Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code
Fix error code when creating/registering a key with invalid id
diff --git a/.github/issue_template.md b/.github/issue_template.md
index 18b87fc..370066f 100644
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -1,7 +1,17 @@
-Note: This is just a template, so feel free to use/remove the unnecessary things
+_Note:_ this is a template, please remove the parts that are not
+applicable (these initial notes, and the "Bug" section for a Feature request
+and vice-versa).
+**Note:** to report a security vulnerability, see
+[SECURITY.md](../SECURITY.md). Please do not use github issues for
+vulnerabilities.
+
+_Note:_ to get support, see [SUPPORT.md](../SUPPORT.md). Please do not use
+github issues for questions.
+
+---------------------------------------------------------------
### Description
-- Type: Bug | Enhancement\Feature Request
+- Type: Bug | Enhancement / Feature Request
- Priority: Blocker | Major | Minor
---------------------------------------------------------------
@@ -28,14 +38,9 @@
**Steps to reproduce**
----------------------------------------------------------------
-## Enhancement\Feature Request
-
-**Justification - why does the library need this feature?**
+## Enhancement / Feature Request
**Suggested enhancement**
------------------------------------------------------------------
+**Justification - why does the library need this feature?**
-## Question
-
-**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb). If you can't find the answer you're looking for then please use the [Mbed TLS mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls)**
diff --git a/BRANCHES.md b/BRANCHES.md
new file mode 100644
index 0000000..d514418
--- /dev/null
+++ b/BRANCHES.md
@@ -0,0 +1,55 @@
+# Maintained branches
+
+At any point in time, we have a number of maintained branches consisting of:
+
+- The [`master`](https://github.com/ARMmbed/mbedtls/tree/master) branch:
+ this always contains the latest release, including all publicly available
+ security fixes.
+- The [`development`](https://github.com/ARMmbed/mbedtls/tree/development) branch:
+ this is where new features land,
+ as well as bug fixes and security fixes.
+- One or more long-time support (LTS) branches:
+ these only get bug fixes and security fixes.
+
+We use [Semantic Versioning](https://semver.org/). In particular, we maintain
+API compatibility in the `master` branch between major version changes. We
+also maintain ABI compatibility within LTS branches; see the next section for
+details.
+
+## Backwards Compatibility
+
+We maintain API compatibility in released versions of Mbed TLS. If you have
+code that's working and secure with Mbed TLS x.y.z and does not rely on
+undocumented features, then you should be able to re-compile it without
+modification with any later release x.y'.z' with the same major version
+number, and your code will still build, be secure, and work.
+
+There are rare exceptions: code that was relying on something that became
+insecure in the meantime (for example, crypto that was found to be weak) may
+need to be changed. In case security comes in conflict with backwards
+compatibility, we will put security first, but always attempt to provide a
+compatibility option.
+
+For the LTS branches, additionally we try very hard to also maintain ABI
+compatibility (same definition as API except with re-linking instead of
+re-compiling) and to avoid any increase in code size or RAM usage, or in the
+minimum version of tools needed to build the code. The only exception, as
+before, is in case those goals would conflict with fixing a security issue, we
+will put security first but provide a compatibility option. (So far we never
+had to break ABI compatibility in an LTS branch, but we occasionally had to
+increase code size for a security fix.)
+
+For contributors, see the [Backwards Compatibility section of
+CONTRIBUTING](CONTRIBUTING.md#cackwords-compatibility).
+
+## Current Branches
+
+The following branches are currently maintained:
+
+- [master](https://github.com/ARMmbed/mbedtls/tree/master)
+- [`development`](https://github.com/ARMmbed/mbedtls/)
+- [`mbedtls-2.16`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
+ maintained until at least the end of 2021, see
+ <https://tls.mbed.org/tech-updates/blog/announcing-lts-branch-mbedtls-2.16>
+
+Users are urged to always use the latest version of a maintained branch.
diff --git a/BUGS.md b/BUGS.md
new file mode 100644
index 0000000..e8705ff
--- /dev/null
+++ b/BUGS.md
@@ -0,0 +1,20 @@
+## Known issues
+
+Known issues in Mbed TLS are [tracked on GitHub](https://github.com/ARMmbed/mbedtls/issues).
+
+## Reporting a bug
+
+If you think you've found a bug in Mbed TLS, please follow these steps:
+
+1. Make sure you're using the latest version of a
+ [maintained branch](BRANCHES.md): `master`, `development`,
+ or a long-time support branch.
+2. Check [GitHub](https://github.com/ARMmbed/mbedtls/issues) to see if
+ your issue has already been reported. If not, …
+3. If the issue is a security risk (for example: buffer overflow,
+ data leak), please report it confidentially as described in
+ [`SECURITY.md`](SECURITY.md). If not, …
+4. Please [create an issue on on GitHub](https://github.com/ARMmbed/mbedtls/issues).
+
+Please do not use GitHub for support questions. If you want to know
+how to do something with Mbed TLS, please see [`SUPPORT.md`](SUPPORT.md) for available documentation and support channels.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 9b02ba5..b3a9547 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -22,9 +22,10 @@
1. All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible.
1. Ensure that each commit has at least one `Signed-off-by:` line from the committer. If anyone else contributes to the commit, they should also add their own `Signed-off-by:` line. By adding this line, contributor(s) certify that the contribution is made under the terms of the [Developer Certificate of Origin](dco.txt). The contribution licensing is described in the [License section of the README](README.md#License).
