA_KEY_USAGE_DECRYPT` usage flags.
This example shows how to authenticate and encrypt a message:
```C
@@ -829,7 +894,7 @@
### Generating and exporting keys
-Mbed Crypto provides a simple way to generate a key or key pair.
+The PSA Crypto API provides a simple way to generate a key or key pair.
**Prerequisites to using key generation and export APIs:**
* Initialize the library with a successful call to `psa_crypto_init()`.
@@ -837,7 +902,9 @@
**To generate an ECDSA key:**
1. Set the desired key attributes for key generation by calling
`psa_set_key_algorithm()` with the chosen ECDSA algorithm (such as
- `PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)`). You only want to export the public key, not the key pair (or private key); therefore, do not set `PSA_KEY_USAGE_EXPORT`.
+ `PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)`). You only want to export the
+ public key, not the key pair (or private key); therefore, do not
+ set `PSA_KEY_USAGE_EXPORT`.
1. Generate a key by calling `psa_generate_key()`.
1. Export the generated public key by calling `psa_export_public_key()`:
```C
@@ -891,4 +958,5 @@
### More about the PSA Crypto API
-For more information about the PSA Crypto API, please see the [PSA Cryptography API Specification](https://armmbed.github.io/mbed-crypto/html/index.html).
+For more information about the PSA Crypto API, please see the
+[PSA Cryptography API Specification](https://arm-software.github.io/psa-api/crypto/).
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 09bc32c..48b2d32 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -843,6 +843,8 @@
/* These features are always enabled. */
#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_PASSWORD 1
+#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
#define PSA_WANT_KEY_TYPE_RAW_DATA 1
#ifdef __cplusplus
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 11c3139..2a2c039 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -48,8 +48,11 @@
* Requires support for asm() in compiler.
*
* Used in:
+ * library/aesni.h
* library/aria.c
* library/bn_mul.h
+ * library/constant_time.c
+ * library/padlock.h
*
* Required by:
* MBEDTLS_AESNI_C
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 661b23c..dbc37e8 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -809,8 +809,6 @@
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
-typedef uint8_t mbedtls_ssl_tls13_ticket_flags;
-
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK /* 1U << 0 */
#define MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION \
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 661f8aa..7c3a625 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -197,7 +197,7 @@
#define MBEDTLS_X509_CRT_VERSION_2 1
#define MBEDTLS_X509_CRT_VERSION_3 2
-#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
+#define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 20
#define MBEDTLS_X509_RFC5280_UTC_TIME_LEN 15
#if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
@@ -277,7 +277,8 @@
*/
typedef struct mbedtls_x509write_cert {
int MBEDTLS_PRIVATE(version);
- mbedtls_mpi MBEDTLS_PRIVATE(serial);
+ unsigned char MBEDTLS_PRIVATE(serial)[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
+ size_t MBEDTLS_PRIVATE(serial_len);
mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
mbedtls_pk_context *MBEDTLS_PRIVATE(issuer_key);
mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
@@ -986,15 +987,43 @@
*/
void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version);
+#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
/**
* \brief Set the serial number for a Certificate.
*
+ * \deprecated This function is deprecated and will be removed in a
+ * future version of the library. Please use
+ * mbedtls_x509write_crt_set_serial_raw() instead.
+ *
+ * \note Even though the MBEDTLS_BIGNUM_C guard looks redundant since
+ * X509 depends on PK and PK depends on BIGNUM, this emphasizes
+ * a direct dependency between X509 and BIGNUM which is going
+ * to be deprecated in the future.
+ *
* \param ctx CRT context to use
* \param serial serial number to set
*
* \return 0 if successful
*/
-int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
+int MBEDTLS_DEPRECATED mbedtls_x509write_crt_set_serial(
+ mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial);
+#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
+
+/**
+ * \brief Set the serial number for a Certificate.
+ *
+ * \param ctx CRT context to use
+ * \param serial A raw array of bytes containing the serial number in big
+ * endian format
+ * \param serial_len Length of valid bytes (expressed in bytes) in \p serial
+ * input buffer
+ *
+ * \return 0 if successful, or
+ * MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer
+ * is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
+ */
+int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
+ unsigned char *serial, size_t serial_len);
/**
* \brief Set the validity period for a Certificate
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 5ab4fde..e68fac8 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -57,6 +57,7 @@
#define PSA_WANT_ALG_CBC_NO_PADDING 1
#define PSA_WANT_ALG_CBC_PKCS7 1
#define PSA_WANT_ALG_CCM 1
+#define PSA_WANT_ALG_CCM_STAR_NO_TAG 1
#define PSA_WANT_ALG_CMAC 1
#define PSA_WANT_ALG_CFB 1
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
@@ -115,6 +116,8 @@
#define PSA_WANT_ECC_SECP_R1_521 1
#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_PASSWORD 1
+#define PSA_WANT_KEY_TYPE_PASSWORD_HASH 1
#define PSA_WANT_KEY_TYPE_HMAC 1
#define PSA_WANT_KEY_TYPE_AES 1
#define PSA_WANT_KEY_TYPE_ARIA 1
diff --git a/library/aesni.c b/library/aesni.c
index d4abb4d..f6b304d 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -37,12 +37,6 @@
#include <string.h>
-/* *INDENT-OFF* */
-#ifndef asm
-#define asm __asm
-#endif
-/* *INDENT-ON* */
-
#if defined(MBEDTLS_HAVE_X86_64)
/*
diff --git a/library/alignment.h b/library/alignment.h
index bfc965e..aa09ff8 100644
--- a/library/alignment.h
+++ b/library/alignment.h
@@ -29,6 +29,23 @@
#include "mbedtls/build_info.h"
+/*
+ * Define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS for architectures where unaligned memory
+ * accesses are known to be efficient.
+ *
+ * All functions defined here will behave correctly regardless, but might be less
+ * efficient when this is not defined.
+ */
+#if defined(__ARM_FEATURE_UNALIGNED) \
+ || defined(__i386__) || defined(__amd64__) || defined(__x86_64__)
+/*
+ * __ARM_FEATURE_UNALIGNED is defined where appropriate by armcc, gcc 7, clang 9
+ * (and later versions) for Arm v7 and later; all x86 platforms should have
+ * efficient unaligned access.
+ */
+#define MBEDTLS_EFFICIENT_UNALIGNED_ACCESS
+#endif
+
/**
* Read the unsigned 16 bits integer from the given address, which need not
* be aligned.
diff --git a/library/bignum.c b/library/bignum.c
index 9bc1c2d..41b3a26 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1009,7 +1009,7 @@
/* Set the high limbs of X to match A. Don't touch the lower limbs
* because X might be aliased to B, and we must not overwrite the
* significant digits of B. */
- if (A->n > n) {
+ if (A->n > n && A != X) {
memcpy(X->p + n, A->p + n, (A->n - n) * ciL);
}
if (X->n > A->n) {
diff --git a/library/bignum_core.h b/library/bignum_core.h
index 44d5c5a..4fb8f65 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -222,7 +222,7 @@
* most significant zero bytes in the input).
*
* \param[out] X The address of the MPI.
- * May only be #NULL if \X_limbs is 0 and \p input_length
+ * May only be #NULL if \p X_limbs is 0 and \p input_length
* is 0.
* \param X_limbs The number of limbs of \p X.
* \param[in] input The input buffer to import from.
diff --git a/library/bignum_mod.c b/library/bignum_mod.c
index e701a68..e986865 100644
--- a/library/bignum_mod.c
+++ b/library/bignum_mod.c
@@ -35,15 +35,15 @@
#include "constant_time_internal.h"
int mbedtls_mpi_mod_residue_setup(mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
mbedtls_mpi_uint *p,
size_t p_limbs)
{
- if (p_limbs != m->limbs || !mbedtls_mpi_core_lt_ct(p, m->p, m->limbs)) {
+ if (p_limbs != N->limbs || !mbedtls_mpi_core_lt_ct(p, N->p, N->limbs)) {
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
}
- r->limbs = m->limbs;
+ r->limbs = N->limbs;
r->p = p;
return 0;
@@ -59,45 +59,45 @@
r->p = NULL;
}
-void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *m)
+void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N)
{
- if (m == NULL) {
+ if (N == NULL) {
return;
}
- m->p = NULL;
- m->limbs = 0;
- m->bits = 0;
- m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
+ N->p = NULL;
+ N->limbs = 0;
+ N->bits = 0;
+ N->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
}
-void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *m)
+void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N)
{
- if (m == NULL) {
+ if (N == NULL) {
return;
}
- switch (m->int_rep) {
+ switch (N->int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
- if (m->rep.mont.rr != NULL) {
- mbedtls_platform_zeroize((mbedtls_mpi_uint *) m->rep.mont.rr,
- m->limbs * sizeof(mbedtls_mpi_uint));
- mbedtls_free((mbedtls_mpi_uint *) m->rep.mont.rr);
- m->rep.mont.rr = NULL;
+ if (N->rep.mont.rr != NULL) {
+ mbedtls_platform_zeroize((mbedtls_mpi_uint *) N->rep.mont.rr,
+ N->limbs * sizeof(mbedtls_mpi_uint));
+ mbedtls_free((mbedtls_mpi_uint *) N->rep.mont.rr);
+ N->rep.mont.rr = NULL;
}
- m->rep.mont.mm = 0;
+ N->rep.mont.mm = 0;
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
- mbedtls_free(m->rep.ored);
+ mbedtls_free(N->rep.ored);
break;
case MBEDTLS_MPI_MOD_REP_INVALID:
break;
}
- m->p = NULL;
- m->limbs = 0;
- m->bits = 0;
- m->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
+ N->p = NULL;
+ N->limbs = 0;
+ N->bits = 0;
+ N->int_rep = MBEDTLS_MPI_MOD_REP_INVALID;
}
static int set_mont_const_square(const mbedtls_mpi_uint **X,
@@ -136,26 +136,26 @@
return ret;
}
-int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *m,
+int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_mod_rep_selector int_rep)
{
int ret = 0;
- m->p = p;
- m->limbs = p_limbs;
- m->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
+ N->p = p;
+ N->limbs = p_limbs;
+ N->bits = mbedtls_mpi_core_bitlen(p, p_limbs);
switch (int_rep) {
case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
- m->int_rep = int_rep;
- m->rep.mont.mm = mbedtls_mpi_core_montmul_init(m->p);
- ret = set_mont_const_square(&m->rep.mont.rr, m->p, m->limbs);
+ N->int_rep = int_rep;
+ N->rep.mont.mm = mbedtls_mpi_core_montmul_init(N->p);
+ ret = set_mont_const_square(&N->rep.mont.rr, N->p, N->limbs);
break;
case MBEDTLS_MPI_MOD_REP_OPT_RED:
- m->int_rep = int_rep;
- m->rep.ored = NULL;
+ N->int_rep = int_rep;
+ N->rep.ored = NULL;
break;
default:
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@@ -165,7 +165,7 @@
exit:
if (ret != 0) {
- mbedtls_mpi_mod_modulus_free(m);
+ mbedtls_mpi_mod_modulus_free(N);
}
return ret;
@@ -349,7 +349,7 @@
/* BEGIN MERGE SLOT 7 */
int mbedtls_mpi_mod_read(mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
const unsigned char *buf,
size_t buflen,
mbedtls_mpi_mod_ext_rep ext_rep)
@@ -357,28 +357,28 @@
int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
/* Do our best to check if r and m have been set up */
- if (r->limbs == 0 || m->limbs == 0) {
+ if (r->limbs == 0 || N->limbs == 0) {
goto cleanup;
}
- if (r->limbs != m->limbs) {
+ if (r->limbs != N->limbs) {
goto cleanup;
}
- ret = mbedtls_mpi_mod_raw_read(r->p, m, buf, buflen, ext_rep);
+ ret = mbedtls_mpi_mod_raw_read(r->p, N, buf, buflen, ext_rep);
if (ret != 0) {
goto cleanup;
}
- r->limbs = m->limbs;
+ r->limbs = N->limbs;
- ret = mbedtls_mpi_mod_raw_canonical_to_modulus_rep(r->p, m);
+ ret = mbedtls_mpi_mod_raw_canonical_to_modulus_rep(r->p, N);
cleanup:
return ret;
}
int mbedtls_mpi_mod_write(const mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
unsigned char *buf,
size_t buflen,
mbedtls_mpi_mod_ext_rep ext_rep)
@@ -386,28 +386,28 @@
int ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
/* Do our best to check if r and m have been set up */
- if (r->limbs == 0 || m->limbs == 0) {
+ if (r->limbs == 0 || N->limbs == 0) {
goto cleanup;
}
- if (r->limbs != m->limbs) {
+ if (r->limbs != N->limbs) {
goto cleanup;
}
- if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
- ret = mbedtls_mpi_mod_raw_from_mont_rep(r->p, m);
+ if (N->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
+ ret = mbedtls_mpi_mod_raw_from_mont_rep(r->p, N);
if (ret != 0) {
goto cleanup;
}
}
- ret = mbedtls_mpi_mod_raw_write(r->p, m, buf, buflen, ext_rep);
+ ret = mbedtls_mpi_mod_raw_write(r->p, N, buf, buflen, ext_rep);
- if (m->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
+ if (N->int_rep == MBEDTLS_MPI_MOD_REP_MONTGOMERY) {
/* If this fails, the value of r is corrupted and we want to return
* this error (as opposed to the error code from the write above) to
* let the caller know. If it succeeds, we want to return the error
* code from write above. */
- int conv_ret = mbedtls_mpi_mod_raw_to_mont_rep(r->p, m);
+ int conv_ret = mbedtls_mpi_mod_raw_to_mont_rep(r->p, N);
if (ret == 0) {
ret = conv_ret;
}
diff --git a/library/bignum_mod.h b/library/bignum_mod.h
index 0a22e71..d4c1d5d 100644
--- a/library/bignum_mod.h
+++ b/library/bignum_mod.h
@@ -140,34 +140,34 @@
/** Setup a residue structure.
*
- * The residue will be set up with the buffer \p p and modulus \p m.
+ * The residue will be set up with the buffer \p p and modulus \p N.
*
* The memory pointed to by \p p will be used by the resulting residue structure.
* The value at the pointed-to memory will be the initial value of \p r and must
* hold a value that is less than the modulus. This value will be used as-is
- * and interpreted according to the value of the `m->int_rep` field.
+ * and interpreted according to the value of the `N->int_rep` field.
*
- * The modulus \p m will be the modulus associated with \p r. The residue \p r
- * should only be used in operations where the modulus is \p m.
+ * The modulus \p N will be the modulus associated with \p r. The residue \p r
+ * should only be used in operations where the modulus is \p N.
*
* \param[out] r The address of the residue to setup.
- * \param[in] m The address of the modulus related to \p r.
+ * \param[in] N The address of the modulus related to \p r.
* \param[in] p The address of the limb array containing the value of \p r.
* The memory pointed to by \p p will be used by \p r and must
* not be modified in any way until after
* mbedtls_mpi_mod_residue_release() is called. The data
* pointed to by \p p must be less than the modulus (the value
- * pointed to by `m->p`) and already in the representation
- * indicated by `m->int_rep`.
+ * pointed to by `N->p`) and already in the representation
+ * indicated by `N->int_rep`.
* \param p_limbs The number of limbs of \p p. Must be the same as the number
- * of limbs in the modulus \p m.
+ * of limbs in the modulus \p N.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p p_limbs is less than the
- * limbs in \p m or if \p p is not less than \p m.
+ * limbs in \p N or if \p p is not less than \p N.
*/
int mbedtls_mpi_mod_residue_setup(mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
mbedtls_mpi_uint *p,
size_t p_limbs);
@@ -185,25 +185,25 @@
/** Initialize a modulus structure.
*
- * \param[out] m The address of the modulus structure to initialize.
+ * \param[out] N The address of the modulus structure to initialize.
*/
-void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *m);
+void mbedtls_mpi_mod_modulus_init(mbedtls_mpi_mod_modulus *N);
/** Setup a modulus structure.
*
- * \param[out] m The address of the modulus structure to populate.
- * \param[in] p The address of the limb array storing the value of \p m.
- * The memory pointed to by \p p will be used by \p m and must
+ * \param[out] N The address of the modulus structure to populate.
+ * \param[in] p The address of the limb array storing the value of \p N.
+ * The memory pointed to by \p p will be used by \p N and must
* not be modified in any way until after
* mbedtls_mpi_mod_modulus_free() is called.
* \param p_limbs The number of limbs of \p p.
* \param int_rep The internal representation to be used for residues
- * associated with \p m (see #mbedtls_mpi_mod_rep_selector).
+ * associated with \p N (see #mbedtls_mpi_mod_rep_selector).
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p int_rep is invalid.
*/
-int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *m,
+int mbedtls_mpi_mod_modulus_setup(mbedtls_mpi_mod_modulus *N,
const mbedtls_mpi_uint *p,
size_t p_limbs,
mbedtls_mpi_mod_rep_selector int_rep);
@@ -216,9 +216,9 @@
* mbedtls_mpi_mod_modulus_setup() only removes the reference to it,
* making it safe to free or to use it again.
*
- * \param[in,out] m The address of the modulus structure to free.
+ * \param[in,out] N The address of the modulus structure to free.
*/
-void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *m);
+void mbedtls_mpi_mod_modulus_free(mbedtls_mpi_mod_modulus *N);
/* BEGIN MERGE SLOT 1 */
@@ -401,16 +401,16 @@
/** Read a residue from a byte buffer.
*
* The residue will be automatically converted to the internal representation
- * based on the value of the `m->int_rep` field.
+ * based on the value of the `N->int_rep` field.
*
- * The modulus \p m will be the modulus associated with \p r. The residue \p r
- * should only be used in operations where the modulus is \p m or a modulus
- * equivalent to \p m (in the sense that all their fields or memory pointed by
+ * The modulus \p N will be the modulus associated with \p r. The residue \p r
+ * should only be used in operations where the modulus is \p N or a modulus
+ * equivalent to \p N (in the sense that all their fields or memory pointed by
* their fields hold the same value).
*
* \param[out] r The address of the residue. It must have exactly the same
- * number of limbs as the modulus \p m.
- * \param[in] m The address of the modulus.
+ * number of limbs as the modulus \p N.
+ * \param[in] N The address of the modulus.
* \param[in] buf The input buffer to import from.
* \param buflen The length in bytes of \p buf.
* \param ext_rep The endianness of the number in the input buffer.
@@ -419,32 +419,32 @@
* \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p r isn't
* large enough to hold the value in \p buf.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p ext_rep
- * is invalid or the value in the buffer is not less than \p m.
+ * is invalid or the value in the buffer is not less than \p N.
*/
int mbedtls_mpi_mod_read(mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
const unsigned char *buf,
size_t buflen,
mbedtls_mpi_mod_ext_rep ext_rep);
/** Write a residue into a byte buffer.
*
- * The modulus \p m must be the modulus associated with \p r (see
+ * The modulus \p N must be the modulus associated with \p r (see
* mbedtls_mpi_mod_residue_setup() and mbedtls_mpi_mod_read()).
*
* The residue will be automatically converted from the internal representation
- * based on the value of `m->int_rep` field.
+ * based on the value of `N->int_rep` field.
*
- * \warning If the buffer is smaller than `m->bits`, the number of
+ * \warning If the buffer is smaller than `N->bits`, the number of
* leading zeroes is leaked through timing. If \p r is
* secret, the caller must ensure that \p buflen is at least
- * (`m->bits`+7)/8.
+ * (`N->bits`+7)/8.
*
* \param[in] r The address of the residue. It must have the same number of
- * limbs as the modulus \p m. (\p r is an input parameter, but
+ * limbs as the modulus \p N. (\p r is an input parameter, but
* its value will be modified during execution and restored
* before the function returns.)
- * \param[in] m The address of the modulus associated with \r.
+ * \param[in] N The address of the modulus associated with \p r.
* \param[out] buf The output buffer to export to.
* \param buflen The length in bytes of \p buf.
* \param ext_rep The endianness in which the number should be written into
@@ -460,7 +460,7 @@
* MBEDTLS_MPI_MOD_REP_MONTGOMERY.
*/
int mbedtls_mpi_mod_write(const mbedtls_mpi_mod_residue *r,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
unsigned char *buf,
size_t buflen,
mbedtls_mpi_mod_ext_rep ext_rep);
diff --git a/library/bignum_mod_raw.c b/library/bignum_mod_raw.c
index aa2bd46..bf0cb25 100644
--- a/library/bignum_mod_raw.c
+++ b/library/bignum_mod_raw.c
@@ -33,6 +33,8 @@
#include "bignum_mod.h"
#include "constant_time_internal.h"
+#include "bignum_mod_raw_invasive.h"
+
void mbedtls_mpi_mod_raw_cond_assign(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
const mbedtls_mpi_mod_modulus *N,
@@ -50,7 +52,7 @@
}
int mbedtls_mpi_mod_raw_read(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
const unsigned char *input,
size_t input_length,
mbedtls_mpi_mod_ext_rep ext_rep)
@@ -59,11 +61,11 @@
switch (ext_rep) {
case MBEDTLS_MPI_MOD_EXT_REP_LE:
- ret = mbedtls_mpi_core_read_le(X, m->limbs,
+ ret = mbedtls_mpi_core_read_le(X, N->limbs,
input, input_length);
break;
case MBEDTLS_MPI_MOD_EXT_REP_BE:
- ret = mbedtls_mpi_core_read_be(X, m->limbs,
+ ret = mbedtls_mpi_core_read_be(X, N->limbs,
input, input_length);
break;
default:
@@ -74,7 +76,7 @@
goto cleanup;
}
- if (!mbedtls_mpi_core_lt_ct(X, m->p, m->limbs)) {
+ if (!mbedtls_mpi_core_lt_ct(X, N->p, N->limbs)) {
ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
goto cleanup;
}
@@ -85,17 +87,17 @@
}
int mbedtls_mpi_mod_raw_write(const mbedtls_mpi_uint *A,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
unsigned char *output,
size_t output_length,
mbedtls_mpi_mod_ext_rep ext_rep)
{
switch (ext_rep) {
case MBEDTLS_MPI_MOD_EXT_REP_LE:
- return mbedtls_mpi_core_write_le(A, m->limbs,
+ return mbedtls_mpi_core_write_le(A, N->limbs,
output, output_length);
case MBEDTLS_MPI_MOD_EXT_REP_BE:
- return mbedtls_mpi_core_write_be(A, m->limbs,
+ return mbedtls_mpi_core_write_be(A, N->limbs,
output, output_length);
default:
return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@@ -118,6 +120,19 @@
(void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);
}
+#if defined(MBEDTLS_TEST_HOOKS)
+
+MBEDTLS_STATIC_TESTABLE
+void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X,
+ const mbedtls_mpi_mod_modulus *N)
+{
+ mbedtls_mpi_uint c = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);
+
+ (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) c);
+}
+
+#endif /* MBEDTLS_TEST_HOOKS */
+
void mbedtls_mpi_mod_raw_mul(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
const mbedtls_mpi_uint *B,
@@ -229,17 +244,17 @@
/* BEGIN MERGE SLOT 7 */
int mbedtls_mpi_mod_raw_to_mont_rep(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m)
+ const mbedtls_mpi_mod_modulus *N)
{
mbedtls_mpi_uint *T;
- const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(m->limbs);
+ const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(N->limbs);
if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {
return MBEDTLS_ERR_MPI_ALLOC_FAILED;
}
- mbedtls_mpi_core_to_mont_rep(X, X, m->p, m->limbs,
- m->rep.mont.mm, m->rep.mont.rr, T);
+ mbedtls_mpi_core_to_mont_rep(X, X, N->p, N->limbs,
+ N->rep.mont.mm, N->rep.mont.rr, T);
mbedtls_platform_zeroize(T, t_limbs * ciL);
mbedtls_free(T);
@@ -247,16 +262,16 @@
}
int mbedtls_mpi_mod_raw_from_mont_rep(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m)
+ const mbedtls_mpi_mod_modulus *N)
{
- const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(m->limbs);
+ const size_t t_limbs = mbedtls_mpi_core_montmul_working_limbs(N->limbs);
mbedtls_mpi_uint *T;
if ((T = (mbedtls_mpi_uint *) mbedtls_calloc(t_limbs, ciL)) == NULL) {
return MBEDTLS_ERR_MPI_ALLOC_FAILED;
}
- mbedtls_mpi_core_from_mont_rep(X, X, m->p, m->limbs, m->rep.mont.mm, T);
+ mbedtls_mpi_core_from_mont_rep(X, X, N->p, N->limbs, N->rep.mont.mm, T);
mbedtls_platform_zeroize(T, t_limbs * ciL);
mbedtls_free(T);
@@ -265,14 +280,14 @@
void mbedtls_mpi_mod_raw_neg(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
- const mbedtls_mpi_mod_modulus *m)
+ const mbedtls_mpi_mod_modulus *N)
{
- mbedtls_mpi_core_sub(X, m->p, A, m->limbs);
+ mbedtls_mpi_core_sub(X, N->p, A, N->limbs);
/* If A=0 initially, then X=N now. Detect this by
* subtracting N and catching the carry. */
- mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, X, m->p, m->limbs);
- (void) mbedtls_mpi_core_add_if(X, m->p, m->limbs, (unsigned) borrow);
+ mbedtls_mpi_uint borrow = mbedtls_mpi_core_sub(X, X, N->p, N->limbs);
+ (void) mbedtls_mpi_core_add_if(X, N->p, N->limbs, (unsigned) borrow);
}
/* END MERGE SLOT 7 */
diff --git a/library/bignum_mod_raw.h b/library/bignum_mod_raw.h
index da8db6f..a32500f 100644
--- a/library/bignum_mod_raw.h
+++ b/library/bignum_mod_raw.h
@@ -145,10 +145,10 @@
* The MPI needs to have enough limbs to store the full value (including any
* most significant zero bytes in the input).
*
- * \param[out] X The address of the MPI. The size is determined by \p m.
+ * \param[out] X The address of the MPI. The size is determined by \p N.
* (In particular, it must have at least as many limbs as
- * the modulus \p m.)
- * \param[in] m The address of the modulus related to \p X.
+ * the modulus \p N.)
+ * \param[in] N The address of the modulus related to \p X.
* \param[in] input The input buffer to import from.
* \param input_length The length in bytes of \p input.
* \param ext_rep The endianness of the number in the input buffer.
@@ -157,20 +157,20 @@
* \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p X isn't
* large enough to hold the value in \p input.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation
- * of \p m is invalid or \p X is not less than \p m.
+ * of \p N is invalid or \p X is not less than \p N.
*/
int mbedtls_mpi_mod_raw_read(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
const unsigned char *input,
size_t input_length,
mbedtls_mpi_mod_ext_rep ext_rep);
/** Export A into unsigned binary data.
*
- * \param[in] A The address of the MPI. The size is determined by \p m.
+ * \param[in] A The address of the MPI. The size is determined by \p N.
* (In particular, it must have at least as many limbs as
- * the modulus \p m.)
- * \param[in] m The address of the modulus related to \p A.
+ * the modulus \p N.)
+ * \param[in] N The address of the modulus related to \p A.
* \param[out] output The output buffer to export to.
* \param output_length The length in bytes of \p output.
* \param ext_rep The endianness in which the number should be written into the output buffer.
@@ -179,10 +179,10 @@
* \return #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if \p output isn't
* large enough to hold the value of \p A.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the external representation
- * of \p m is invalid.
+ * of \p N is invalid.
*/
int mbedtls_mpi_mod_raw_write(const mbedtls_mpi_uint *A,
- const mbedtls_mpi_mod_modulus *m,
+ const mbedtls_mpi_mod_modulus *N,
unsigned char *output,
size_t output_length,
mbedtls_mpi_mod_ext_rep ext_rep);
@@ -346,7 +346,7 @@
* is unspecified.
* \param[in] N The modulus structure.
*
- *\ return \c 0 if successful.
+ * \return \c 0 if successful.
* Otherwise an \c MBEDTLS_ERR_MPI_xxx error code.
*/
int mbedtls_mpi_mod_raw_canonical_to_modulus_rep(
@@ -363,7 +363,7 @@
* is unspecified.
* \param[in] N The modulus structure.
*
- *\ return \c 0 if successful.
+ * \return \c 0 if successful.
* Otherwise an \c MBEDTLS_ERR_MPI_xxx error code.
*/
int mbedtls_mpi_mod_raw_modulus_to_canonical_rep(
@@ -410,43 +410,43 @@
/** Convert an MPI into Montgomery form.
*
* \param X The address of the MPI.
- * Must have the same number of limbs as \p m.
- * \param m The address of the modulus, which gives the size of
- * the base `R` = 2^(biL*m->limbs).
+ * Must have the same number of limbs as \p N.
+ * \param N The address of the modulus, which gives the size of
+ * the base `R` = 2^(biL*N->limbs).
*
* \return \c 0 if successful.
*/
int mbedtls_mpi_mod_raw_to_mont_rep(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m);
+ const mbedtls_mpi_mod_modulus *N);
/** Convert an MPI back from Montgomery representation.
*
* \param X The address of the MPI.
- * Must have the same number of limbs as \p m.
- * \param m The address of the modulus, which gives the size of
- * the base `R`= 2^(biL*m->limbs).
+ * Must have the same number of limbs as \p N.
+ * \param N The address of the modulus, which gives the size of
+ * the base `R`= 2^(biL*N->limbs).
*
* \return \c 0 if successful.
*/
int mbedtls_mpi_mod_raw_from_mont_rep(mbedtls_mpi_uint *X,
- const mbedtls_mpi_mod_modulus *m);
+ const mbedtls_mpi_mod_modulus *N);
/** \brief Perform fixed width modular negation.
*
- * The size of the operation is determined by \p m. \p A must have
- * the same number of limbs as \p m.
+ * The size of the operation is determined by \p N. \p A must have
+ * the same number of limbs as \p N.
*
* \p X may be aliased to \p A.
*
* \param[out] X The result of the modular negation.
* This must be initialized.
* \param[in] A Little-endian presentation of the input operand. This
- * must be less than or equal to \p m.
- * \param[in] m The modulus to use.
+ * must be less than or equal to \p N.
+ * \param[in] N The modulus to use.
*/
void mbedtls_mpi_mod_raw_neg(mbedtls_mpi_uint *X,
const mbedtls_mpi_uint *A,
- const mbedtls_mpi_mod_modulus *m);
+ const mbedtls_mpi_mod_modulus *N);
/* END MERGE SLOT 7 */
/* BEGIN MERGE SLOT 8 */
diff --git a/library/bignum_mod_raw_invasive.h b/library/bignum_mod_raw_invasive.h
new file mode 100644
index 0000000..ead8394
--- /dev/null
+++ b/library/bignum_mod_raw_invasive.h
@@ -0,0 +1,46 @@
+/**
+ * \file bignum_mod_raw_invasive.h
+ *
+ * \brief Function declarations for invasive functions of Low-level
+ * modular bignum.
+ */
+/**
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef MBEDTLS_BIGNUM_MOD_RAW_INVASIVE_H
+#define MBEDTLS_BIGNUM_MOD_RAW_INVASIVE_H
+
+#include "common.h"
+#include "mbedtls/bignum.h"
+#include "bignum_mod.h"
+
+#if defined(MBEDTLS_TEST_HOOKS)
+
+/** Convert the result of a quasi-reduction to its canonical representative.
+ *
+ * \param[in,out] X The address of the MPI to be converted. Must have the
+ * same number of limbs as \p N. The input value must
+ * be in range 0 <= X < 2N.
+ * \param[in] N The address of the modulus.
+ */
+MBEDTLS_STATIC_TESTABLE
+void mbedtls_mpi_mod_raw_fix_quasi_reduction(mbedtls_mpi_uint *X,
+ const mbedtls_mpi_mod_modulus *N);
+
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#endif /* MBEDTLS_BIGNUM_MOD_RAW_INVASIVE_H */
diff --git a/library/bn_mul.h b/library/bn_mul.h
index 307c241..ab59fbd 100644
--- a/library/bn_mul.h
+++ b/library/bn_mul.h
@@ -83,10 +83,6 @@
/* *INDENT-OFF* */
#if defined(MBEDTLS_HAVE_ASM)
-#ifndef asm
-#define asm __asm
-#endif
-
/* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */
#if defined(__GNUC__) && \
( !defined(__ARMCC_VERSION) || __ARMCC_VERSION >= 6000000 )
diff --git a/library/ccm.c b/library/ccm.c
index 0b02d77..36c999e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -659,7 +659,7 @@
mbedtls_ccm_init(&ctx);
if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
- 8 * sizeof key_test_data) != 0) {
+ 8 * sizeof(key_test_data)) != 0) {
if (verbose != 0) {
mbedtls_printf(" CCM: setup failed");
}
diff --git a/library/common.h b/library/common.h
index fd3ddba..46af79f 100644
--- a/library/common.h
+++ b/library/common.h
@@ -122,11 +122,13 @@
*/
inline void mbedtls_xor(unsigned char *r, const unsigned char *a, const unsigned char *b, size_t n)
{
- size_t i;
- for (i = 0; (i + 4) <= n; i += 4) {
+ size_t i = 0;
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+ for (; (i + 4) <= n; i += 4) {
uint32_t x = mbedtls_get_unaligned_uint32(a + i) ^ mbedtls_get_unaligned_uint32(b + i);
mbedtls_put_unaligned_uint32(r + i, x);
}
+#endif
for (; i < n; i++) {
r[i] = a[i] ^ b[i];
}
@@ -140,4 +142,11 @@
#define /*no-check-names*/ __func__ __FUNCTION__
#endif
+/* Define `asm` for compilers which don't define it. */
+/* *INDENT-OFF* */
+#ifndef asm
+#define asm __asm__
+#endif
+/* *INDENT-ON* */
+
#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/constant_time.c b/library/constant_time.c
index 442eb0e..b3bf874 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -47,16 +47,63 @@
#include <string.h>
+/*
+ * Define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS where assembly is present to
+ * perform fast unaligned access to volatile data.
+ *
+ * This is needed because mbedtls_get_unaligned_uintXX etc don't support volatile
+ * memory accesses.
+ *
+ * Some of these definitions could be moved into alignment.h but for now they are
+ * only used here.
+ */
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS) && defined(MBEDTLS_HAVE_ASM)
+#if defined(__arm__) || defined(__thumb__) || defined(__thumb2__) || defined(__aarch64__)
+#define MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS
+#endif
+#endif
+
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS)
+static inline uint32_t mbedtls_get_unaligned_volatile_uint32(volatile const unsigned char *p)
+{
+ /* This is UB, even where it's safe:
+ * return *((volatile uint32_t*)p);
+ * so instead the same thing is expressed in assembly below.
+ */
+ uint32_t r;
+#if defined(__arm__) || defined(__thumb__) || defined(__thumb2__)
+ asm volatile ("ldr %0, [%1]" : "=r" (r) : "r" (p) :);
+#elif defined(__aarch64__)
+ asm volatile ("ldr %w0, [%1]" : "=r" (r) : "r" (p) :);
+#endif
+ return r;
+}
+#endif /* MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS */
+
int mbedtls_ct_memcmp(const void *a,
const void *b,
size_t n)
{
- size_t i;
+ size_t i = 0;
+ /*
+ * `A` and `B` are cast to volatile to ensure that the compiler
+ * generates code that always fully reads both buffers.
+ * Otherwise it could generate a test to exit early if `diff` has all
+ * bits set early in the loop.
+ */
volatile const unsigned char *A = (volatile const unsigned char *) a;
volatile const unsigned char *B = (volatile const unsigned char *) b;
- volatile unsigned char diff = 0;
+ uint32_t diff = 0;
- for (i = 0; i < n; i++) {
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_VOLATILE_ACCESS)
+ for (; (i + 4) <= n; i += 4) {
+ uint32_t x = mbedtls_get_unaligned_volatile_uint32(A + i);
+ uint32_t y = mbedtls_get_unaligned_volatile_uint32(B + i);
+ diff |= x ^ y;
+ }
+#endif
+
+ for (; i < n; i++) {
/* Read volatile data in order before computing diff.
* This avoids IAR compiler warning:
* 'the order of volatile accesses is undefined ..' */
@@ -414,10 +461,22 @@
{
/* mask = c1 == c2 ? 0xff : 0x00 */
const size_t equal = mbedtls_ct_size_bool_eq(c1, c2);
- const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal);
/* dest[i] = c1 == c2 ? src[i] : dest[i] */
- for (size_t i = 0; i < len; i++) {
+ size_t i = 0;
+#if defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)
+ const uint32_t mask32 = (uint32_t) mbedtls_ct_size_mask(equal);
+ const unsigned char mask = (unsigned char) mask32 & 0xff;
+
+ for (; (i + 4) <= len; i += 4) {
+ uint32_t a = mbedtls_get_unaligned_uint32(src + i) & mask32;
+ uint32_t b = mbedtls_get_unaligned_uint32(dest + i) & ~mask32;
+ mbedtls_put_unaligned_uint32(dest + i, a | b);
+ }
+#else
+ const unsigned char mask = (unsigned char) mbedtls_ct_size_mask(equal);
+#endif /* MBEDTLS_EFFICIENT_UNALIGNED_ACCESS */
+ for (; i < len; i++) {
dest[i] = (src[i] & mask) | (dest[i] & ~mask);
}
}
diff --git a/library/ecp.c b/library/ecp.c
index d9d5425..08fbe86 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -582,11 +582,9 @@
}
if (grp->h != 1) {
- mbedtls_mpi_free(&grp->P);
mbedtls_mpi_free(&grp->A);
mbedtls_mpi_free(&grp->B);
mbedtls_ecp_point_free(&grp->G);
- mbedtls_mpi_free(&grp->N);
}
if (!ecp_group_is_static_comb_table(grp) && grp->T != NULL) {
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index e62dcea..7987c3f 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -4502,10 +4502,12 @@
#endif
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-#if defined(ECP_LOAD_GROUP)
+
+#if defined(ECP_LOAD_GROUP) || defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
+ defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
/*
* Create an MPI from embedded constants
- * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
+ * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint))
*/
static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len)
{
@@ -4513,7 +4515,9 @@
X->n = len / sizeof(mbedtls_mpi_uint);
X->p = (mbedtls_mpi_uint *) p;
}
+#endif
+#if defined(ECP_LOAD_GROUP)
/*
* Set an MPI to static value 1
*/
@@ -4627,9 +4631,21 @@
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
/* Constants used by ecp_use_curve25519() */
static const mbedtls_mpi_sint curve25519_a24 = 0x01DB42;
-static const unsigned char curve25519_part_of_n[] = {
- 0x14, 0xDE, 0xF9, 0xDE, 0xA2, 0xF7, 0x9C, 0xD6,
- 0x58, 0x12, 0x63, 0x1A, 0x5C, 0xF5, 0xD3, 0xED,
+
+/* P = 2^255 - 19 */
+static const mbedtls_mpi_uint curve25519_p[] = {
+ MBEDTLS_BYTES_TO_T_UINT_8(0xED, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X7F)
+};
+
+/* N = 2^252 + 27742317777372353535851937790883648493 */
+static const mbedtls_mpi_uint curve25519_n[] = {
+ MBEDTLS_BYTES_TO_T_UINT_8(0XED, 0XD3, 0XF5, 0X5C, 0X1A, 0X63, 0X12, 0X58),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XD6, 0X9C, 0XF7, 0XA2, 0XDE, 0XF9, 0XDE, 0X14),
+ MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0x00, 0x00, 0x00, 0x00),
+ MBEDTLS_BYTES_TO_T_UINT_8(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10)
};
/*
@@ -4642,16 +4658,11 @@
/* Actually ( A + 2 ) / 4 */
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve25519_a24));
- /* P = 2^255 - 19 */
- MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1));
- MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 255));
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 19));
+ ecp_mpi_load(&grp->P, curve25519_p, sizeof(curve25519_p));
+
grp->pbits = mbedtls_mpi_bitlen(&grp->P);
- /* N = 2^252 + 27742317777372353535851937790883648493 */
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&grp->N,
- curve25519_part_of_n, sizeof(curve25519_part_of_n)));
- MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 252, 1));
+ ecp_mpi_load(&grp->N, curve25519_n, sizeof(curve25519_n));
/* Y intentionally not set, since we use x/z coordinates.
* This is used as a marker to identify Montgomery curves! */
@@ -4674,11 +4685,29 @@
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
/* Constants used by ecp_use_curve448() */
static const mbedtls_mpi_sint curve448_a24 = 0x98AA;
-static const unsigned char curve448_part_of_n[] = {
- 0x83, 0x35, 0xDC, 0x16, 0x3B, 0xB1, 0x24,
- 0xB6, 0x51, 0x29, 0xC9, 0x6F, 0xDE, 0x93,
- 0x3D, 0x8D, 0x72, 0x3A, 0x70, 0xAA, 0xDC,
- 0x87, 0x3D, 0x6D, 0x54, 0xA7, 0xBB, 0x0D,
+
+/* P = 2^448 - 2^224 - 1 */
+static const mbedtls_mpi_uint curve448_p[] = {
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFE, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00)
+};
+
+/* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
+static const mbedtls_mpi_uint curve448_n[] = {
+ MBEDTLS_BYTES_TO_T_UINT_8(0XF3, 0X44, 0X58, 0XAB, 0X92, 0XC2, 0X78, 0X23),
+ MBEDTLS_BYTES_TO_T_UINT_8(0X55, 0X8F, 0XC5, 0X8D, 0X72, 0XC2, 0X6C, 0X21),
+ MBEDTLS_BYTES_TO_T_UINT_8(0X90, 0X36, 0XD6, 0XAE, 0X49, 0XDB, 0X4E, 0XC4),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XE9, 0X23, 0XCA, 0X7C, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF),
+ MBEDTLS_BYTES_TO_T_UINT_8(0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0XFF, 0X3F),
+ MBEDTLS_BYTES_TO_T_UINT_8(0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00, 0X00)
};
/*
@@ -4686,20 +4715,12 @@
*/
static int ecp_use_curve448(mbedtls_ecp_group *grp)
{
- mbedtls_mpi Ns;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- mbedtls_mpi_init(&Ns);
-
/* Actually ( A + 2 ) / 4 */
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->A, curve448_a24));
- /* P = 2^448 - 2^224 - 1 */
- MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->P, 1));
- MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224));
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1));
- MBEDTLS_MPI_CHK(mbedtls_mpi_shift_l(&grp->P, 224));
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&grp->P, &grp->P, 1));
+ ecp_mpi_load(&grp->P, curve448_p, sizeof(curve448_p));
grp->pbits = mbedtls_mpi_bitlen(&grp->P);
/* Y intentionally not set, since we use x/z coordinates.
@@ -4708,17 +4729,12 @@
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&grp->G.Z, 1));
mbedtls_mpi_free(&grp->G.Y);
- /* N = 2^446 - 13818066809895115352007386748515426880336692474882178609894547503885 */
- MBEDTLS_MPI_CHK(mbedtls_mpi_set_bit(&grp->N, 446, 1));
- MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&Ns,
- curve448_part_of_n, sizeof(curve448_part_of_n)));
- MBEDTLS_MPI_CHK(mbedtls_mpi_sub_mpi(&grp->N, &grp->N, &Ns));
+ ecp_mpi_load(&grp->N, curve448_n, sizeof(curve448_n));
/* Actually, the required msb for private keys */
grp->nbits = 447;
cleanup:
- mbedtls_mpi_free(&Ns);
if (ret != 0) {
mbedtls_ecp_group_free(grp);
}
@@ -5354,7 +5370,7 @@
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
@@ -5380,7 +5396,7 @@
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
diff --git a/library/entropy.c b/library/entropy.c
index 7e25f28..e55410c 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -677,7 +677,7 @@
goto cleanup;
}
- if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof buf)) != 0) {
+ if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof(buf))) != 0) {
goto cleanup;
}
diff --git a/library/padlock.c b/library/padlock.c
index b6c6919..f42c40f 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -31,12 +31,6 @@
#include <string.h>
-/* *INDENT-OFF* */
-#ifndef asm
-#define asm __asm
-#endif
-/* *INDENT-ON* */
-
#if defined(MBEDTLS_HAVE_X86)
/*
diff --git a/library/pkparse.c b/library/pkparse.c
index 990b554..ccca692 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -429,7 +429,18 @@
ret = pk_group_id_from_group(&grp, grp_id);
cleanup:
- mbedtls_ecp_group_free(&grp);
+ /* The API respecting lifecycle for mbedtls_ecp_group struct is
+ * _init(), _load() and _free(). In pk_group_id_from_specified() the
+ * temporary grp breaks that flow and it's members are populated
+ * by pk_group_id_from_group(). As such mbedtls_ecp_group_free()
+ * which is assuming a group populated by _setup() may not clean-up
+ * properly -> Manually free it's members.
+ */
+ mbedtls_mpi_free(&grp.N);
+ mbedtls_mpi_free(&grp.P);
+ mbedtls_mpi_free(&grp.A);
+ mbedtls_mpi_free(&grp.B);
+ mbedtls_ecp_point_free(&grp.G);
return ret;
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0a8949f..a683fdb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5168,6 +5168,18 @@
(void) alg;
return PSA_ERROR_NOT_SUPPORTED;
}
+
+static int psa_key_derivation_allows_free_form_secret_input(
+ psa_algorithm_t kdf_alg)
+{
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
+ if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+ return 0;
+ }
+#endif
+ (void) kdf_alg;
+ return 1;
+}
#endif /* AT_LEAST_ONE_BUILTIN_KDF */
psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
@@ -5189,6 +5201,9 @@
if (status != PSA_SUCCESS) {
return status;
}
+ if (!psa_key_derivation_allows_free_form_secret_input(kdf_alg)) {
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
status = psa_key_derivation_setup_kdf(operation, kdf_alg);
#else
return PSA_ERROR_NOT_SUPPORTED;
diff --git a/library/ripemd160.c b/library/ripemd160.c
index eed664f..ba97c1f 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -456,7 +456,7 @@
int i, ret = 0;
unsigned char output[20];
- memset(output, 0, sizeof output);
+ memset(output, 0, sizeof(output));
for (i = 0; i < TESTS; i++) {
if (verbose != 0) {
diff --git a/library/sha256.c b/library/sha256.c
index 16fd20d..cb09a71 100644
--- a/library/sha256.c
+++ b/library/sha256.c
@@ -89,12 +89,6 @@
#include <signal.h>
#include <setjmp.h>
-/* *INDENT-OFF* */
-#ifndef asm
-#define asm __asm__
-#endif
-/* *INDENT-ON* */
-
static jmp_buf return_from_sigill;
/*
diff --git a/library/sha512.c b/library/sha512.c
index 0ea6421..efcbed4 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -104,12 +104,6 @@
#include <signal.h>
#include <setjmp.h>
-/* *INDENT-OFF* */
-#ifndef asm
-#define asm __asm__
-#endif
-/* *INDENT-ON* */
-
static jmp_buf return_from_sigill;
/*
@@ -300,12 +294,6 @@
# define mbedtls_internal_sha512_process_a64_crypto mbedtls_internal_sha512_process
#endif
-/* *INDENT-OFF* */
-#ifndef asm
-#define asm __asm__
-#endif
-/* *INDENT-ON* */
-
/* Accelerated SHA-512 implementation originally written by Simon Tatham for PuTTY,
* under the MIT licence; dual-licensed as Apache 2 with his kind permission.
*/
diff --git a/library/ssl_debug_helpers.h b/library/ssl_debug_helpers.h
index 4d2a170..5c22ed2 100644
--- a/library/ssl_debug_helpers.h
+++ b/library/ssl_debug_helpers.h
@@ -55,6 +55,12 @@
int hs_msg_type, unsigned int extension_type,
const char *extra_msg0, const char *extra_msg1);
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ unsigned int flags);
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
+
#define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extensions_mask) \
mbedtls_ssl_print_extensions(ssl, level, __FILE__, __LINE__, \
hs_msg_type, extensions_mask, NULL)
@@ -63,12 +69,22 @@
mbedtls_ssl_print_extension(ssl, level, __FILE__, __LINE__, \
hs_msg_type, extension_type, \
extra, NULL)
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define MBEDTLS_SSL_PRINT_TICKET_FLAGS(level, flags) \
+ mbedtls_ssl_print_ticket_flags(ssl, level, __FILE__, __LINE__, flags)
+#endif
+
#else
#define MBEDTLS_SSL_PRINT_EXTS(level, hs_msg_type, extension_mask)
#define MBEDTLS_SSL_PRINT_EXT(level, hs_msg_type, extension_type, extra)
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define MBEDTLS_SSL_PRINT_TICKET_FLAGS(level, flags)
+#endif
+
#endif /* MBEDTLS_DEBUG_C */
#endif /* MBEDTLS_SSL_DEBUG_HELPERS_H */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 16eccfc..146dae0 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2719,4 +2719,25 @@
const char *hostname);
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+static inline unsigned int mbedtls_ssl_session_get_ticket_flags(
+ mbedtls_ssl_session *session, unsigned int flags)
+{
+ return session->ticket_flags &
+ (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
+}
+
+static inline void mbedtls_ssl_session_set_ticket_flags(
+ mbedtls_ssl_session *session, unsigned int flags)
+{
+ session->ticket_flags |= (flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
+}
+
+static inline void mbedtls_ssl_session_clear_ticket_flags(
+ mbedtls_ssl_session *session, unsigned int flags)
+{
+ session->ticket_flags &= ~(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
+
#endif /* ssl_misc.h */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index bd8fd8c..86f5c0b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -735,6 +735,36 @@
}
}
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+#define ARRAY_LENGTH(a) (sizeof(a) / sizeof(*(a)))
+
+static const char *ticket_flag_name_table[] =
+{
+ [0] = "ALLOW_PSK_RESUMPTION",
+ [2] = "ALLOW_PSK_EPHEMERAL_RESUMPTION",
+ [3] = "ALLOW_EARLY_DATA",
+};
+
+void mbedtls_ssl_print_ticket_flags(const mbedtls_ssl_context *ssl,
+ int level, const char *file, int line,
+ unsigned int flags)
+{
+ size_t i;
+
+ mbedtls_debug_print_msg(ssl, level, file, line,
+ "print ticket_flags (0x%02x)", flags);
+
+ flags = flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK;
+
+ for (i = 0; i < ARRAY_LENGTH(ticket_flag_name_table); i++) {
+ if ((flags & (1 << i))) {
+ mbedtls_debug_print_msg(ssl, level, file, line, "- %s is set.",
+ ticket_flag_name_table[i]);
+ }
+ }
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
+
#endif /* MBEDTLS_DEBUG_C */
void mbedtls_ssl_optimize_checksum(mbedtls_ssl_context *ssl,
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 291a4cf..4aea61c 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -676,7 +676,10 @@
{
mbedtls_ssl_session *session = ssl->session_negotiate;
return ssl->handshake->resume &&
- session != NULL && session->ticket != NULL;
+ session != NULL && session->ticket != NULL &&
+ mbedtls_ssl_conf_tls13_check_kex_modes(
+ ssl, mbedtls_ssl_session_get_ticket_flags(
+ session, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL));
}
#if defined(MBEDTLS_SSL_EARLY_DATA)
@@ -2618,6 +2621,10 @@
session->ticket = ticket;
session->ticket_len = ticket_len;
+ /* Clear all flags in ticket_flags */
+ mbedtls_ssl_session_clear_ticket_flags(
+ session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
+
MBEDTLS_SSL_CHK_BUF_READ_PTR(p, end, 2);
extensions_len = MBEDTLS_GET_UINT16_BE(p, 0);
p += 2;
@@ -2701,6 +2708,11 @@
session->resumption_key,
session->resumption_key_len);
+ /* Set ticket_flags depends on the selected key exchange modes */
+ mbedtls_ssl_session_set_ticket_flags(
+ session, ssl->conf->tls13_kex_modes);
+ MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
+
return 0;
}
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 980c225..ef90f69 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -161,6 +161,26 @@
goto exit;
}
+ /* RFC 8446 section 4.2.9
+ *
+ * Servers SHOULD NOT send NewSessionTicket with tickets that are not
+ * compatible with the advertised modes; however, if a server does so,
+ * the impact will just be that the client's attempts at resumption fail.
+ *
+ * We regard the ticket with incompatible key exchange modes as not match.
+ */
+ ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
+ MBEDTLS_SSL_PRINT_TICKET_FLAGS(4,
+ session->ticket_flags);
+ if (mbedtls_ssl_tls13_check_kex_modes(
+ ssl,
+ mbedtls_ssl_session_get_ticket_flags(
+ session,
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
+ goto exit;
+ }
+
ret = MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED;
#if defined(MBEDTLS_HAVE_TIME)
now = mbedtls_time(NULL);
@@ -2549,11 +2569,20 @@
mbedtls_ssl_tls13_handshake_wrapup(ssl);
-#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
-#else
- mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && \
+ defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
+/* TODO: Remove the check of SOME_PSK_ENABLED since SESSION_TICKETS requires
+ * SOME_PSK_ENABLED to be enabled. Here is just to make CI happy. It is
+ * expected to be resolved with issue#6395.
+ */
+ /* Sent NewSessionTicket message only when client supports PSK */
+ if (mbedtls_ssl_tls13_some_psk_enabled(ssl)) {
+ mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET);
+ } else
#endif
+ {
+ mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
+ }
return 0;
}
@@ -2604,6 +2633,15 @@
session->start = mbedtls_time(NULL);
#endif
+ /* Set ticket_flags depends on the advertised psk key exchange mode */
+ mbedtls_ssl_session_clear_ticket_flags(
+ session, MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
+ mbedtls_ssl_session_set_ticket_flags(
+ session, ssl->handshake->tls13_kex_modes);
+#endif
+ MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
+
/* Generate ticket_age_add */
if ((ret = ssl->conf->f_rng(ssl->conf->p_rng,
(unsigned char *) &session->ticket_age_add,
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 0330097..eabafe9 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1652,10 +1652,10 @@
memset(&sb, 0, sizeof(sb));
while ((entry = readdir(dir)) != NULL) {
- snp_ret = mbedtls_snprintf(entry_name, sizeof entry_name,
+ snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name),
"%s/%s", path, entry->d_name);
- if (snp_ret < 0 || (size_t) snp_ret >= sizeof entry_name) {
+ if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) {
ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
goto cleanup;
} else if (stat(entry_name, &sb) == -1) {
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index febd0e6..4f23395 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -52,14 +52,11 @@
{
memset(ctx, 0, sizeof(mbedtls_x509write_cert));
- mbedtls_mpi_init(&ctx->serial);
ctx->version = MBEDTLS_X509_CRT_VERSION_3;
}
void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx)
{
- mbedtls_mpi_free(&ctx->serial);
-
mbedtls_asn1_free_named_data_list(&ctx->subject);
mbedtls_asn1_free_named_data_list(&ctx->issuer);
mbedtls_asn1_free_named_data_list(&ctx->extensions);
@@ -103,17 +100,42 @@
return mbedtls_x509_string_to_names(&ctx->issuer, issuer_name);
}
+#if defined(MBEDTLS_BIGNUM_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
const mbedtls_mpi *serial)
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ int ret;
+ size_t tmp_len;
- if ((ret = mbedtls_mpi_copy(&ctx->serial, serial)) != 0) {
+ /* Ensure that the MPI value fits into the buffer */
+ tmp_len = mbedtls_mpi_size(serial);
+ if (tmp_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
+
+ ctx->serial_len = tmp_len;
+
+ ret = mbedtls_mpi_write_binary(serial, ctx->serial, tmp_len);
+ if (ret < 0) {
return ret;
}
return 0;
}
+#endif // MBEDTLS_BIGNUM_C && !MBEDTLS_DEPRECATED_REMOVED
+
+int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
+ unsigned char *serial, size_t serial_len)
+{
+ if (serial_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
+
+ ctx->serial_len = serial_len;
+ memcpy(ctx->serial, serial, serial_len);
+
+ return 0;
+}
int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
const char *not_before,
@@ -510,9 +532,29 @@
/*
* Serial ::= INTEGER
+ *
+ * Written data is:
+ * - "ctx->serial_len" bytes for the raw serial buffer
+ * - if MSb of "serial" is 1, then prepend an extra 0x00 byte
+ * - 1 byte for the length
+ * - 1 byte for the TAG
*/
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_mpi(&c, buf,
- &ctx->serial));
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_raw_buffer(&c, buf,
+ ctx->serial, ctx->serial_len));
+ if (*c & 0x80) {
+ if (c - buf < 1) {
+ return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
+ }
+ *(--c) = 0x0;
+ len++;
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf,
+ ctx->serial_len + 1));
+ } else {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&c, buf,
+ ctx->serial_len));
+ }
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&c, buf,
+ MBEDTLS_ASN1_INTEGER));
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index d880a1a..9804417 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -74,7 +74,7 @@
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy,
(const unsigned char *) pers,
- sizeof pers)) != 0) {
+ sizeof(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index be2ca90..953c144 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -73,7 +73,7 @@
size_t len;
if (mbedtls_ecp_point_write_binary(&key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
- MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf) != 0) {
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof(buf)) != 0) {
mbedtls_printf("internal error\n");
return;
}
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 4b3799f..b124065 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -371,7 +371,8 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES \
" tls13_kex_modes=%%s default: all\n" \
- " options: psk, psk_ephemeral, ephemeral, ephemeral_all, psk_all, all\n"
+ " options: psk, psk_ephemeral, psk_all, ephemeral,\n" \
+ " ephemeral_all, all, psk_or_ephemeral\n"
#else
#define USAGE_TLS1_3_KEY_EXCHANGE_MODES ""
#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
@@ -1215,6 +1216,9 @@
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
} else if (strcmp(q, "all") == 0) {
opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_ALL;
+ } else if (strcmp(q, "psk_or_ephemeral") == 0) {
+ opt.tls13_kex_modes = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK |
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL;
} else {
goto usage;
}
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 90a13eb..b3d9f5a 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1412,7 +1412,7 @@
return ret;
}
- switch (opt.dummy_ticket % 7) {
+ switch (opt.dummy_ticket % 11) {
case 1:
return MBEDTLS_ERR_SSL_INVALID_MAC;
case 2:
@@ -1432,6 +1432,20 @@
session->ticket_age_add -= 1000;
#endif
break;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ case 7:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_NONE;
+ break;
+ case 8:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ break;
+ case 9:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ break;
+ case 10:
+ session->ticket_flags = MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL;
+ break;
+#endif
default:
break;
}
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 3e134dd..287dd34 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -43,10 +43,12 @@
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/md.h"
#include "mbedtls/error.h"
+#include "test/helpers.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <errno.h>
#define SET_OID(x, oid) \
do { x.len = MBEDTLS_OID_SIZE(oid); x.p = (unsigned char *) oid; } while (0)
@@ -75,6 +77,7 @@
#define DFL_NOT_BEFORE "20010101000000"
#define DFL_NOT_AFTER "20301231235959"
#define DFL_SERIAL "1"
+#define DFL_SERIAL_HEX "1"
#define DFL_SELFSIGN 0
#define DFL_IS_CA 0
#define DFL_MAX_PATHLEN -1
@@ -110,6 +113,13 @@
" issuer_pwd=%%s default: (empty)\n" \
" output_file=%%s default: cert.crt\n" \
" serial=%%s default: 1\n" \
+ " In decimal format; it can be used as\n" \
+ " alternative to serial_hex, but it's\n" \
+ " limited in max length to\n" \
+ " unsigned long long int\n" \
+ " serial_hex=%%s default: 1\n" \
+ " In hex format; it can be used as\n" \
+ " alternative to serial\n" \
" not_before=%%s default: 20010101000000\n" \
" not_after=%%s default: 20301231235959\n" \
" is_ca=%%d default: 0 (disabled)\n" \
@@ -159,6 +169,11 @@
" format=pem|der default: pem\n" \
"\n"
+typedef enum {
+ SERIAL_FRMT_UNSPEC,
+ SERIAL_FRMT_DEC,
+ SERIAL_FRMT_HEX
+} serial_format_t;
/*
* global options
@@ -175,7 +190,8 @@
const char *issuer_name; /* issuer name for certificate */
const char *not_before; /* validity period not before */
const char *not_after; /* validity period not after */
- const char *serial; /* serial number string */
+ const char *serial; /* serial number string (decimal) */
+ const char *serial_hex; /* serial number string (hex) */
int selfsign; /* selfsign the certificate */
int is_ca; /* is a CA certificate */
int max_pathlen; /* maximum CA path length */
@@ -235,6 +251,44 @@
return 0;
}
+int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax,
+ const char *ibuf, size_t *len)
+{
+ unsigned long long int dec;
+ unsigned int remaining_bytes = sizeof(dec);
+ unsigned char *p = obuf;
+ unsigned char val;
+ char *end_ptr = NULL;
+
+ errno = 0;
+ dec = strtoull(ibuf, &end_ptr, 10);
+
+ if ((errno != 0) || (end_ptr == ibuf)) {
+ return -1;
+ }
+
+ *len = 0;
+
+ while (remaining_bytes > 0) {
+ if (obufmax < (*len + 1)) {
+ return -1;
+ }
+
+ val = (dec >> ((remaining_bytes - 1) * 8)) & 0xFF;
+
+ /* Skip leading zeros */
+ if ((val != 0) || (*len != 0)) {
+ *p = val;
+ (*len)++;
+ p++;
+ }
+
+ remaining_bytes--;
+ }
+
+ return 0;
+}
+
int main(int argc, char *argv[])
{
int ret = 1;
@@ -252,7 +306,9 @@
mbedtls_x509_csr csr;
#endif
mbedtls_x509write_cert crt;
- mbedtls_mpi serial;
+ serial_format_t serial_frmt = SERIAL_FRMT_UNSPEC;
+ unsigned char serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN];
+ size_t serial_len;
mbedtls_asn1_sequence *ext_key_usage;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
@@ -264,7 +320,6 @@
mbedtls_x509write_crt_init(&crt);
mbedtls_pk_init(&loaded_issuer_key);
mbedtls_pk_init(&loaded_subject_key);
- mbedtls_mpi_init(&serial);
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CSR_PARSE_C)
@@ -272,6 +327,7 @@
#endif
mbedtls_x509_crt_init(&issuer_crt);
memset(buf, 0, sizeof(buf));
+ memset(serial, 0, sizeof(serial));
if (argc == 0) {
usage:
@@ -291,6 +347,7 @@
opt.not_before = DFL_NOT_BEFORE;
opt.not_after = DFL_NOT_AFTER;
opt.serial = DFL_SERIAL;
+ opt.serial_hex = DFL_SERIAL_HEX;
opt.selfsign = DFL_SELFSIGN;
opt.is_ca = DFL_IS_CA;
opt.max_pathlen = DFL_MAX_PATHLEN;
@@ -335,7 +392,19 @@
} else if (strcmp(p, "not_after") == 0) {
opt.not_after = q;
} else if (strcmp(p, "serial") == 0) {
+ if (serial_frmt != SERIAL_FRMT_UNSPEC) {
+ mbedtls_printf("Invalid attempt to set the serial more than once\n");
+ goto usage;
+ }
+ serial_frmt = SERIAL_FRMT_DEC;
opt.serial = q;
+ } else if (strcmp(p, "serial_hex") == 0) {
+ if (serial_frmt != SERIAL_FRMT_UNSPEC) {
+ mbedtls_printf("Invalid attempt to set the serial more than once\n");
+ goto usage;
+ }
+ serial_frmt = SERIAL_FRMT_HEX;
+ opt.serial_hex = q;
} else if (strcmp(p, "authority_identifier") == 0) {
opt.authority_identifier = atoi(q);
if (opt.authority_identifier != 0 &&
@@ -514,10 +583,16 @@
mbedtls_printf(" . Reading serial number...");
fflush(stdout);
- if ((ret = mbedtls_mpi_read_string(&serial, 10, opt.serial)) != 0) {
- mbedtls_strerror(ret, buf, sizeof(buf));
- mbedtls_printf(" failed\n ! mbedtls_mpi_read_string "
- "returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
+ if (serial_frmt == SERIAL_FRMT_HEX) {
+ ret = mbedtls_test_unhexify(serial, sizeof(serial),
+ opt.serial_hex, &serial_len);
+ } else { // SERIAL_FRMT_DEC || SERIAL_FRMT_UNSPEC
+ ret = parse_serial_decimal_format(serial, sizeof(serial),
+ opt.serial, &serial_len);
+ }
+
+ if (ret != 0) {
+ mbedtls_printf(" failed\n ! Unable to parse serial\n");
goto exit;
}
@@ -661,10 +736,10 @@
mbedtls_x509write_crt_set_version(&crt, opt.version);
mbedtls_x509write_crt_set_md_alg(&crt, opt.md);
- ret = mbedtls_x509write_crt_set_serial(&crt, &serial);
+ ret = mbedtls_x509write_crt_set_serial_raw(&crt, serial, serial_len);
if (ret != 0) {
mbedtls_strerror(ret, buf, sizeof(buf));
- mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_serial "
+ mbedtls_printf(" failed\n ! mbedtls_x509write_crt_set_serial_raw "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf);
goto exit;
}
@@ -807,7 +882,6 @@
mbedtls_x509write_crt_free(&crt);
mbedtls_pk_free(&loaded_subject_key);
mbedtls_pk_free(&loaded_issuer_key);
- mbedtls_mpi_free(&serial);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
diff --git a/scripts/code_style.py b/scripts/code_style.py
index aae3e24..dd8305f 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -1,9 +1,7 @@
#!/usr/bin/env python3
"""Check or fix the code style by running Uncrustify.
-Note: The code style enforced by this script is not yet introduced to
-Mbed TLS. At present this script will only be used to prepare for a future
-change of code style.
+This script must be run from the root of a Git work tree containing Mbed TLS.
"""
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
@@ -20,7 +18,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse
-import io
import os
import re
import subprocess
@@ -31,12 +28,10 @@
CONFIG_FILE = ".uncrustify.cfg"
UNCRUSTIFY_EXE = "uncrustify"
UNCRUSTIFY_ARGS = ["-c", CONFIG_FILE]
-STDOUT_UTF8 = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
-STDERR_UTF8 = io.TextIOWrapper(sys.stderr.buffer, encoding='utf-8')
CHECK_GENERATED_FILES = "tests/scripts/check-generated-files.sh"
def print_err(*args):
- print("Error: ", *args, file=STDERR_UTF8)
+ print("Error: ", *args, file=sys.stderr)
# Match FILENAME(s) in "check SCRIPT (FILENAME...)"
CHECK_CALL_RE = re.compile(r"\n\s*check\s+[^\s#$&*?;|]+([^\n#$&*?;|]+)",
@@ -69,8 +64,8 @@
"tests/suites/*.function",
"scripts/data_files/*.fmt"]
- result = subprocess.run(git_ls_files_cmd, stdout=subprocess.PIPE, \
- stderr=STDERR_UTF8, check=False)
+ result = subprocess.run(git_ls_files_cmd, stdout=subprocess.PIPE,
+ check=False)
if result.returncode != 0:
print_err("git ls-files returned: " + str(result.returncode))
@@ -90,8 +85,9 @@
"""
Get the version string from Uncrustify
"""
- result = subprocess.run([UNCRUSTIFY_EXE, "--version"], \
- stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=False)
+ result = subprocess.run([UNCRUSTIFY_EXE, "--version"],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+ check=False)
if result.returncode != 0:
print_err("Could not get Uncrustify version:", str(result.stderr, "utf-8"))
return ""
@@ -106,26 +102,25 @@
style_correct = True
for src_file in src_file_list:
uncrustify_cmd = [UNCRUSTIFY_EXE] + UNCRUSTIFY_ARGS + [src_file]
- result = subprocess.run(uncrustify_cmd, stdout=subprocess.PIPE, \
- stderr=subprocess.PIPE, check=False)
+ result = subprocess.run(uncrustify_cmd, stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE, check=False)
if result.returncode != 0:
- print_err("Uncrustify returned " + str(result.returncode) + \
- " correcting file " + src_file)
+ print_err("Uncrustify returned " + str(result.returncode) +
+ " correcting file " + src_file)
return False
# Uncrustify makes changes to the code and places the result in a new
# file with the extension ".uncrustify". To get the changes (if any)
# simply diff the 2 files.
diff_cmd = ["diff", "-u", src_file, src_file + ".uncrustify"]
- result = subprocess.run(diff_cmd, stdout=subprocess.PIPE, \
- stderr=STDERR_UTF8, check=False)
- if len(result.stdout) > 0:
- print(src_file + " - Incorrect code style.", file=STDOUT_UTF8)
- print("File changed - diff:", file=STDOUT_UTF8)
- print(str(result.stdout, "utf-8"), file=STDOUT_UTF8)
+ cp = subprocess.run(diff_cmd, check=False)
+
+ if cp.returncode == 1:
+ print(src_file + " changed - code style is incorrect.")
style_correct = False
- else:
- print(src_file + " - OK.", file=STDOUT_UTF8)
+ elif cp.returncode != 0:
+ raise subprocess.CalledProcessError(cp.returncode, cp.args,
+ cp.stdout, cp.stderr)
# Tidy up artifact
os.remove(src_file + ".uncrustify")
@@ -139,12 +134,11 @@
code_change_args = UNCRUSTIFY_ARGS + ["--no-backup"]
for src_file in src_file_list:
uncrustify_cmd = [UNCRUSTIFY_EXE] + code_change_args + [src_file]
- result = subprocess.run(uncrustify_cmd, check=False, \
- stdout=STDOUT_UTF8, stderr=STDERR_UTF8)
+ result = subprocess.run(uncrustify_cmd, check=False)
if result.returncode != 0:
- print_err("Uncrustify with file returned: " + \
- str(result.returncode) + " correcting file " + \
- src_file)
+ print_err("Uncrustify with file returned: " +
+ str(result.returncode) + " correcting file " +
+ src_file)
return False
return True
@@ -160,7 +154,7 @@
# Guard against future changes that cause the codebase to require
# more passes.
if not check_style_is_correct(src_file_list):
- print("Code style still incorrect after second run of Uncrustify.")
+ print_err("Code style still incorrect after second run of Uncrustify.")
return 1
else:
return 0
@@ -171,24 +165,39 @@
"""
uncrustify_version = get_uncrustify_version().strip()
if UNCRUSTIFY_SUPPORTED_VERSION not in uncrustify_version:
- print("Warning: Using unsupported Uncrustify version '" \
- + uncrustify_version + "' (Note: The only supported version" \
- "is " + UNCRUSTIFY_SUPPORTED_VERSION + ")", file=STDOUT_UTF8)
-
- src_files = get_src_files()
+ print("Warning: Using unsupported Uncrustify version '" +
+ uncrustify_version + "'")
+ print("Note: The only supported version is " +
+ UNCRUSTIFY_SUPPORTED_VERSION)
parser = argparse.ArgumentParser()
- parser.add_argument('-f', '--fix', action='store_true', \
- help='modify source files to fix the code style')
+ parser.add_argument('-f', '--fix', action='store_true',
+ help=('modify source files to fix the code style '
+ '(default: print diff, do not modify files)'))
+ # --files is almost useless: it only matters if there are no files
+ # ('code_style.py' without arguments checks all files known to Git,
+ # 'code_style.py --files' does nothing). In particular,
+ # 'code_style.py --fix --files ...' is intended as a stable ("porcelain")
+ # way to restyle a possibly empty set of files.
+ parser.add_argument('--files', action='store_true',
+ help='only check the specified files (default with non-option arguments)')
+ parser.add_argument('operands', nargs='*', metavar='FILE',
+ help='files to check (if none: check files that are known to git)')
args = parser.parse_args()
+ if args.files or args.operands:
+ src_files = args.operands
+ else:
+ src_files = get_src_files()
+
if args.fix:
# Fix mode
return fix_style(src_files)
else:
# Check mode
if check_style_is_correct(src_files):
+ print("Checked {} files, style ok.".format(len(src_files)))
return 0
else:
return 1
diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2013-app-template.vcxproj
similarity index 100%
rename from scripts/data_files/vs2010-app-template.vcxproj
rename to scripts/data_files/vs2013-app-template.vcxproj
diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2013-main-template.vcxproj
similarity index 100%
rename from scripts/data_files/vs2010-main-template.vcxproj
rename to scripts/data_files/vs2013-main-template.vcxproj
diff --git a/scripts/data_files/vs2010-sln-template.sln b/scripts/data_files/vs2013-sln-template.sln
similarity index 87%
rename from scripts/data_files/vs2010-sln-template.sln
rename to scripts/data_files/vs2013-sln-template.sln
index fc65a0b..615ce04 100644
--- a/scripts/data_files/vs2010-sln-template.sln
+++ b/scripts/data_files/vs2013-sln-template.sln
@@ -1,6 +1,8 @@

-Microsoft Visual Studio Solution File, Format Version 11.00
-# Visual C++ Express 2010
+Microsoft Visual Studio Solution File, Format Version 12.00
+# Visual Studio 2013
+VisualStudioVersion = 12.0.31101.0
+MinimumVisualStudioVersion = 10.0.40219.1
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}"
EndProject
APP_ENTRIES
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 5500c6f..4fad322 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -1,9 +1,9 @@
#!/usr/bin/env perl
-# Generate main file, individual apps and solution files for MS Visual Studio
-# 2010
+# Generate main file, individual apps and solution files for
+# MS Visual Studio 2013
#
-# Must be run from mbedTLS root or scripts directory.
+# Must be run from Mbed TLS root or scripts directory.
# Takes no argument.
#
# Copyright The Mbed TLS Contributors
@@ -25,12 +25,12 @@
use strict;
use Digest::MD5 'md5_hex';
-my $vsx_dir = "visualc/VS2010";
+my $vsx_dir = "visualc/VS2013";
my $vsx_ext = "vcxproj";
-my $vsx_app_tpl_file = "scripts/data_files/vs2010-app-template.$vsx_ext";
-my $vsx_main_tpl_file = "scripts/data_files/vs2010-main-template.$vsx_ext";
+my $vsx_app_tpl_file = "scripts/data_files/vs2013-app-template.$vsx_ext";
+my $vsx_main_tpl_file = "scripts/data_files/vs2013-main-template.$vsx_ext";
my $vsx_main_file = "$vsx_dir/mbedTLS.$vsx_ext";
-my $vsx_sln_tpl_file = "scripts/data_files/vs2010-sln-template.sln";
+my $vsx_sln_tpl_file = "scripts/data_files/vs2013-sln-template.sln";
my $vsx_sln_file = "$vsx_dir/mbedTLS.sln";
my $programs_dir = 'programs';
@@ -58,7 +58,7 @@
include
3rdparty/everest/include/
3rdparty/everest/include/everest
- 3rdparty/everest/include/everest/vs2010
+ 3rdparty/everest/include/everest/vs2013
3rdparty/everest/include/everest/kremlib
tests/include
);
@@ -256,7 +256,7 @@
sub main {
if( ! check_dirs() ) {
chdir '..' or die;
- check_dirs or die "Must but run from mbedTLS root or scripts dir\n";
+ check_dirs or die "Must be run from Mbed TLS root or scripts dir\n";
}
# Remove old files to ensure that, for example, project files from deleted
diff --git a/scripts/mbedtls_dev/bignum_mod_raw.py b/scripts/mbedtls_dev/bignum_mod_raw.py
index f9d9899..d197b54 100644
--- a/scripts/mbedtls_dev/bignum_mod_raw.py
+++ b/scripts/mbedtls_dev/bignum_mod_raw.py
@@ -51,6 +51,37 @@
result = (self.int_a - self.int_b) % self.int_n
return [self.format_result(result)]
+class BignumModRawFixQuasiReduction(bignum_common.ModOperationCommon,
+ BignumModRawTarget):
+ """Test cases for ecp quasi_reduction()."""
+ symbol = "-"
+ test_function = "mpi_mod_raw_fix_quasi_reduction"
+ test_name = "fix_quasi_reduction"
+ input_style = "fixed"
+ arity = 1
+
+ # Extend the default values with n < x < 2n
+ input_values = bignum_common.ModOperationCommon.input_values + [
+ "73",
+
+ # First number generated by random.getrandbits(1024) - seed(3,2)
+ "ea7b5bf55eb561a4216363698b529b4a97b750923ceb3ffd",
+
+ # First number generated by random.getrandbits(1024) - seed(1,2)
+ ("cd447e35b8b6d8fe442e3d437204e52db2221a58008a05a6c4647159c324c985"
+ "9b810e766ec9d28663ca828dd5f4b3b2e4b06ce60741c7a87ce42c8218072e8c"
+ "35bf992dc9e9c616612e7696a6cecc1b78e510617311d8a3c2ce6f447ed4d57b"
+ "1e2feb89414c343c1027c4d1c386bbc4cd613e30d8f16adf91b7584a2265b1f5")
+ ] # type: List[str]
+
+ def result(self) -> List[str]:
+ result = self.int_a % self.int_n
+ return [self.format_result(result)]
+
+ @property
+ def is_valid(self) -> bool:
+ return bool(self.int_a < 2 * self.int_n)
+
class BignumModRawMul(bignum_common.ModOperationCommon,
BignumModRawTarget):
"""Test cases for bignum mpi_mod_raw_mul()."""
diff --git a/scripts/mbedtls_dev/crypto_knowledge.py b/scripts/mbedtls_dev/crypto_knowledge.py
index 1a03321..819d92a 100644
--- a/scripts/mbedtls_dev/crypto_knowledge.py
+++ b/scripts/mbedtls_dev/crypto_knowledge.py
@@ -20,7 +20,7 @@
import enum
import re
-from typing import FrozenSet, Iterable, List, Optional, Tuple
+from typing import FrozenSet, Iterable, List, Optional, Tuple, Dict
from .asymmetric_key_data import ASYMMETRIC_KEY_DATA
@@ -148,7 +148,7 @@
'PSA_ECC_FAMILY_BRAINPOOL_P_R1': (160, 192, 224, 256, 320, 384, 512),
'PSA_ECC_FAMILY_MONTGOMERY': (255, 448),
'PSA_ECC_FAMILY_TWISTED_EDWARDS': (255, 448),
- }
+ } # type: Dict[str, Tuple[int, ...]]
KEY_TYPE_SIZES = {
'PSA_KEY_TYPE_AES': (128, 192, 256), # exhaustive
'PSA_KEY_TYPE_ARIA': (128, 192, 256), # exhaustive
@@ -162,7 +162,7 @@
'PSA_KEY_TYPE_PEPPER': (128, 256), # sample
'PSA_KEY_TYPE_RAW_DATA': (8, 40, 128), # sample
'PSA_KEY_TYPE_RSA_KEY_PAIR': (1024, 1536), # small sample
- }
+ } # type: Dict[str, Tuple[int, ...]]
def sizes_to_test(self) -> Tuple[int, ...]:
"""Return a tuple of key sizes to test.
@@ -214,9 +214,7 @@
This function does not currently handle key derivation or PAKE.
"""
#pylint: disable=too-many-branches,too-many-return-statements
- if alg.is_wildcard:
- return False
- if alg.is_invalid_truncation():
+ if not alg.is_valid_for_operation():
return False
if self.head == 'HMAC' and alg.head == 'HMAC':
return True
@@ -248,6 +246,8 @@
# So a public key object with a key agreement algorithm is not
# a valid combination.
return False
+ if alg.is_invalid_key_agreement_with_derivation():
+ return False
if self.head == 'ECC':
assert self.params is not None
eccc = EllipticCurveCategory.from_family(self.params[0])
@@ -414,17 +414,38 @@
self.category = self.determine_category(self.base_expression, self.head)
self.is_wildcard = self.determine_wildcard(self.expression)
- def is_key_agreement_with_derivation(self) -> bool:
- """Whether this is a combined key agreement and key derivation algorithm."""
+ def get_key_agreement_derivation(self) -> Optional[str]:
+ """For a combined key agreement and key derivation algorithm, get the derivation part.
+
+ For anything else, return None.
+ """
if self.category != AlgorithmCategory.KEY_AGREEMENT:
- return False
+ return None
m = re.match(r'PSA_ALG_KEY_AGREEMENT\(\w+,\s*(.*)\)\Z', self.expression)
if not m:
- return False
+ return None
kdf_alg = m.group(1)
# Assume kdf_alg is either a valid KDF or 0.
- return not re.match(r'(?:0[Xx])?0+\s*\Z', kdf_alg)
+ if re.match(r'(?:0[Xx])?0+\s*\Z', kdf_alg):
+ return None
+ return kdf_alg
+ KEY_DERIVATIONS_INCOMPATIBLE_WITH_AGREEMENT = frozenset([
+ 'PSA_ALG_TLS12_ECJPAKE_TO_PMS', # secret input in specific format
+ ])
+ def is_valid_key_agreement_with_derivation(self) -> bool:
+ """Whether this is a valid combined key agreement and key derivation algorithm."""
+ kdf_alg = self.get_key_agreement_derivation()
+ if kdf_alg is None:
+ return False
+ return kdf_alg not in self.KEY_DERIVATIONS_INCOMPATIBLE_WITH_AGREEMENT
+
+ def is_invalid_key_agreement_with_derivation(self) -> bool:
+ """Whether this is an invalid combined key agreement and key derivation algorithm."""
+ kdf_alg = self.get_key_agreement_derivation()
+ if kdf_alg is None:
+ return False
+ return kdf_alg in self.KEY_DERIVATIONS_INCOMPATIBLE_WITH_AGREEMENT
def short_expression(self, level: int = 0) -> str:
"""Abbreviate the expression, keeping it human-readable.
@@ -498,13 +519,26 @@
return True
return False
+ def is_valid_for_operation(self) -> bool:
+ """Whether this algorithm construction is valid for an operation.
+
+ This function assumes that the algorithm is constructed in a
+ "grammatically" correct way, and only rejects semantically invalid
+ combinations.
+ """
+ if self.is_wildcard:
+ return False
+ if self.is_invalid_truncation():
+ return False
+ return True
+
def can_do(self, category: AlgorithmCategory) -> bool:
"""Whether this algorithm can perform operations in the given category.
"""
if category == self.category:
return True
if category == AlgorithmCategory.KEY_DERIVATION and \
- self.is_key_agreement_with_derivation():
+ self.is_valid_key_agreement_with_derivation():
return True
return False
diff --git a/scripts/windows_msbuild.bat b/scripts/windows_msbuild.bat
index e419931..ff2b9f2 100644
--- a/scripts/windows_msbuild.bat
+++ b/scripts/windows_msbuild.bat
@@ -14,7 +14,7 @@
@rem vcvarsall.bat will silently change the directory to that directory.
@rem Setting the VSCMD_START_DIR environment variable causes it to change
@rem to that directory instead.
-set "VSCMD_START_DIR=%~dp0\..\visualc\VS2010"
+set "VSCMD_START_DIR=%~dp0\..\visualc\VS2013"
"%vcvarsall%" x64 && ^
msbuild /t:Rebuild /p:Configuration=%cfg%%retarget% /m mbedTLS.sln
diff --git a/tests/Makefile b/tests/Makefile
index f037338..312607e 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -203,6 +203,7 @@
rm -f src/*.o src/drivers/*.o src/libmbed*
rm -f include/test/instrument_record_status.h
rm -rf libtestdriver1
+ rm -f ../library/libtestdriver1.a
else
if exist *.c del /Q /F *.c
if exist *.exe del /Q /F *.exe
diff --git a/tests/compat.sh b/tests/compat.sh
index fc2bfab..ef82736 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -89,7 +89,7 @@
# - NULL: excluded from our default config + requires OpenSSL legacy
# - ARIA: requires OpenSSL >= 1.1.1
# - ChachaPoly: requires OpenSSL >= 1.1.0
-EXCLUDE='NULL\|ARIA\|CHACHA20-POLY1305'
+EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305'
VERBOSE=""
MEMCHECK=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
@@ -205,7 +205,7 @@
check_openssl_server_bug()
{
if test "X$VERIFY" = "XYES" && is_dtls "$MODE" && \
- echo "$1" | grep "^TLS-PSK" >/dev/null;
+ test "$TYPE" = "PSK";
then
SKIP_NEXT="YES"
fi
@@ -239,9 +239,14 @@
G_CIPHERS=""
}
-check_translation()
+# translate_ciphers {g|m|o} {STANDARD_CIPHER_SUITE_NAME...}
+# Set $ciphers to the cipher suite name translations for the specified
+# program (gnutls, mbedtls or openssl). $ciphers is a space-separated
+# list of entries of the form "STANDARD_NAME=PROGRAM_NAME".
+translate_ciphers()
{
- if [ $1 -ne 0 ]; then
+ ciphers=$(scripts/translate_ciphers.py "$@")
+ if [ $? -ne 0 ]; then
echo "translate_ciphers.py failed with exit code $1" >&2
echo "$2" >&2
exit 1
@@ -258,71 +263,66 @@
"ECDSA")
CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-NULL-SHA \
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 \
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
+ TLS_ECDHE_ECDSA_WITH_NULL_SHA \
"
;;
"RSA")
CIPHERS="$CIPHERS \
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
- TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
- TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-NULL-SHA \
- TLS-RSA-WITH-AES-128-CBC-SHA \
- TLS-RSA-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-WITH-AES-128-GCM-SHA256 \
- TLS-RSA-WITH-AES-256-CBC-SHA \
- TLS-RSA-WITH-AES-256-CBC-SHA256 \
- TLS-RSA-WITH-AES-256-GCM-SHA384 \
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
- TLS-RSA-WITH-NULL-MD5 \
- TLS-RSA-WITH-NULL-SHA \
- TLS-RSA-WITH-NULL-SHA256 \
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA \
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA \
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA \
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \
+ TLS_ECDHE_RSA_WITH_NULL_SHA \
+ TLS_RSA_WITH_AES_128_CBC_SHA \
+ TLS_RSA_WITH_AES_128_CBC_SHA256 \
+ TLS_RSA_WITH_AES_128_GCM_SHA256 \
+ TLS_RSA_WITH_AES_256_CBC_SHA \
+ TLS_RSA_WITH_AES_256_CBC_SHA256 \
+ TLS_RSA_WITH_AES_256_GCM_SHA384 \
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \
+ TLS_RSA_WITH_NULL_MD5 \
+ TLS_RSA_WITH_NULL_SHA \
+ TLS_RSA_WITH_NULL_SHA256 \
"
;;
"PSK")
CIPHERS="$CIPHERS \
- TLS-PSK-WITH-AES-128-CBC-SHA \
- TLS-PSK-WITH-AES-256-CBC-SHA \
+ TLS_PSK_WITH_AES_128_CBC_SHA \
+ TLS_PSK_WITH_AES_256_CBC_SHA \
"
;;
esac
+ O_CIPHERS="$O_CIPHERS $CIPHERS"
+ G_CIPHERS="$G_CIPHERS $CIPHERS"
M_CIPHERS="$M_CIPHERS $CIPHERS"
-
- T=$(./scripts/translate_ciphers.py g $CIPHERS)
- check_translation $? "$T"
- G_CIPHERS="$G_CIPHERS $T"
-
- T=$(./scripts/translate_ciphers.py o $CIPHERS)
- check_translation $? "$T"
- O_CIPHERS="$O_CIPHERS $T"
}
# Ciphersuites usable only with Mbed TLS and OpenSSL
-# A list of ciphersuites in the Mbed TLS convention is compiled and
-# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list
-# is translated to the OpenSSL naming convention and appended to the list of
-# OpenSSL ciphersuites $O_CIPHERS.
+# A list of ciphersuites in the standard naming convention is appended
+# to the list of Mbed TLS ciphersuites $M_CIPHERS and
+# to the list of OpenSSL ciphersuites $O_CIPHERS respectively.
+# Based on client's naming convention, all ciphersuite names will be
+# translated into another naming format before sent to the client.
#
# NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
# so RSA-PSK ciphersuites need to go in other sections, see
@@ -337,57 +337,55 @@
"ECDSA")
CIPHERS="$CIPHERS \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
- TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
- TLS-ECDH-ECDSA-WITH-NULL-SHA \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 \
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 \
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \
+ TLS_ECDH_ECDSA_WITH_NULL_SHA \
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 \
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 \
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
"
;;
"RSA")
CIPHERS="$CIPHERS \
- TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
+ TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 \
+ TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 \
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
+ TLS_RSA_WITH_ARIA_128_GCM_SHA256 \
+ TLS_RSA_WITH_ARIA_256_GCM_SHA384 \
"
;;
"PSK")
CIPHERS="$CIPHERS \
- TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 \
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 \
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256 \
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384 \
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 \
"
;;
esac
+ O_CIPHERS="$O_CIPHERS $CIPHERS"
M_CIPHERS="$M_CIPHERS $CIPHERS"
-
- T=$(./scripts/translate_ciphers.py o $CIPHERS)
- check_translation $? "$T"
- O_CIPHERS="$O_CIPHERS $T"
}
# Ciphersuites usable only with Mbed TLS and GnuTLS
-# A list of ciphersuites in the Mbed TLS convention is compiled and
-# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list
-# is translated to the GnuTLS naming convention and appended to the list of
-# GnuTLS ciphersuites $G_CIPHERS.
+# A list of ciphersuites in the standard naming convention is appended
+# to the list of Mbed TLS ciphersuites $M_CIPHERS and
+# to the list of GnuTLS ciphersuites $G_CIPHERS respectively.
+# Based on client's naming convention, all ciphersuite names will be
+# translated into another naming format before sent to the client.
add_gnutls_ciphersuites()
{
CIPHERS=""
@@ -395,107 +393,104 @@
"ECDSA")
CIPHERS="$CIPHERS \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
- TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM \
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 \
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM \
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 \
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
"
;;
"RSA")
CIPHERS="$CIPHERS \
- TLS-DHE-RSA-WITH-AES-128-CCM \
- TLS-DHE-RSA-WITH-AES-128-CCM-8 \
- TLS-DHE-RSA-WITH-AES-256-CCM \
- TLS-DHE-RSA-WITH-AES-256-CCM-8 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-WITH-AES-128-CCM \
- TLS-RSA-WITH-AES-128-CCM-8 \
- TLS-RSA-WITH-AES-256-CCM \
- TLS-RSA-WITH-AES-256-CCM-8 \
- TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
- TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
+ TLS_DHE_RSA_WITH_AES_128_CCM \
+ TLS_DHE_RSA_WITH_AES_128_CCM_8 \
+ TLS_DHE_RSA_WITH_AES_256_CCM \
+ TLS_DHE_RSA_WITH_AES_256_CCM_8 \
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
+ TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
+ TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
+ TLS_RSA_WITH_AES_128_CCM \
+ TLS_RSA_WITH_AES_128_CCM_8 \
+ TLS_RSA_WITH_AES_256_CCM \
+ TLS_RSA_WITH_AES_256_CCM_8 \
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
+ TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
+ TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
"
;;
"PSK")
CIPHERS="$CIPHERS \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-AES-128-CCM \
- TLS-DHE-PSK-WITH-AES-128-CCM-8 \
- TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
- TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-AES-256-CCM \
- TLS-DHE-PSK-WITH-AES-256-CCM-8 \
- TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-DHE-PSK-WITH-NULL-SHA256 \
- TLS-DHE-PSK-WITH-NULL-SHA384 \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
- TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
- TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-NULL-SHA256 \
- TLS-ECDHE-PSK-WITH-NULL-SHA384 \
- TLS-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-PSK-WITH-AES-128-CCM \
- TLS-PSK-WITH-AES-128-CCM-8 \
- TLS-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-PSK-WITH-AES-256-CCM \
- TLS-PSK-WITH-AES-256-CCM-8 \
- TLS-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-PSK-WITH-NULL-SHA256 \
- TLS-PSK-WITH-NULL-SHA384 \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
- TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-NULL-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA384 \
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA \
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 \
+ TLS_DHE_PSK_WITH_AES_128_CCM \
+ TLS_DHE_PSK_WITH_AES_128_CCM_8 \
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 \
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA \
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 \
+ TLS_DHE_PSK_WITH_AES_256_CCM \
+ TLS_DHE_PSK_WITH_AES_256_CCM_8 \
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 \
+ TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
+ TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 \
+ TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
+ TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 \
+ TLS_DHE_PSK_WITH_NULL_SHA256 \
+ TLS_DHE_PSK_WITH_NULL_SHA384 \
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA \
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 \
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA \
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 \
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
+ TLS_ECDHE_PSK_WITH_NULL_SHA256 \
+ TLS_ECDHE_PSK_WITH_NULL_SHA384 \
+ TLS_PSK_WITH_AES_128_CBC_SHA256 \
+ TLS_PSK_WITH_AES_128_CCM \
+ TLS_PSK_WITH_AES_128_CCM_8 \
+ TLS_PSK_WITH_AES_128_GCM_SHA256 \
+ TLS_PSK_WITH_AES_256_CBC_SHA384 \
+ TLS_PSK_WITH_AES_256_CCM \
+ TLS_PSK_WITH_AES_256_CCM_8 \
+ TLS_PSK_WITH_AES_256_GCM_SHA384 \
+ TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
+ TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 \
+ TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
+ TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 \
+ TLS_PSK_WITH_NULL_SHA256 \
+ TLS_PSK_WITH_NULL_SHA384 \
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA \
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 \
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 \
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA \
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 \
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 \
+ TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
+ TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 \
+ TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
+ TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 \
+ TLS_RSA_PSK_WITH_NULL_SHA256 \
+ TLS_RSA_PSK_WITH_NULL_SHA384 \
"
;;
esac
+ G_CIPHERS="$G_CIPHERS $CIPHERS"
M_CIPHERS="$M_CIPHERS $CIPHERS"
-
- T=$(./scripts/translate_ciphers.py g $CIPHERS)
- check_translation $? "$T"
- G_CIPHERS="$G_CIPHERS $T"
}
# Ciphersuites usable only with Mbed TLS (not currently supported by another
-# peer usable in this script). This provide only very rudimentaty testing, as
+# peer usable in this script). This provides only very rudimentaty testing, as
# this is not interop testing, but it's better than nothing.
add_mbedtls_ciphersuites()
{
@@ -503,48 +498,48 @@
"ECDSA")
M_CIPHERS="$M_CIPHERS \
- TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
- TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
- TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 \
+ TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 \
+ TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 \
+ TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 \
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 \
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 \
"
;;
"RSA")
M_CIPHERS="$M_CIPHERS \
- TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
+ TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 \
+ TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 \
+ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \
+ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \
+ TLS_RSA_WITH_ARIA_128_CBC_SHA256 \
+ TLS_RSA_WITH_ARIA_256_CBC_SHA384 \
"
;;
"PSK")
- # *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
+ # *PSK_NULL_SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
M_CIPHERS="$M_CIPHERS \
- TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-DHE-PSK-WITH-NULL-SHA \
- TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-ECDHE-PSK-WITH-NULL-SHA \
- TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-PSK-WITH-NULL-SHA \
- TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
- TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
- TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
- TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
- TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
- TLS-RSA-PSK-WITH-NULL-SHA \
+ TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 \
+ TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 \
+ TLS_DHE_PSK_WITH_NULL_SHA \
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 \
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 \
+ TLS_ECDHE_PSK_WITH_NULL_SHA \
+ TLS_PSK_WITH_ARIA_128_CBC_SHA256 \
+ TLS_PSK_WITH_ARIA_256_CBC_SHA384 \
+ TLS_PSK_WITH_NULL_SHA \
+ TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 \
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 \
+ TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 \
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 \
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 \
+ TLS_RSA_PSK_WITH_NULL_SHA \
"
;;
esac
@@ -684,7 +679,11 @@
# is_mbedtls <cmd_line>
is_mbedtls() {
- echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
+ case $1 in
+ *ssl_client2*) true;;
+ *ssl_server2*) true;;
+ *) false;;
+ esac
}
# has_mem_err <log_file_name>
@@ -753,15 +752,17 @@
echo "$SERVER_CMD" > $SRV_OUT
# for servers without -www or equivalent
while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 &
- PROCESS_ID=$!
+ SRV_PID=$!
- wait_server_start "$PORT" "$PROCESS_ID"
+ wait_server_start "$PORT" "$SRV_PID"
}
# terminate the running server
stop_server() {
- kill $PROCESS_ID 2>/dev/null
- wait $PROCESS_ID 2>/dev/null
+ # For Ubuntu 22.04, `Terminated` message is outputed by wait command.
+ # To remove it from stdout, redirect stdout/stderr to SRV_OUT
+ kill $SRV_PID >/dev/null 2>&1
+ wait $SRV_PID >> $SRV_OUT 2>&1
if [ "$MEMCHECK" -gt 0 ]; then
if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then
@@ -777,7 +778,7 @@
# kill the running server (used when killed by signal)
cleanup() {
rm -f $SRV_OUT $CLI_OUT
- kill $PROCESS_ID >/dev/null 2>&1
+ kill $SRV_PID >/dev/null 2>&1
kill $WATCHDOG_PID >/dev/null 2>&1
exit 1
}
@@ -790,25 +791,25 @@
( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) &
WATCHDOG_PID=$!
- wait $CLI_PID
+ # For Ubuntu 22.04, `Terminated` message is outputed by wait command.
+ # To remove it from stdout, redirect stdout/stderr to CLI_OUT
+ wait $CLI_PID >> $CLI_OUT 2>&1
EXIT=$?
- kill $WATCHDOG_PID
- wait $WATCHDOG_PID
+ kill $WATCHDOG_PID >/dev/null 2>&1
+ wait $WATCHDOG_PID >> $CLI_OUT 2>&1
echo "EXIT: $EXIT" >> $CLI_OUT
}
-# run_client <name> <cipher>
+# run_client PROGRAM_NAME STANDARD_CIPHER_SUITE PROGRAM_CIPHER_SUITE
run_client() {
# announce what we're going to do
TESTS=$(( $TESTS + 1 ))
- VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
- TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
+ TITLE="${1%"${1#?}"}->${SERVER_NAME%"${SERVER_NAME#?}"}"
TITLE="$TITLE $MODE,$VERIF $2"
- printf "%s " "$TITLE"
- LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
- for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
+ DOTS72="........................................................................"
+ printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72"
# should we skip?
if [ "X$SKIP_NEXT" = "XYES" ]; then
@@ -821,7 +822,7 @@
# run the command and interpret result
case $1 in
[Oo]pen*)
- CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $2"
+ CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $3"
log "$CLIENT_CMD"
echo "$CLIENT_CMD" > $CLI_OUT
printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
@@ -846,7 +847,7 @@
else
G_HOST="localhost"
fi
- CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 $G_HOST"
+ CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$3 $G_HOST"
log "$CLIENT_CMD"
echo "$CLIENT_CMD" > $CLI_OUT
printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
@@ -868,7 +869,7 @@
;;
mbed*)
- CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2"
+ CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$3"
if [ "$MEMCHECK" -gt 0 ]; then
CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
fi
@@ -1001,6 +1002,7 @@
trap cleanup INT TERM HUP
for VERIFY in $VERIFIES; do
+ VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
for MODE in $MODES; do
for TYPE in $TYPES; do
for PEER in $PEERS; do
@@ -1031,17 +1033,19 @@
if [ "X" != "X$M_CIPHERS" ]; then
start_server "OpenSSL"
- for i in $M_CIPHERS; do
- check_openssl_server_bug $i
- run_client mbedTLS $i
+ translate_ciphers m $M_CIPHERS
+ for i in $ciphers; do
+ check_openssl_server_bug
+ run_client mbedTLS ${i%%=*} ${i#*=}
done
stop_server
fi
if [ "X" != "X$O_CIPHERS" ]; then
start_server "mbedTLS"
- for i in $O_CIPHERS; do
- run_client OpenSSL $i
+ translate_ciphers o $O_CIPHERS
+ for i in $ciphers; do
+ run_client OpenSSL ${i%%=*} ${i#*=}
done
stop_server
fi
@@ -1057,16 +1061,18 @@
if [ "X" != "X$M_CIPHERS" ]; then
start_server "GnuTLS"
- for i in $M_CIPHERS; do
- run_client mbedTLS $i
+ translate_ciphers m $M_CIPHERS
+ for i in $ciphers; do
+ run_client mbedTLS ${i%%=*} ${i#*=}
done
stop_server
fi
if [ "X" != "X$G_CIPHERS" ]; then
start_server "mbedTLS"
- for i in $G_CIPHERS; do
- run_client GnuTLS $i
+ translate_ciphers g $G_CIPHERS
+ for i in $ciphers; do
+ run_client GnuTLS ${i%%=*} ${i#*=}
done
stop_server
fi
@@ -1084,8 +1090,9 @@
if [ "X" != "X$M_CIPHERS" ]; then
start_server "mbedTLS"
- for i in $M_CIPHERS; do
- run_client mbedTLS $i
+ translate_ciphers m $M_CIPHERS
+ for i in $ciphers; do
+ run_client mbedTLS ${i%%=*} ${i#*=}
done
stop_server
fi
@@ -1106,8 +1113,7 @@
echo "------------------------------------------------------------------------"
-if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ];
-then
+if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ]; then
printf "FAILED"
else
printf "PASSED"
@@ -1123,4 +1129,9 @@
echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))"
FAILED=$(( $FAILED + $SRVMEM ))
+if [ $FAILED -gt 255 ]; then
+ # Clamp at 255 as caller gets exit code & 0xFF
+ # (so 256 would be 0, or success, etc)
+ FAILED=255
+fi
exit $FAILED
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index 388b0ce..9c7a95d 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -972,6 +972,15 @@
server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial
+ $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
+server1.80serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ echo "8011223344" > test-ca.server1.tmp.serial
+ $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
+server1.long_serial_FF.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
+ echo "ffffffffffffffffffffffffffffffff" > test-ca.server1.tmp.serial
+ $(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
server1.crt.der: server1.crt
diff --git a/tests/data_files/server1.80serial.crt b/tests/data_files/server1.80serial.crt
new file mode 100644
index 0000000..3ce8570
--- /dev/null
+++ b/tests/data_files/server1.80serial.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDRDCCAiygAwIBAgIGAIARIjNEMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDwxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDEaMBgGA1UEAwwRUG9sYXJTU0wgU2VydmVyIDEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAh89QGrVVVOL/TbugmUu
+FWFeib+46EWQ2+6IFlLT8UNQR5YSWWSHa/0r4Eb5c77dz5LhkVvtZqBviSl5RYDQ
+g2rVQUN3Xzl8CQRHgrBXOXDto+wVGR6oMwhHwQVCqf1Mw7Tf3QYfTRBRQGdzEw9A
++G2BJV8KsVPGMH4VOaz5Wu5/kp6mBVvnE5eFtSOS2dQkBtUJJYl1B92mGo8/CRm+
+rWUsZOuVm9z+QV4XptpsW2nMAroULBYknErczdD3Umdz8S2gI/1+9DHKLXDKiQsE
+2y6mT3Buns69WIniU1meblqSZeKIPwyUGaPd5eidlRPtKdurcBLcWsprF6tSglSx
+AgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1D
+WQKmMB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQBJKeTUCctb/wCxBte2AIiaTfATzukTVtGhKkdy3cY6U2DVSXc+s+jr
+Kut8AYnjp1T6bho98RHbbk+hu+0gBWL2ysJd1+slLBUEotUMTkzgA1YdBXy9J/eM
+HJ2a0ydFll/m2rXx7RRJWSbcgPZxQLDfollnNVfhcb75O3GsT3YfEIsjLmon7NHr
+rJmTp773trg0cNJ6j5dKMA/2SQH5PL1cmcFgNfVZ+etNRIhwpIQYySWJ/468Mcg5
+ZKPY6nubIIj+HPB3Mhy8d9U3gAJvc9iEdzbKjrkJdVROONsyMYge4vnbjyKUr7/m
+ZN1O6pZy9Fvgbdhvx4ZHpfgEsa1qfLCH
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.long_serial.crt b/tests/data_files/server1.long_serial.crt
new file mode 100644
index 0000000..1bd6955
--- /dev/null
+++ b/tests/data_files/server1.long_serial.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjqgAwIBAgIUESIzRFVmd4iZqrvM3e7/ABEiM0QwDQYJKoZIhvcNAQEF
+BQAwOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQ
+b2xhclNTTCBUZXN0IENBMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0NDQwNlow
+PDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRowGAYDVQQDDBFQb2xh
+clNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkC
+Hz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3P
+kuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzD
+tN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG
+1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3Px
+LaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p
+26twEtxaymsXq1KCVLECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TW
+PynBdHRFOwUSLD2ovUNZAqYwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH
+/f8wDQYJKoZIhvcNAQEFBQADggEBAC9qt4BC8zKb5o00ZVtTX0XYKWchHKYSrHk2
+r+zfW8pRcSaTGRTtMGkF7vozFrCX4Pr4vCKXOYFKQ/UEpWv5WzW7nB0+Ja0g4gnc
+9bLtg51n+IIG93ITGDm5+9YpsX6HsXSBpfY0vo9TwKg3bG1X26WG8j6m+V684hwV
+yveRUIrSvvgVJOBSe5rhn/pLmcpbI0nkPBGlqPd10qWc0RYSrSAa3bq/dpoqR7hY
+BGbbV1/9IgFhr2r44R17bhqevK3VhK4KOPRT5VMXjTh1iG4L13lIxBIuu+Lw0Pc0
+s+gQTGntA/sZkijC7mw0/q3nsRDKhHHXTDf2gjdUhMvFwYzmKBI=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.long_serial_FF.crt b/tests/data_files/server1.long_serial_FF.crt
new file mode 100644
index 0000000..8094fd7
--- /dev/null
+++ b/tests/data_files/server1.long_serial_FF.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIRAP////////////////////8wDQYJKoZIhvcNAQEFBQAw
+OzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xh
+clNTTCBUZXN0IENBMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0NDQwNlowPDEL
+MAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRowGAYDVQQDDBFQb2xhclNT
+TCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1A
+atVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGR
+W+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/d
+Bh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1Qkl
+iXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj
+/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26tw
+EtxaymsXq1KCVLECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynB
+dHRFOwUSLD2ovUNZAqYwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8w
+DQYJKoZIhvcNAQEFBQADggEBADYfhZU2lWxBamt7m3A4XQj6bZ4BZlabv5IbLI32
+nej6w/6/gsXPI85nfZqpIn6IYwAeDRdJo/eUqYkIdoy5DEP+50pgCGJK5HAoBWVJ
+THKeVJn/vPH3Dz/CaCYQoHTmSi+ChfIhPh84UUdfVpv2qNInII4RxFlSAHUkRMbV
+BX6imMSD5M508G6vWGUUc6G/sx/s7vtVeGGPyNOQPgwMTes60Mewpu9LKKaSwfqQ
+DgEa8WzxPrPEyOUiIp7ClwlXe3JECHIjm445qmENgfY/8tlsyAdYKSkotfiuoUWb
+daylD6QVUXn67loYDPZALghpDxmSm21VE7feTWOUbOpe14U=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.server1.test_serial.opensslconf b/tests/data_files/test-ca.server1.test_serial.opensslconf
new file mode 100644
index 0000000..43a520e
--- /dev/null
+++ b/tests/data_files/test-ca.server1.test_serial.opensslconf
@@ -0,0 +1,25 @@
+ [ ca ]
+ default_ca = test-ca
+
+ [ test-ca ]
+ certificate = test-ca.crt
+ private_key = test-ca.key
+ serial = test-ca.server1.tmp.serial
+ default_md = sha1
+ default_startdate = 20190210144406Z
+ default_enddate = 20290210144406Z
+ x509_extensions = v3_ca
+ new_certs_dir = ./
+ database = ./test-ca.server1.db
+ policy = policy_match
+ unique_subject = no
+
+ [v3_ca]
+ basicConstraints = CA:false
+ subjectKeyIdentifier=hash
+ authorityKeyIdentifier=keyid:always
+
+ [policy_match]
+ countryName = supplied
+ organizationName = supplied
+ commonName = supplied
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 3aaf3f3..821a37b 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -323,3 +323,171 @@
-c "EncryptedExtensions: early_data(42) extension received." \
-c "EncryptedExtensions: early_data(42) extension ( ignored )."
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/none." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "No suitable key exchange mode" \
+ -s "No matched PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "No suitable key exchange mode" \
+ -s "found matched identity"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_ephemeral." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "No suitable key exchange mode" \
+ -s "No matched PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk/psk_all." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \
+ "$P_CLI debug_level=4 tls13_kex_modes=psk_or_ephemeral reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "No suitable key exchange mode" \
+ -s "found matched identity"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/none." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "No suitable key exchange mode" \
+ -s "No matched PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "No suitable key exchange mode" \
+ -s "No matched PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_ephemeral." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "No suitable key exchange mode" \
+ -s "found matched identity"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_ephemeral/psk_all." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \
+ "$P_CLI debug_level=4 tls13_kex_modes=ephemeral_all reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "No suitable key exchange mode" \
+ -s "found matched identity"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/none." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=7" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "sent selected_identity:" \
+ -s "key exchange mode: ephemeral" \
+ -S "key exchange mode: psk_ephemeral" \
+ -S "key exchange mode: psk$" \
+ -s "No suitable key exchange mode" \
+ -s "No matched PSK or ticket"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=8" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "No suitable key exchange mode" \
+ -s "found matched identity"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_ephemeral." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=9" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "No suitable key exchange mode" \
+ -s "found matched identity"
+
+requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 m->m: Resumption with ticket flags, psk_all/psk_all." \
+ "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 dummy_ticket=10" \
+ "$P_CLI debug_level=4 tls13_kex_modes=all reconnect=1" \
+ 0 \
+ -c "Pre-configured PSK number = 1" \
+ -S "No suitable key exchange mode" \
+ -s "found matched identity"
+
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1e10da0..883d58b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -133,13 +133,14 @@
pre_initialize_variables () {
CONFIG_H='include/mbedtls/mbedtls_config.h'
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
+ CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
# Files that are clobbered by some jobs will be backed up. Use a different
# suffix from auxiliary scripts so that all.sh and auxiliary scripts can
# independently decide when to remove the backup file.
backup_suffix='.all.bak'
# Files clobbered by config.py
- files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H"
+ files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
# Files clobbered by in-tree cmake
files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
@@ -1767,6 +1768,9 @@
msg "test: make, full_no_deprecated config" # ~ 5s
make test
+
+ msg "test: ensure that X509 has no direct dependency on BIGNUM_C"
+ not grep mbedtls_mpi library/libmbedx509.a
}
component_test_full_no_deprecated_deprecated_warning () {
@@ -1948,6 +1952,18 @@
tests/scripts/depends.py pkalgs
}
+component_build_no_pk_rsa_alt_support () {
+ msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s
+
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_PK_RSA_ALT_SUPPORT
+ scripts/config.py set MBEDTLS_RSA_C
+ scripts/config.py set MBEDTLS_X509_CRT_WRITE_C
+
+ # Only compile - this is primarily to test for compile issues
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy'
+}
+
component_build_module_alt () {
msg "build: MBEDTLS_XXX_ALT" # ~30s
scripts/config.py full
@@ -2028,6 +2044,12 @@
component_test_psa_crypto_config_accel_ecdsa () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
+ # Algorithms and key types to accelerate
+ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
+
+ # Configure and build the test driver library
+ # -------------------------------------------
+
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
@@ -2038,32 +2060,121 @@
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
- loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
- # Restore test driver base configuration
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA224_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA384_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
+ # Configure and build the test driver library
+ # -------------------------------------------
+ # Start from default config (no USE_PSA) + driver support + TLS 1.3
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
- scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
+ scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
+
+ # Disable the module that's accelerated
scripts/config.py unset MBEDTLS_ECDSA_C
+
+ # Disable things that depend on it
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ # Build the library
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+ # Make sure ECDSA was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
+ # Run the tests
+ # -------------
+
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA"
make test
}
+# Auxiliary function to build config for hashes with and without drivers
+config_psa_crypto_config_ecdsa_use_psa () {
+ DRIVER_ONLY="$1"
+ # start with config full for maximum coverage (also enables USE_PSA)
+ scripts/config.py full
+ # enable support for drivers and configuring PSA-only algorithms
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
+ if [ "$DRIVER_ONLY" -eq 1 ]; then
+ # Disable the module that's accelerated
+ scripts/config.py unset MBEDTLS_ECDSA_C
+ fi
+ # Disable things that depend on it
+ # TODO: make these work - #6862
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+}
+
+# Keep in sync with component_test_psa_crypto_config_reference_ecdsa_use_psa
+component_test_psa_crypto_config_accel_ecdsa_use_psa () {
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA"
+
+ # Algorithms and key types to accelerate
+ loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA KEY_TYPE_ECC_KEY_PAIR KEY_TYPE_ECC_PUBLIC_KEY"
+
+ # Configure and build the test driver library
+ # -------------------------------------------
+
+ # Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
+ # partial support for cipher operations in the driver test library.
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ # All SHA-2 variants are needed for ECDSA signature tests,
+ # but only SHA-256 is enabled by default, so enable the others.
+ scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA224_C
+ scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C
+ scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
+
+ loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
+ make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
+
+ # Configure and build the main libraries with drivers enabled
+ # -----------------------------------------------------------
+
+ # Use the same config as reference, only without built-in ECDSA
+ config_psa_crypto_config_ecdsa_use_psa 1
+
+ # Build the library
+ loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
+ make CFLAGS="$ASAN_CFLAGS -O -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
+
+ # Make sure ECDSA was not re-enabled by accident (additive config)
+ not grep mbedtls_ecdsa_ library/ecdsa.o
+
+ # Run the tests
+ # -------------
+
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA"
+ make test
+
+ # TODO: ssl-opt.sh (currently doesn't pass) - #6861
+}
+
+# Keep in sync with component_test_psa_crypto_config_accel_ecdsa_use_psa.
+# Used by tests/scripts/analyze_outcomes.py for comparison purposes.
+component_test_psa_crypto_config_reference_ecdsa_use_psa () {
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA"
+
+ # To be aligned with the accel component that needs this
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
+
+ config_psa_crypto_config_ecdsa_use_psa 0
+
+ make
+
+ msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDSA + USE_PSA"
+ make test
+
+ # TODO: ssl-opt.sh (when the accel component is ready) - #6861
+}
+
component_test_psa_crypto_config_accel_ecdh () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated ECDH"
@@ -2141,15 +2252,6 @@
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
- # Restore test driver base configuration
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA224_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_MD_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C
- scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_BASE64_C
-
-
# Mbed TLS library build
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index bb44396..2cdcbf1 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -61,24 +61,32 @@
# fixed this branch to have full coverage of test cases.
results.warning('Test case not executed: {}', key)
-def analyze_driver_vs_reference(outcomes, component_ref, component_driver, ignored_tests):
+def analyze_driver_vs_reference(outcomes, component_ref, component_driver,
+ ignored_suites, ignored_test=None):
"""Check that all tests executed in the reference component are also
executed in the corresponding driver component.
- Skip test suites provided in ignored_tests list.
+ Skip:
+ - full test suites provided in ignored_suites list
+ - only some specific test inside a test suite, for which the corresponding
+ output string is provided
"""
available = check_test_cases.collect_available_test_cases()
result = True
for key in available:
- # Skip ignored test suites
- test_suite = key.split(';')[0] # retrieve test suit name
- test_suite = test_suite.split('.')[0] # retrieve main part of test suit name
- if test_suite in ignored_tests:
- continue
# Continue if test was not executed by any component
hits = outcomes[key].hits() if key in outcomes else 0
if hits == 0:
continue
+ # Skip ignored test suites
+ full_test_suite = key.split(';')[0] # retrieve full test suite name
+ test_string = key.split(';')[1] # retrieve the text string of this test
+ test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name
+ if test_suite in ignored_suites:
+ continue
+ if ((full_test_suite in ignored_test) and
+ (test_string in ignored_test[full_test_suite])):
+ continue
# Search for tests that run in reference component and not in driver component
driver_test_passed = False
reference_test_passed = False
@@ -87,8 +95,8 @@
driver_test_passed = True
if component_ref in entry:
reference_test_passed = True
- if(driver_test_passed is False and reference_test_passed is True):
- print('{}: driver: skipped/failed; reference: passed'.format(key))
+ if(reference_test_passed and not driver_test_passed):
+ print(key)
result = False
return result
@@ -123,30 +131,65 @@
"""Perform coverage analysis."""
del args # unused
outcomes = read_outcome_file(outcome_file)
+ print("\n*** Analyze coverage ***\n")
results = analyze_outcomes(outcomes)
return results.error_count == 0
def do_analyze_driver_vs_reference(outcome_file, args):
"""Perform driver vs reference analyze."""
- ignored_tests = ['test_suite_' + x for x in args['ignored_suites']]
+ ignored_suites = ['test_suite_' + x for x in args['ignored_suites']]
outcomes = read_outcome_file(outcome_file)
+ print("\n*** Analyze driver {} vs reference {} ***\n".format(
+ args['component_driver'], args['component_ref']))
return analyze_driver_vs_reference(outcomes, args['component_ref'],
- args['component_driver'], ignored_tests)
+ args['component_driver'], ignored_suites,
+ args['ignored_tests'])
# List of tasks with a function that can handle this task and additional arguments if required
TASKS = {
'analyze_coverage': {
'test_function': do_analyze_coverage,
- 'args': {}},
+ 'args': {}
+ },
+ # How to use analyze_driver_vs_reference_xxx locally:
+ # 1. tests/scripts/all.sh --outcome-file "$PWD/out.csv" <component_ref> <component_driver>
+ # 2. tests/scripts/analyze_outcomes.py out.csv analyze_driver_vs_reference_xxx
'analyze_driver_vs_reference_hash': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_psa_crypto_config_reference_hash_use_psa',
'component_driver': 'test_psa_crypto_config_accel_hash_use_psa',
- 'ignored_suites': ['shax', 'mdx', # the software implementations that are being excluded
- 'md', # the legacy abstraction layer that's being excluded
- ]}}
+ 'ignored_suites': [
+ 'shax', 'mdx', # the software implementations that are being excluded
+ 'md', # the legacy abstraction layer that's being excluded
+ ],
+ 'ignored_tests': {
+ }
+ }
+ },
+ 'analyze_driver_vs_reference_ecdsa': {
+ 'test_function': do_analyze_driver_vs_reference,
+ 'args': {
+ 'component_ref': 'test_psa_crypto_config_reference_ecdsa_use_psa',
+ 'component_driver': 'test_psa_crypto_config_accel_ecdsa_use_psa',
+ 'ignored_suites': [
+ 'ecdsa', # the software implementation that's excluded
+ # the following lines should not be needed,
+ # they will be removed by upcoming work
+ 'pk', # #6857
+ 'x509parse', # #6858
+ 'x509write', # #6858
+ 'debug', # #6860
+ 'ssl', # #6860
+ ],
+ 'ignored_tests': {
+ 'test_suite_random': [
+ 'PSA classic wrapper: ECDSA signature (SECP256R1)',
+ ],
+ }
+ }
+ },
}
def main():
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 946794c..2bb9fea 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -134,7 +134,7 @@
# generate_visualc_files enumerates source files (library/*.c). It doesn't
# care about their content, but the files must exist. So it must run after
# the step that creates or updates these files.
-check scripts/generate_visualc_files.pl visualc/VS2010
+check scripts/generate_visualc_files.pl visualc/VS2013
check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
check tests/scripts/generate_bignum_tests.py $(tests/scripts/generate_bignum_tests.py --list)
check tests/scripts/generate_psa_tests.py $(tests/scripts/generate_psa_tests.py --list)
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index d20ec2e..352b55e 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -268,7 +268,7 @@
heading = "Invalid UTF-8 or forbidden character:"
- # Only allow valid UTF-8, and only white-listed characters.
+ # Only allow valid UTF-8, and only other explicitly allowed characters.
# We deliberately exclude all characters that aren't a simple non-blank,
# non-zero-width glyph, apart from a very small set (tab, ordinary space,
# line breaks, "basic" no-break space and soft hyphen). In particular,
@@ -285,6 +285,7 @@
'\u2070\u2071\u2074-\u208E\u2090-\u209C', # Superscripts and Subscripts
'\u2190-\u21FF', # Arrows
'\u2200-\u22FF', # Mathematical Symbols
+ '\u2500-\u257F' # Box Drawings characters used in markdown trees
])
# Allow any of the characters and ranges above, and anything classified
# as a word constituent.
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 7398f3c..e6a38ba 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -268,13 +268,13 @@
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
])
- identifiers = self.parse_identifiers([
+ identifiers, excluded_identifiers = self.parse_identifiers([
"include/mbedtls/*.h",
"include/psa/*.h",
"library/*.h",
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
- ])
+ ], ["3rdparty/p256-m/p256-m/p256-m.h"])
mbed_psa_words = self.parse_mbed_psa_words([
"include/mbedtls/*.h",
"include/psa/*.h",
@@ -311,6 +311,7 @@
"private_macros": all_macros["private"],
"enum_consts": enum_consts,
"identifiers": identifiers,
+ "excluded_identifiers": excluded_identifiers,
"symbols": symbols,
"mbed_psa_words": mbed_psa_words
}
@@ -324,12 +325,42 @@
return True
return False
- def get_files(self, include_wildcards, exclude_wildcards):
+ def get_all_files(self, include_wildcards, exclude_wildcards):
"""
- Get all files that match any of the UNIX-style wildcards. While the
- check_names script is designed only for use on UNIX/macOS (due to nm),
- this function alone would work fine on Windows even with forward slashes
- in the wildcard.
+ Get all files that match any of the included UNIX-style wildcards
+ and filter them into included and excluded lists.
+ While the check_names script is designed only for use on UNIX/macOS
+ (due to nm), this function alone will work fine on Windows even with
+ forward slashes in the wildcard.
+
+ Args:
+ * include_wildcards: a List of shell-style wildcards to match filepaths.
+ * exclude_wildcards: a List of shell-style wildcards to exclude.
+
+ Returns:
+ * inc_files: A List of relative filepaths for included files.
+ * exc_files: A List of relative filepaths for excluded files.
+ """
+ accumulator = set()
+ all_wildcards = include_wildcards + (exclude_wildcards or [])
+ for wildcard in all_wildcards:
+ accumulator = accumulator.union(glob.iglob(wildcard))
+
+ inc_files = []
+ exc_files = []
+ for path in accumulator:
+ if self.is_file_excluded(path, exclude_wildcards):
+ exc_files.append(path)
+ else:
+ inc_files.append(path)
+ return (inc_files, exc_files)
+
+ def get_included_files(self, include_wildcards, exclude_wildcards):
+ """
+ Get all files that match any of the included UNIX-style wildcards.
+ While the check_names script is designed only for use on UNIX/macOS
+ (due to nm), this function alone will work fine on Windows even with
+ forward slashes in the wildcard.
Args:
* include_wildcards: a List of shell-style wildcards to match filepaths.
@@ -360,7 +391,7 @@
"asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
)
- files = self.get_files(include, exclude)
+ files = self.get_included_files(include, exclude)
self.log.debug("Looking for macros in {} files".format(len(files)))
macros = []
@@ -395,7 +426,7 @@
mbed_regex = re.compile(r"\b(MBED.+?|PSA)_[A-Z0-9_]*")
exclusions = re.compile(r"// *no-check-names|#error")
- files = self.get_files(include, exclude)
+ files = self.get_included_files(include, exclude)
self.log.debug(
"Looking for MBED|PSA words in {} files"
.format(len(files))
@@ -428,7 +459,7 @@
Returns a List of Match objects for the findings.
"""
- files = self.get_files(include, exclude)
+ files = self.get_included_files(include, exclude)
self.log.debug("Looking for enum consts in {} files".format(len(files)))
# Emulate a finite state machine to parse enum declarations.
@@ -611,23 +642,34 @@
"""
Parse all lines of a header where a function/enum/struct/union/typedef
identifier is declared, based on some regex and heuristics. Highly
- dependent on formatting style.
+ dependent on formatting style. Identifiers in excluded files are still
+ parsed
Args:
* include: A List of glob expressions to look for files through.
* exclude: A List of glob expressions for excluding files.
- Returns a List of Match objects with identifiers.
+ Returns: a Tuple of two Lists of Match objects with identifiers.
+ * included_identifiers: A List of Match objects with identifiers from
+ included files.
+ * excluded_identifiers: A List of Match objects with identifiers from
+ excluded files.
"""
- files = self.get_files(include, exclude)
- self.log.debug("Looking for identifiers in {} files".format(len(files)))
+ included_files, excluded_files = \
+ self.get_all_files(include, exclude)
- identifiers = []
- for header_file in files:
- self.parse_identifiers_in_file(header_file, identifiers)
+ self.log.debug("Looking for included identifiers in {} files".format \
+ (len(included_files)))
- return identifiers
+ included_identifiers = []
+ excluded_identifiers = []
+ for header_file in included_files:
+ self.parse_identifiers_in_file(header_file, included_identifiers)
+ for header_file in excluded_files:
+ self.parse_identifiers_in_file(header_file, excluded_identifiers)
+
+ return (included_identifiers, excluded_identifiers)
def parse_symbols(self):
"""
@@ -789,10 +831,12 @@
Returns the number of problems that need fixing.
"""
problems = []
+ all_identifiers = self.parse_result["identifiers"] + \
+ self.parse_result["excluded_identifiers"]
for symbol in self.parse_result["symbols"]:
found_symbol_declared = False
- for identifier_match in self.parse_result["identifiers"]:
+ for identifier_match in all_identifiers:
if symbol == identifier_match.name:
found_symbol_declared = True
break
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index d4fe4fd..52ca412 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -419,11 +419,8 @@
exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \
'|MBEDTLS_SHA224_' \
'|MBEDTLS_SHA384_'),
- # Key exchange types. Only build the library and the sample
- # programs.
- 'kex': ExclusiveDomain(key_exchange_symbols,
- [build_command + ['lib'],
- build_command + ['-C', 'programs']]),
+ # Key exchange types.
+ 'kex': ExclusiveDomain(key_exchange_symbols, build_and_test),
'pkalgs': ComplementaryDomain(['MBEDTLS_ECDSA_C',
'MBEDTLS_ECP_C',
'MBEDTLS_PKCS1_V21',
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
index 2c523ba..e355073 100755
--- a/tests/scripts/doxygen.sh
+++ b/tests/scripts/doxygen.sh
@@ -35,7 +35,7 @@
grep -v "warning: ignoring unsupported tag" \
> doc.filtered
-if egrep "(warning|error):" doc.filtered; then
+if grep -E "(warning|error):" doc.filtered; then
echo "FAIL" >&2
exit 1;
fi
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index b271048..752e7ca 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -151,14 +151,16 @@
tc.set_arguments([key_type] + list(args))
return tc
-class NotSupported:
- """Generate test cases for when something is not supported."""
+class KeyTypeNotSupported:
+ """Generate test cases for when a key type is not supported."""
def __init__(self, info: Information) -> None:
self.constructors = info.constructors
ALWAYS_SUPPORTED = frozenset([
'PSA_KEY_TYPE_DERIVE',
+ 'PSA_KEY_TYPE_PASSWORD',
+ 'PSA_KEY_TYPE_PASSWORD_HASH',
'PSA_KEY_TYPE_RAW_DATA',
'PSA_KEY_TYPE_HMAC'
])
@@ -355,7 +357,7 @@
dependencies[i] = '!' + dep
tc.set_dependencies(dependencies)
tc.set_function(category.name.lower() + '_fail')
- arguments = []
+ arguments = [] # type: List[str]
if kt:
key_material = kt.key_material(kt.sizes_to_test()[0])
arguments += [key_type, test_case.hex_string(key_material)]
@@ -522,7 +524,7 @@
key_type: psa_storage.Expr, bits: int,
alg: psa_storage.Expr
) -> bool:
- """Whether to the given key with the given algorithm.
+ """Whether to exercise the given key with the given algorithm.
Normally only the type and algorithm matter for compatibility, and
this is handled in crypto_knowledge.KeyType.can_do(). This function
@@ -900,7 +902,7 @@
'test_suite_psa_crypto_generate_key.generated':
lambda info: KeyGenerate(info).test_cases_for_key_generation(),
'test_suite_psa_crypto_not_supported.generated':
- lambda info: NotSupported(info).test_cases_for_not_supported(),
+ lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(),
'test_suite_psa_crypto_op_fail.generated':
lambda info: OpFail(info).all_test_cases(),
'test_suite_psa_crypto_storage_format.current':
diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index 779a16f..6b41607 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -46,7 +46,7 @@
result = name_check.parse_identifiers([
"include/mbedtls/*_internal.h",
"library/*.h"
- ])
+ ])[0]
result.sort(key=lambda x: x.name)
identifiers = ["{}\n".format(match.name) for match in result]
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
index d5f847f..a8db4bb 100755
--- a/tests/scripts/translate_ciphers.py
+++ b/tests/scripts/translate_ciphers.py
@@ -18,8 +18,7 @@
# limitations under the License.
"""
-Translate ciphersuite names in Mbed TLS format to OpenSSL and GNUTLS
-standards.
+Translate standard ciphersuite names to GnuTLS, OpenSSL and Mbed TLS standards.
To test the translation functions run:
python3 -m unittest translate_cipher.py
@@ -36,124 +35,158 @@
"""
def test_translate_all_cipher_names(self):
"""
- Translate MbedTLS ciphersuite names to their OpenSSL and
- GnuTLS counterpart. Use only a small subset of ciphers
- that exercise each step of the translate functions
+ Translate standard ciphersuite names to GnuTLS, OpenSSL and
+ Mbed TLS counterpart. Use only a small subset of ciphers
+ that exercise each step of the translation functions
"""
ciphers = [
- ("TLS-ECDHE-ECDSA-WITH-NULL-SHA",
+ ("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
"+ECDHE-ECDSA:+NULL:+SHA1",
- "ECDHE-ECDSA-NULL-SHA"),
- ("TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256",
+ "ECDHE-ECDSA-NULL-SHA",
+ "TLS-ECDHE-ECDSA-WITH-NULL-SHA"),
+ ("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
- "ECDHE-ECDSA-AES128-GCM-SHA256"),
- ("TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA",
+ "ECDHE-ECDSA-AES128-GCM-SHA256",
+ "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"),
+ ("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
"+DHE-RSA:+3DES-CBC:+SHA1",
- "EDH-RSA-DES-CBC3-SHA"),
- ("TLS-RSA-WITH-AES-256-CBC-SHA",
+ "EDH-RSA-DES-CBC3-SHA",
+ "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"),
+ ("TLS_RSA_WITH_AES_256_CBC_SHA",
"+RSA:+AES-256-CBC:+SHA1",
- "AES256-SHA"),
- ("TLS-PSK-WITH-3DES-EDE-CBC-SHA",
+ "AES256-SHA",
+ "TLS-RSA-WITH-AES-256-CBC-SHA"),
+ ("TLS_PSK_WITH_3DES_EDE_CBC_SHA",
"+PSK:+3DES-CBC:+SHA1",
- "PSK-3DES-EDE-CBC-SHA"),
- ("TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256",
+ "PSK-3DES-EDE-CBC-SHA",
+ "TLS-PSK-WITH-3DES-EDE-CBC-SHA"),
+ ("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
None,
- "ECDHE-ECDSA-CHACHA20-POLY1305"),
- ("TLS-ECDHE-ECDSA-WITH-AES-128-CCM",
+ "ECDHE-ECDSA-CHACHA20-POLY1305",
+ "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"),
+ ("TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
"+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
- None),
- ("TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384",
None,
- "ECDHE-ARIA256-GCM-SHA384"),
+ "TLS-ECDHE-ECDSA-WITH-AES-128-CCM"),
+ ("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
+ None,
+ "ECDHE-ARIA256-GCM-SHA384",
+ "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384"),
]
- for m, g_exp, o_exp in ciphers:
+ for s, g_exp, o_exp, m_exp in ciphers:
if g_exp is not None:
- g = translate_gnutls(m)
+ g = translate_gnutls(s)
self.assertEqual(g, g_exp)
if o_exp is not None:
- o = translate_ossl(m)
+ o = translate_ossl(s)
self.assertEqual(o, o_exp)
-def translate_gnutls(m_cipher):
+ if m_exp is not None:
+ m = translate_mbedtls(s)
+ self.assertEqual(m, m_exp)
+
+def translate_gnutls(s_cipher):
"""
- Translate m_cipher from Mbed TLS ciphersuite naming convention
+ Translate s_cipher from standard ciphersuite naming convention
and return the GnuTLS naming convention
"""
- m_cipher = re.sub(r'\ATLS-', '+', m_cipher)
- m_cipher = m_cipher.replace("-WITH-", ":+")
- m_cipher = m_cipher.replace("-EDE", "")
+ # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
+ # naming convention
+ s_cipher = s_cipher.replace("_", "-")
+
+ s_cipher = re.sub(r'\ATLS-', '+', s_cipher)
+ s_cipher = s_cipher.replace("-WITH-", ":+")
+ s_cipher = s_cipher.replace("-EDE", "")
# SHA in Mbed TLS == SHA1 GnuTLS,
# if the last 3 chars are SHA append 1
- if m_cipher[-3:] == "SHA":
- m_cipher = m_cipher+"1"
+ if s_cipher[-3:] == "SHA":
+ s_cipher = s_cipher+"1"
# CCM or CCM-8 should be followed by ":+AEAD"
# Replace "GCM:+SHAxyz" with "GCM:+AEAD"
- if "CCM" in m_cipher or "GCM" in m_cipher:
- m_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", m_cipher)
- m_cipher = m_cipher+":+AEAD"
+ if "CCM" in s_cipher or "GCM" in s_cipher:
+ s_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", s_cipher)
+ s_cipher = s_cipher+":+AEAD"
# Replace the last "-" with ":+"
else:
- index = m_cipher.rindex("-")
- m_cipher = m_cipher[:index] + ":+" + m_cipher[index+1:]
+ index = s_cipher.rindex("-")
+ s_cipher = s_cipher[:index] + ":+" + s_cipher[index+1:]
- return m_cipher
+ return s_cipher
-def translate_ossl(m_cipher):
+def translate_ossl(s_cipher):
"""
- Translate m_cipher from Mbed TLS ciphersuite naming convention
+ Translate s_cipher from standard ciphersuite naming convention
and return the OpenSSL naming convention
"""
- m_cipher = re.sub(r'^TLS-', '', m_cipher)
- m_cipher = m_cipher.replace("-WITH", "")
+ # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
+ # naming convention
+ s_cipher = s_cipher.replace("_", "-")
+
+ s_cipher = re.sub(r'^TLS-', '', s_cipher)
+ s_cipher = s_cipher.replace("-WITH", "")
# Remove the "-" from "ABC-xyz"
- m_cipher = m_cipher.replace("AES-", "AES")
- m_cipher = m_cipher.replace("CAMELLIA-", "CAMELLIA")
- m_cipher = m_cipher.replace("ARIA-", "ARIA")
+ s_cipher = s_cipher.replace("AES-", "AES")
+ s_cipher = s_cipher.replace("CAMELLIA-", "CAMELLIA")
+ s_cipher = s_cipher.replace("ARIA-", "ARIA")
# Remove "RSA" if it is at the beginning
- m_cipher = re.sub(r'^RSA-', r'', m_cipher)
+ s_cipher = re.sub(r'^RSA-', r'', s_cipher)
# For all circumstances outside of PSK
- if "PSK" not in m_cipher:
- m_cipher = m_cipher.replace("-EDE", "")
- m_cipher = m_cipher.replace("3DES-CBC", "DES-CBC3")
+ if "PSK" not in s_cipher:
+ s_cipher = s_cipher.replace("-EDE", "")
+ s_cipher = s_cipher.replace("3DES-CBC", "DES-CBC3")
# Remove "CBC" if it is not prefixed by DES
- m_cipher = re.sub(r'(?<!DES-)CBC-', r'', m_cipher)
+ s_cipher = re.sub(r'(?<!DES-)CBC-', r'', s_cipher)
# ECDHE-RSA-ARIA does not exist in OpenSSL
- m_cipher = m_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
+ s_cipher = s_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
# POLY1305 should not be followed by anything
- if "POLY1305" in m_cipher:
- index = m_cipher.rindex("POLY1305")
- m_cipher = m_cipher[:index+8]
+ if "POLY1305" in s_cipher:
+ index = s_cipher.rindex("POLY1305")
+ s_cipher = s_cipher[:index+8]
# If DES is being used, Replace DHE with EDH
- if "DES" in m_cipher and "DHE" in m_cipher and "ECDHE" not in m_cipher:
- m_cipher = m_cipher.replace("DHE", "EDH")
+ if "DES" in s_cipher and "DHE" in s_cipher and "ECDHE" not in s_cipher:
+ s_cipher = s_cipher.replace("DHE", "EDH")
- return m_cipher
+ return s_cipher
+
+def translate_mbedtls(s_cipher):
+ """
+ Translate s_cipher from standard ciphersuite naming convention
+ and return Mbed TLS ciphersuite naming convention
+ """
+
+ # Replace "_" with "-"
+ s_cipher = s_cipher.replace("_", "-")
+
+ return s_cipher
def format_ciphersuite_names(mode, names):
- t = {"g": translate_gnutls, "o": translate_ossl}[mode]
- return " ".join(t(c) for c in names)
+ t = {"g": translate_gnutls,
+ "o": translate_ossl,
+ "m": translate_mbedtls
+ }[mode]
+ return " ".join(c + '=' + t(c) for c in names)
def main(target, names):
print(format_ciphersuite_names(target, names))
if __name__ == "__main__":
PARSER = argparse.ArgumentParser()
- PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g'])
+ PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g', 'm'])
PARSER.add_argument('names', metavar='NAMES', nargs='+')
ARGS = PARSER.parse_args()
main(ARGS.target, ARGS.names)
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c206283..37936fc 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -13312,4 +13312,9 @@
PASSES=$(( $TESTS - $FAILS ))
echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
+if [ $FAILS -gt 255 ]; then
+ # Clamp at 255 as caller gets exit code & 0xFF
+ # (so 256 would be 0, or success, etc)
+ FAILS=255
+fi
exit $FAILS
diff --git a/tests/suites/test_suite_alignment.function b/tests/suites/test_suite_alignment.function
index 6c98f23..f670331 100644
--- a/tests/suites/test_suite_alignment.function
+++ b/tests/suites/test_suite_alignment.function
@@ -6,7 +6,6 @@
#if defined(__clang__)
#pragma clang diagnostic ignored "-Wunreachable-code"
#endif
-#include <stdio.h>
/*
* Convert a string of the form "abcd" (case-insensitive) to a uint64_t.
diff --git a/tests/suites/test_suite_bignum_mod_raw.function b/tests/suites/test_suite_bignum_mod_raw.function
index 9310b0e..24ecba3 100644
--- a/tests/suites/test_suite_bignum_mod_raw.function
+++ b/tests/suites/test_suite_bignum_mod_raw.function
@@ -6,6 +6,8 @@
#include "constant_time_internal.h"
#include "test/constant_flow.h"
+#include "bignum_mod_raw_invasive.h"
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -338,6 +340,56 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void mpi_mod_raw_fix_quasi_reduction(char *input_N,
+ char *input_X,
+ char *result)
+{
+ mbedtls_mpi_uint *X = NULL;
+ mbedtls_mpi_uint *N = NULL;
+ mbedtls_mpi_uint *res = NULL;
+ mbedtls_mpi_uint *tmp = NULL;
+ size_t limbs_X;
+ size_t limbs_N;
+ size_t limbs_res;
+
+ mbedtls_mpi_mod_modulus m;
+ mbedtls_mpi_mod_modulus_init(&m);
+
+ TEST_EQUAL(mbedtls_test_read_mpi_core(&X, &limbs_X, input_X), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi_core(&N, &limbs_N, input_N), 0);
+ TEST_EQUAL(mbedtls_test_read_mpi_core(&res, &limbs_res, result), 0);
+
+ size_t limbs = limbs_N;
+ size_t bytes = limbs * sizeof(mbedtls_mpi_uint);
+
+ TEST_EQUAL(limbs_X, limbs);
+ TEST_EQUAL(limbs_res, limbs);
+
+ ASSERT_ALLOC(tmp, limbs);
+ memcpy(tmp, X, bytes);
+
+ /* Check that 0 <= X < 2N */
+ mbedtls_mpi_uint c = mbedtls_mpi_core_sub(tmp, X, N, limbs);
+ TEST_ASSERT(c || mbedtls_mpi_core_lt_ct(tmp, N, limbs));
+
+ TEST_EQUAL(mbedtls_mpi_mod_modulus_setup(
+ &m, N, limbs,
+ MBEDTLS_MPI_MOD_REP_MONTGOMERY), 0);
+
+ mbedtls_mpi_mod_raw_fix_quasi_reduction(X, &m);
+ ASSERT_COMPARE(X, bytes, res, bytes);
+
+exit:
+ mbedtls_free(X);
+ mbedtls_free(res);
+ mbedtls_free(tmp);
+
+ mbedtls_mpi_mod_modulus_free(&m);
+ mbedtls_free(N);
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void mpi_mod_raw_mul(char *input_A,
char *input_B,
diff --git a/tests/suites/test_suite_constant_time.data b/tests/suites/test_suite_constant_time.data
index 4504aa4..91a25fa 100644
--- a/tests/suites/test_suite_constant_time.data
+++ b/tests/suites/test_suite_constant_time.data
@@ -9,3 +9,129 @@
# we could get this with 255-bytes plaintext and untruncated SHA-384
Constant-flow memcpy from offset: large
ssl_cf_memcpy_offset:100:339:48
+
+mbedtls_ct_memcmp NULL
+mbedtls_ct_memcmp_null
+
+mbedtls_ct_memcmp len 1
+mbedtls_ct_memcmp:-1:1:0
+
+mbedtls_ct_memcmp len 3
+mbedtls_ct_memcmp:-1:3:0
+
+mbedtls_ct_memcmp len 4
+mbedtls_ct_memcmp:-1:4:0
+
+mbedtls_ct_memcmp len 5
+mbedtls_ct_memcmp:-1:5:0
+
+mbedtls_ct_memcmp len 15
+mbedtls_ct_memcmp:-1:15:0
+
+mbedtls_ct_memcmp len 16
+mbedtls_ct_memcmp:-1:16:0
+
+mbedtls_ct_memcmp len 17
+mbedtls_ct_memcmp:-1:17:0
+
+mbedtls_ct_memcmp len 1 different
+mbedtls_ct_memcmp:0:1:0
+
+mbedtls_ct_memcmp len 17 different
+mbedtls_ct_memcmp:0:17:0
+
+mbedtls_ct_memcmp len 17 different 1
+mbedtls_ct_memcmp:1:17:0
+
+mbedtls_ct_memcmp len 17 different 4
+mbedtls_ct_memcmp:4:17:0
+
+mbedtls_ct_memcmp len 17 different 10
+mbedtls_ct_memcmp:10:17:0
+
+mbedtls_ct_memcmp len 17 different 16
+mbedtls_ct_memcmp:16:17:0
+
+mbedtls_ct_memcmp len 1 offset 1 different
+mbedtls_ct_memcmp:0:1:1
+
+mbedtls_ct_memcmp len 17 offset 1 different
+mbedtls_ct_memcmp:0:17:1
+
+mbedtls_ct_memcmp len 17 offset 1 different 1
+mbedtls_ct_memcmp:1:17:1
+
+mbedtls_ct_memcmp len 17 offset 1 different 5
+mbedtls_ct_memcmp:5:17:1
+
+mbedtls_ct_memcmp len 1 offset 1
+mbedtls_ct_memcmp:-1:1:1
+
+mbedtls_ct_memcmp len 1 offset 2
+mbedtls_ct_memcmp:-1:1:2
+
+mbedtls_ct_memcmp len 1 offset 3
+mbedtls_ct_memcmp:-1:1:3
+
+mbedtls_ct_memcmp len 5 offset 1
+mbedtls_ct_memcmp:-1:5:1
+
+mbedtls_ct_memcmp len 5 offset 2
+mbedtls_ct_memcmp:-1:5:2
+
+mbedtls_ct_memcmp len 5 offset 3
+mbedtls_ct_memcmp:-1:5:3
+
+mbedtls_ct_memcmp len 17 offset 1
+mbedtls_ct_memcmp:-1:17:1
+
+mbedtls_ct_memcmp len 17 offset 2
+mbedtls_ct_memcmp:-1:17:2
+
+mbedtls_ct_memcmp len 17 offset 3
+mbedtls_ct_memcmp:-1:17:3
+
+mbedtls_ct_memcpy_if_eq len 1 offset 0
+mbedtls_ct_memcpy_if_eq:1:1:0
+
+mbedtls_ct_memcpy_if_eq len 1 offset 1
+mbedtls_ct_memcpy_if_eq:1:1:1
+
+mbedtls_ct_memcpy_if_eq len 4 offset 0
+mbedtls_ct_memcpy_if_eq:1:1:0
+
+mbedtls_ct_memcpy_if_eq len 4 offset 1
+mbedtls_ct_memcpy_if_eq:1:1:1
+
+mbedtls_ct_memcpy_if_eq len 4 offset 2
+mbedtls_ct_memcpy_if_eq:1:1:2
+
+mbedtls_ct_memcpy_if_eq len 4 offset 3
+mbedtls_ct_memcpy_if_eq:1:1:3
+
+mbedtls_ct_memcpy_if_eq len 15 offset 0
+mbedtls_ct_memcpy_if_eq:1:15:0
+
+mbedtls_ct_memcpy_if_eq len 15 offset 1
+mbedtls_ct_memcpy_if_eq:1:15:1
+
+mbedtls_ct_memcpy_if_eq len 16 offset 0
+mbedtls_ct_memcpy_if_eq:1:16:0
+
+mbedtls_ct_memcpy_if_eq len 16 offset 1
+mbedtls_ct_memcpy_if_eq:1:16:1
+
+mbedtls_ct_memcpy_if_eq len 17 offset 0
+mbedtls_ct_memcpy_if_eq:1:17:0
+
+mbedtls_ct_memcpy_if_eq len 17 offset 1
+mbedtls_ct_memcpy_if_eq:1:17:1
+
+mbedtls_ct_memcpy_if_eq len 0 not eq
+mbedtls_ct_memcpy_if_eq:0:17:0
+
+mbedtls_ct_memcpy_if_eq len 5 offset 1 not eq
+mbedtls_ct_memcpy_if_eq:0:5:1
+
+mbedtls_ct_memcpy_if_eq len 17 offset 3 not eq
+mbedtls_ct_memcpy_if_eq:0:17:3
diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function
index a40149a..14dc8ae 100644
--- a/tests/suites/test_suite_constant_time.function
+++ b/tests/suites/test_suite_constant_time.function
@@ -15,6 +15,108 @@
#include <test/constant_flow.h>
/* END_HEADER */
+/* BEGIN_CASE */
+void mbedtls_ct_memcmp_null()
+{
+ uint32_t x;
+ TEST_ASSERT(mbedtls_ct_memcmp(&x, NULL, 0) == 0);
+ TEST_ASSERT(mbedtls_ct_memcmp(NULL, &x, 0) == 0);
+ TEST_ASSERT(mbedtls_ct_memcmp(NULL, NULL, 0) == 0);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void mbedtls_ct_memcmp(int same, int size, int offset)
+{
+ uint8_t *a = NULL, *b = NULL;
+ ASSERT_ALLOC(a, size + offset);
+ ASSERT_ALLOC(b, size + offset);
+
+ TEST_CF_SECRET(a + offset, size);
+ TEST_CF_SECRET(b + offset, size);
+
+ /* Construct data that matches, if same == -1, otherwise
+ * same gives the number of bytes (after the initial offset)
+ * that will match; after that it will differ.
+ */
+ for (int i = 0; i < size + offset; i++) {
+ a[i] = i & 0xff;
+ if (same == -1 || (i - offset) < same) {
+ b[i] = a[i];
+ } else {
+ b[i] = (i + 1) & 0xff;
+ }
+ }
+
+ int reference = memcmp(a + offset, b + offset, size);
+ int actual = mbedtls_ct_memcmp(a + offset, b + offset, size);
+ TEST_CF_PUBLIC(a + offset, size);
+ TEST_CF_PUBLIC(b + offset, size);
+
+ if (same == -1 || same >= size) {
+ TEST_ASSERT(reference == 0);
+ TEST_ASSERT(actual == 0);
+ } else {
+ TEST_ASSERT(reference != 0);
+ TEST_ASSERT(actual != 0);
+ }
+exit:
+ mbedtls_free(a);
+ mbedtls_free(b);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_MAC */
+void mbedtls_ct_memcpy_if_eq(int eq, int size, int offset)
+{
+ uint8_t *src = NULL, *result = NULL, *expected = NULL;
+ ASSERT_ALLOC(src, size + offset);
+ ASSERT_ALLOC(result, size + offset);
+ ASSERT_ALLOC(expected, size + offset);
+
+ for (int i = 0; i < size + offset; i++) {
+ src[i] = 1;
+ result[i] = 0xff;
+ expected[i] = eq ? 1 : 0xff;
+ }
+
+ int one, secret_eq;
+ TEST_CF_SECRET(&one, sizeof(one));
+ TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
+ one = 1;
+ secret_eq = eq;
+
+ mbedtls_ct_memcpy_if_eq(result + offset, src, size, secret_eq, one);
+
+ TEST_CF_PUBLIC(&one, sizeof(one));
+ TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
+
+ ASSERT_COMPARE(expected, size, result + offset, size);
+
+ for (int i = 0; i < size + offset; i++) {
+ src[i] = 1;
+ result[i] = 0xff;
+ expected[i] = eq ? 1 : 0xff;
+ }
+
+ TEST_CF_SECRET(&one, sizeof(one));
+ TEST_CF_SECRET(&secret_eq, sizeof(secret_eq));
+ one = 1;
+ secret_eq = eq;
+
+ mbedtls_ct_memcpy_if_eq(result, src + offset, size, secret_eq, one);
+
+ TEST_CF_PUBLIC(&one, sizeof(one));
+ TEST_CF_PUBLIC(&secret_eq, sizeof(secret_eq));
+
+ ASSERT_COMPARE(expected, size, result, size);
+exit:
+ mbedtls_free(src);
+ mbedtls_free(result);
+ mbedtls_free(expected);
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
void ssl_cf_memcpy_offset(int offset_min, int offset_max, int len)
{
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 85c00eb..7d81608 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -284,7 +284,7 @@
}
TEST_EQUAL(test_offset_idx, expected_idx);
- /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
+ /* Call update with too much data (sizeof(entropy) > MAX(_SEED)_INPUT).
* Make sure it's detected as an error and doesn't cause memory
* corruption. */
TEST_ASSERT(mbedtls_ctr_drbg_update(
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 9311200..9a13793 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -1038,4 +1038,3 @@
ECP check order for CURVE448
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_check_order:MBEDTLS_ECP_DP_CURVE448:"3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3"
-
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 394253d..c8a0a82 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -811,7 +811,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ECDH_C:MBEDTLS_ECDSA_C */
+/* BEGIN_CASE */
void mbedtls_ecp_group_metadata(int id, int bit_size, int crv_type,
char *P, char *A, char *B,
char *G_x, char *G_y, char *N,
@@ -903,9 +903,13 @@
// Check curve type, and if it can be used for ECDH/ECDSA
TEST_EQUAL(mbedtls_ecp_get_type(&grp), crv_type);
+#if defined(MBEDTLS_ECDH_C)
TEST_EQUAL(mbedtls_ecdh_can_do(id), 1);
+#endif
+#if defined(MBEDTLS_ECDSA_C)
TEST_EQUAL(mbedtls_ecdsa_can_do(id),
crv_type == MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS);
+#endif
// Copy group and compare with original
TEST_EQUAL(mbedtls_ecp_group_copy(&grp_cpy, &grp), 0);
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 93f4101..df94d16 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -10,8 +10,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -19,7 +19,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -30,8 +30,8 @@
unsigned char src_str[100];
unsigned char output[20];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -39,7 +39,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 13b5162..67d3235 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -726,7 +726,7 @@
slen = sizeof(sig);
ret = mbedtls_pk_sign_restartable(&prv, md_alg, hash->x, hash->len,
- sig, sizeof sig, &slen,
+ sig, sizeof(sig), &slen,
mbedtls_test_rnd_std_rand, NULL,
&rs_ctx);
TEST_ASSERT(ret == MBEDTLS_ERR_ECP_IN_PROGRESS);
@@ -763,15 +763,15 @@
mbedtls_pk_init(&pk);
USE_PSA_INIT();
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
TEST_ASSERT(mbedtls_pk_sign_restartable(&pk, MBEDTLS_MD_SHA256,
hash, hash_len,
- sig, sizeof sig, &sig_len,
+ sig, sizeof(sig), &sig_len,
mbedtls_test_rnd_std_rand, NULL,
rs_ctx) == sign_ret);
if (sign_ret == 0) {
@@ -796,7 +796,7 @@
}
TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, hash_len,
- sig, sizeof sig, &sig_len,
+ sig, sizeof(sig), &sig_len,
mbedtls_test_rnd_std_rand,
NULL) == sign_ret);
if (sign_ret == 0) {
@@ -811,12 +811,12 @@
if (verify_ret == 0) {
hash[0]++;
TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len, rs_ctx) != 0);
+ hash, sizeof(hash), sig, sig_len, rs_ctx) != 0);
hash[0]--;
sig[0]++;
TEST_ASSERT(mbedtls_pk_verify_restartable(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len, rs_ctx) != 0);
+ hash, sizeof(hash), sig, sig_len, rs_ctx) != 0);
sig[0]--;
}
@@ -1068,8 +1068,8 @@
return;
}
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
mbedtls_pk_init(&pk);
@@ -1086,7 +1086,7 @@
sig, sig_len) == MBEDTLS_ERR_PK_BAD_INPUT_DATA);
TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_NONE, hash, hash_len,
- sig, sizeof sig, &sig_len,
+ sig, sizeof(sig), &sig_len,
mbedtls_test_rnd_std_rand, NULL)
== MBEDTLS_ERR_PK_BAD_INPUT_DATA);
@@ -1116,11 +1116,11 @@
mbedtls_rsa_init(&raw);
mbedtls_pk_init(&rsa); mbedtls_pk_init(&alt);
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
- memset(msg, 0x2a, sizeof msg);
- memset(ciph, 0, sizeof ciph);
- memset(test, 0, sizeof test);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
+ memset(msg, 0x2a, sizeof(msg));
+ memset(ciph, 0, sizeof(ciph));
+ memset(test, 0, sizeof(test));
/* Initialize PK RSA context with random key */
TEST_ASSERT(mbedtls_pk_setup(&rsa,
@@ -1145,34 +1145,34 @@
/* Test signature */
#if SIZE_MAX > UINT_MAX
TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX,
- sig, sizeof sig, &sig_len,
+ sig, sizeof(sig), &sig_len,
mbedtls_test_rnd_std_rand, NULL)
== MBEDTLS_ERR_PK_BAD_INPUT_DATA);
#endif /* SIZE_MAX > UINT_MAX */
- TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof hash,
- sig, sizeof sig, &sig_len,
+ TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof(hash),
+ sig, sizeof(sig), &sig_len,
mbedtls_test_rnd_std_rand, NULL)
== 0);
TEST_ASSERT(sig_len == RSA_KEY_LEN);
TEST_ASSERT(mbedtls_pk_verify(&rsa, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len) == 0);
+ hash, sizeof(hash), sig, sig_len) == 0);
/* Test decrypt */
- TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
+ TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof(msg),
+ ciph, &ciph_len, sizeof(ciph),
mbedtls_test_rnd_std_rand, NULL) == 0);
TEST_ASSERT(mbedtls_pk_decrypt(&alt, ciph, ciph_len,
- test, &test_len, sizeof test,
+ test, &test_len, sizeof(test),
mbedtls_test_rnd_std_rand, NULL) == 0);
- TEST_ASSERT(test_len == sizeof msg);
+ TEST_ASSERT(test_len == sizeof(msg));
TEST_ASSERT(memcmp(test, msg, test_len) == 0);
/* Test forbidden operations */
- TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
+ TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof(msg),
+ ciph, &ciph_len, sizeof(ciph),
mbedtls_test_rnd_std_rand, NULL) == ret);
TEST_ASSERT(mbedtls_pk_verify(&alt, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len) == ret);
+ hash, sizeof(hash), sig, sig_len) == ret);
TEST_ASSERT(mbedtls_pk_debug(&alt, dbg_items) == ret);
exit:
@@ -1260,11 +1260,11 @@
TEST_EQUAL(psa_get_key_lifetime(&attributes),
PSA_KEY_LIFETIME_VOLATILE);
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sizeof sig, &sig_len,
+ hash, sizeof(hash), sig, sizeof(sig), &sig_len,
NULL, NULL) == 0);
/* Export underlying public key for re-importing in a psa context. */
@@ -1285,7 +1285,7 @@
TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start,
klen_legacy) == 0);
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len) == 0);
+ hash, sizeof(hash), sig, sig_len) == 0);
exit:
/*
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 9ced77c..c356142 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -5080,6 +5080,22 @@
depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256
derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+PSA key derivation: TLS12_ECJPAKE_TO_PMS, good input, output too short
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_SUCCESS:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: TLS12_ECJPAKE_TO_PMS, input[0]=0x02
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"02aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS12_ECJPAKE_TO_PMS, input too short
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
+PSA key derivation: TLS12_ECJPAKE_TO_PMS, input too long
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
+
PSA key derivation over capacity: HKDF
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
derive_over_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256)
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index bf5f04e..bbd5017 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -118,6 +118,10 @@
depends_on:PSA_WANT_ALG_XTS:MBEDTLS_CIPHER_C
cipher_algorithm:PSA_ALG_XTS:0
+Cipher: CCM*
+depends_on:PSA_WANT_ALG_CCM_STAR_NO_TAG
+cipher_algorithm:PSA_ALG_CCM_STAR_NO_TAG:ALG_IS_STREAM_CIPHER
+
AEAD: CCM-AES-128
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM
aead_algorithm:PSA_ALG_CCM:ALG_IS_AEAD_ON_BLOCK_CIPHER:16:PSA_KEY_TYPE_AES:128
@@ -286,6 +290,10 @@
depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_384
key_derivation_algorithm:PSA_ALG_HKDF_EXPAND( PSA_ALG_SHA_384 ):ALG_IS_HKDF_EXPAND
+Key derivation: TLS1.2 ECJPAKE-to-PMS
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+key_derivation_algorithm:PSA_ALG_TLS12_ECJPAKE_TO_PMS:0
+
Key derivation: TLS 1.2 PRF using SHA-256
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
key_derivation_algorithm:PSA_ALG_TLS12_PRF( PSA_ALG_SHA_256 ):ALG_IS_TLS12_PRF
@@ -339,6 +347,12 @@
Key type: secret for key derivation
key_type:PSA_KEY_TYPE_DERIVE:KEY_TYPE_IS_UNSTRUCTURED
+Key type: password
+key_type:PSA_KEY_TYPE_PASSWORD:KEY_TYPE_IS_UNSTRUCTURED
+
+Key type: password hash
+key_type:PSA_KEY_TYPE_PASSWORD_HASH:KEY_TYPE_IS_UNSTRUCTURED
+
Block cipher key type: AES
depends_on:PSA_WANT_KEY_TYPE_AES
block_cipher_key_type:PSA_KEY_TYPE_AES:16
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.data b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
index 2bcf4e4..22b0570 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.data
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.data
@@ -178,25 +178,25 @@
register_key_smoke_test:TEST_SE_PERSISTENT_LIFETIME:7:PSA_KEY_ID_VOLATILE_MAX:1:PSA_ERROR_INVALID_ARGUMENT
Import-sign-verify: sign in driver, ECDSA
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
Import-sign-verify: sign in driver then export_public, ECDSA
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
Import-sign-verify: sign in software, ECDSA
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:0:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
Generate-sign-verify: sign in driver, ECDSA
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
sign_verify:SIGN_IN_DRIVER_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
Generate-sign-verify: sign in driver then export_public, ECDSA
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
sign_verify:SIGN_IN_DRIVER_THEN_EXPORT_PUBLIC:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
Generate-sign-verify: sign in software, ECDSA
-depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_ECC_SECP_R1_256
sign_verify:SIGN_IN_SOFTWARE_AND_PARALLEL_CREATION:PSA_KEY_TYPE_ECC_KEY_PAIR( PSA_ECC_FAMILY_SECP_R1 ):PSA_ALG_ECDSA_ANY:256:"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":"54686973206973206e6f74206120686173682e"
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 3059e7f..1848c17 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -114,58 +114,59 @@
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1
Test moving clients handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving clients handshake to state: SERVER_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_REQUEST
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving clients handshake to state: SERVER_HELLO_DONE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving clients handshake to state: CLIENT_CERTIFICATE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving clients handshake to state: CLIENT_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving clients handshake to state: CERTIFICATE_VERIFY
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: CLIENT_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving clients handshake to state: SERVER_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving clients handshake to state: FLUSH_BUFFERS
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving clients handshake to state: HANDSHAKE_WRAPUP
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving clients handshake to state: HANDSHAKE_OVER
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1
Test moving servers handshake to state: HELLO_REQUEST
@@ -175,61 +176,63 @@
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1
Test moving servers handshake to state: SERVER_HELLO
+depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1
Test moving servers handshake to state: SERVER_CERTIFICATE
+depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1
Test moving servers handshake to state: SERVER_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_REQUEST
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
Test moving servers handshake to state: SERVER_HELLO_DONE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1
Test moving servers handshake to state: CLIENT_CERTIFICATE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
Test moving servers handshake to state: CLIENT_KEY_EXCHANGE
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
Test moving servers handshake to state: CERTIFICATE_VERIFY
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: CLIENT_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1
Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
Test moving servers handshake to state: SERVER_FINISHED
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1
Test moving servers handshake to state: FLUSH_BUFFERS
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1
Test moving servers handshake to state: HANDSHAKE_WRAPUP
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
Test moving servers handshake to state: HANDSHAKE_OVER
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1
Negative test moving clients ssl to state: VERIFY_REQUEST_SENT
@@ -257,7 +260,7 @@
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1
Handshake, tls1_2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
Handshake, tls1_3
@@ -289,7 +292,7 @@
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
DTLS Handshake, tls1_2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
@@ -329,7 +332,7 @@
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
Handshake min/max version check, all -> 1.2
-depends_on:MBEDTLS_SSL_PROTO_TLS1_2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_2
Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque
@@ -654,99 +657,99 @@
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
DTLS no legacy renegotiation with MFL=512, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=512, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy allow renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=512, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=1024, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=2048, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS legacy break handshake renegotiation with MFL=4096, RSA-WITH-AES-128-CCM
-depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C
+depends_on:MBEDTLS_CCM_C:MBEDTLS_AES_C:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-RSA-WITH-AES-128-CCM"
DTLS no legacy renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS no legacy renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS no legacy renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS no legacy renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy allow renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_512:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_1024:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=2048, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_2048:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
DTLS legacy break handshake renegotiation with MFL=4096, DHE-RSA-WITH-AES-256-CBC-SHA256
-depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
resize_buffers_renegotiate_mfl:MBEDTLS_SSL_MAX_FRAG_LEN_4096:MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
SSL DTLS replay: initial state, seqnum 0
@@ -3509,11 +3512,11 @@
cid_sanity:
Raw key agreement: nominal
-depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
raw_key_agreement_fail:0
Raw key agreement: bad server key
-depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
raw_key_agreement_fail:1
Force a bad session id length
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 15ec5be..1d182e0 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -17,6 +17,11 @@
#include <constant_time_internal.h>
#include <test/constant_flow.h>
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
+#endif
enum {
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
tls13_label_ ## name,
@@ -5018,7 +5023,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_version(int dtls, int client_min_version, int client_max_version,
int server_min_version, int server_max_version,
int expected_negotiated_version)
@@ -5129,7 +5134,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -5141,7 +5146,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -5153,7 +5158,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_serialization()
{
handshake_test_options options;
@@ -5169,7 +5174,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
void handshake_fragmentation(int mfl,
int expected_srv_hs_fragmentation,
int expected_cli_hs_fragmentation)
@@ -5208,7 +5213,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void renegotiation(int legacy_renegotiation)
{
handshake_test_options options;
@@ -5251,7 +5256,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_serialize_mfl(int mfl)
{
test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -5262,7 +5267,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
char *cipher)
{
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 5d896bf..b522c1a 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1217,9 +1217,9 @@
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
- ret = mbedtls_snprintf(file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
+ ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir,
nb_int + 1);
- TEST_ASSERT(ret > 0 && (size_t) ret < sizeof file_buf);
+ TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf));
TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0);
/* Try to verify that chain */
@@ -1312,13 +1312,13 @@
mbedtls_x509_buf oid;
char num_buf[100];
- memset(num_buf, 0x2a, sizeof num_buf);
+ memset(num_buf, 0x2a, sizeof(num_buf));
oid.tag = MBEDTLS_ASN1_OID;
oid.p = oid_buf->x;
oid.len = oid_buf->len;
- TEST_ASSERT((size_t) blen <= sizeof num_buf);
+ TEST_ASSERT((size_t) blen <= sizeof(num_buf));
TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret);
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index c55c9d1..885ba00 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -60,95 +60,107 @@
Certificate write check Server1 SHA1
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, not before 1970
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, not after 2050
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, not before 1970, not after 2050
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, not before 2050, not after 2059
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, one ext_key_usage
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"serverAuth":0:0:1:-1:"data_files/server1.key_ext_usage.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, two ext_key_usages
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:"codeSigning,timeStamping":0:0:1:-1:"data_files/server1.key_ext_usages.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, CA
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":0:1:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, key_usage
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, version 1
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, RSA_ALT, CA
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.crt":2:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque, key_usage
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"data_files/server1.key_usage.crt":2:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque, ns_cert_type
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":2:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque, version 1
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":2:0:"data_files/test-ca.crt"
Certificate write check Server1 SHA1, Opaque, CA
depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt"
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.ca.crt":2:1:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Full length serial
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"112233445566778899aabbccddeeff0011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial.crt":0:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, Serial starting with 0x80
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"8011223344":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.80serial.crt":0:0:"data_files/test-ca.crt"
+
+Certificate write check Server1 SHA1, All 0xFF full length serial
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA
+x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"data_files/server1.long_serial_FF.crt":0:0:"data_files/test-ca.crt"
Certificate write check Server5 ECDSA
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt"
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"data_files/server5.crt":0:0:"data_files/test-ca2.crt"
Certificate write check Server5 ECDSA, Opaque
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_USE_PSA_CRYPTO
-x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt"
+x509_crt_check:"data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"data_files/test-ca2.crt"
X509 String to Names #1
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark\, Inc., OU=PolarSSL":0
@@ -167,3 +179,6 @@
X509 String to Names #6 (Escape at end)
mbedtls_x509_string_to_names:"C=NL, O=Offspark\":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+Check max serial length
+x509_set_serial_check:
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index a21ad47..056d26a 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -300,7 +300,7 @@
void x509_crt_check(char *subject_key_file, char *subject_pwd,
char *subject_name, char *issuer_key_file,
char *issuer_pwd, char *issuer_name,
- char *serial_str, char *not_before, char *not_after,
+ data_t *serial_arg, char *not_before, char *not_after,
int md_type, int key_usage, int set_key_usage,
char *ext_key_usage,
int cert_type, int set_cert_type, int auth_ident,
@@ -315,7 +315,9 @@
unsigned char check_buf[5000];
unsigned char *p, *end;
unsigned char tag, sz;
- mbedtls_mpi serial;
+#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi serial_mpi;
+#endif
int ret, before_tag, after_tag;
size_t olen = 0, pem_len = 0, buf_index = 0;
int der_len = -1;
@@ -327,7 +329,9 @@
mbedtls_pk_type_t issuer_key_type;
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
- mbedtls_mpi_init(&serial);
+#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi_init(&serial_mpi);
+#endif
USE_PSA_INIT();
@@ -345,7 +349,7 @@
issuer_key_type = mbedtls_pk_get_type(&issuer_key);
-#if defined(MBEDTLS_RSA_C)
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* For RSA PK contexts, create a copy as an alternative RSA context. */
if (pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA) {
TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&issuer_key_alt,
@@ -384,13 +388,18 @@
TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE);
}
- TEST_ASSERT(mbedtls_test_read_mpi(&serial, serial_str) == 0);
-
if (ver != -1) {
mbedtls_x509write_crt_set_version(&crt, ver);
}
- TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial) == 0);
+#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
+ TEST_ASSERT(mbedtls_mpi_read_binary(&serial_mpi, serial_arg->x,
+ serial_arg->len) == 0);
+ TEST_ASSERT(mbedtls_x509write_crt_set_serial(&crt, &serial_mpi) == 0);
+#else
+ TEST_ASSERT(mbedtls_x509write_crt_set_serial_raw(&crt, serial_arg->x,
+ serial_arg->len) == 0);
+#endif
TEST_ASSERT(mbedtls_x509write_crt_set_validity(&crt, not_before,
not_after) == 0);
mbedtls_x509write_crt_set_md_alg(&crt, md_type);
@@ -549,7 +558,9 @@
mbedtls_pk_free(&issuer_key_alt);
mbedtls_pk_free(&subject_key);
mbedtls_pk_free(&issuer_key);
- mbedtls_mpi_free(&serial);
+#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi_free(&serial_mpi);
+#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_destroy_key(key_id);
#endif
@@ -557,6 +568,37 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_WRITE_C */
+void x509_set_serial_check()
+{
+ mbedtls_x509write_cert ctx;
+ uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1];
+
+ memset(invalid_serial, 0x01, sizeof(invalid_serial));
+
+#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi serial_mpi;
+
+ mbedtls_mpi_init(&serial_mpi);
+ TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial,
+ sizeof(invalid_serial)), 0);
+ TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi),
+ MBEDTLS_ERR_X509_BAD_INPUT_DATA);
+#endif
+
+ TEST_EQUAL(mbedtls_x509write_crt_set_serial_raw(&ctx, invalid_serial,
+ sizeof(invalid_serial)),
+ MBEDTLS_ERR_X509_BAD_INPUT_DATA);
+
+exit:
+#if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
+ mbedtls_mpi_free(&serial_mpi);
+#else
+ ;
+#endif
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result
)
diff --git a/visualc/VS2010/.gitignore b/visualc/VS2013/.gitignore
similarity index 100%
rename from visualc/VS2010/.gitignore
rename to visualc/VS2013/.gitignore