-API/ABI Compatibility
----------------------
-The project aims to minimise the impact on users upgrading to newer versions of the library and it should not be necessary for a user to make any changes to their own code to work with a newer version of the library. Unless the user has made an active decision to use newer features, a newer generation of the library or a change has been necessary due to a security issue or other significant software defect, no modifications to their own code should be necessary. To achieve this, API compatibility is maintained between different versions of Mbed TLS on the main development branch and in LTS (Long Term Support) branches.
+Backwards Compatibility
+-----------------------
+
+The project aims to minimise the impact on users upgrading to newer versions of the library and it should not be necessary for a user to make any changes to their own code to work with a newer version of the library. Unless the user has made an active decision to use newer features, a newer generation of the library or a change has been necessary due to a security issue or other significant software defect, no modifications to their own code should be necessary. To achieve this, API compatibility is maintained between different versions of Mbed TLS on the main development branch and in LTS (Long Term Support) branches, as described in [BRANCHES.md](BRANCHES.md).
To minimise such disruption to users, where a change to the interface is required, all changes to the ABI or API, even on the main development branch where new features are added, need to be justifiable by either being a significant enhancement, new feature or bug fix which is best resolved by an interface change.
@@ -48,6 +49,9 @@
It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
+The list of maintained branches can be found in the [Current Branches section
+of BRANCHES.md](BRANCHES.md#current-branches).
+
Currently maintained LTS branches are:
1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
diff --git a/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt b/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt
new file mode 100644
index 0000000..dc6996e
--- /dev/null
+++ b/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
+ rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
+ in line with version 1.0.0 of the specification. Fix #4162.
diff --git a/README.md b/README.md
index ac2a6ab..759ffb5 100644
--- a/README.md
+++ b/README.md
@@ -25,6 +25,8 @@
1. Run `make apidoc`.
1. Browse `apidoc/index.html` or `apidoc/modules.html`.
+For other sources of documentation, see the [SUPPORT](SUPPORT.md) document.
+
Compiling
---------
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..bd18f6c
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,20 @@
+## Reporting Vulneratibilities
+
+If you think you have found an Mbed TLS security vulnerability, then please
+send an email to the security team at
+<mbed-tls-security@lists.trustedfirmware.org>.
+
+## Security Incident Handling Process
+
+Our security process is detailled in our
+[security
+center](https://developer.trustedfirmware.org/w/mbed-tls/security-center/).
+
+Its primary goal is to ensure fixes are ready to be deployed when the issue
+goes public.
+
+## Maintained branches
+
+Only the maintained branches, as listed in [`BRANCHES.md`](BRANCHES.md),
+get security fixes.
+Users are urged to always use the latest version of a maintained branch.
diff --git a/SUPPORT.md b/SUPPORT.md
new file mode 100644
index 0000000..1bc0695
--- /dev/null
+++ b/SUPPORT.md
@@ -0,0 +1,15 @@
+## Documentation
+
+Here are some useful sources of information about using Mbed TLS:
+
+- API documentation, see the [Documentation section of the
+ README](README.md#License);
+- the `docs` directory in the source tree;
+- the [Mbed TLS knowledge Base](https://tls.mbed.org/kb);
+- the [Mbed TLS mailing-list
+ archives](https://lists.trustedfirmware.org/pipermail/mbed-tls/).
+
+## Asking Questions
+
+If you can't find your answer in the above sources, please use the [Mbed TLS
+mailing list](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls).
diff --git a/library/bignum.c b/library/bignum.c
index e74a1ad..56d7dbe 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1339,29 +1339,32 @@
/**
* Helper for mbedtls_mpi subtraction.
*
- * Calculate d - s where d and s have the same size.
+ * Calculate l - r where l and r have the same size.
* This function operates modulo (2^ciL)^n and returns the carry
- * (1 if there was a wraparound, i.e. if `d < s`, and 0 otherwise).
+ * (1 if there was a wraparound, i.e. if `l < r`, and 0 otherwise).
*
- * \param n Number of limbs of \p d and \p s.
- * \param[in,out] d On input, the left operand.
- * On output, the result of the subtraction:
- * \param[in] s The right operand.
+ * d may be aliased to l or r.
*
- * \return 1 if `d < s`.
- * 0 if `d >= s`.
+ * \param n Number of limbs of \p d, \p l and \p r.
+ * \param[out] d The result of the subtraction.
+ * \param[in] l The left operand.
+ * \param[in] r The right operand.
+ *
+ * \return 1 if `l < r`.
+ * 0 if `l >= r`.
*/
static mbedtls_mpi_uint mpi_sub_hlp( size_t n,
mbedtls_mpi_uint *d,
- const mbedtls_mpi_uint *s )
+ const mbedtls_mpi_uint *l,
+ const mbedtls_mpi_uint *r )
{
size_t i;
- mbedtls_mpi_uint c, z;
+ mbedtls_mpi_uint c = 0, t, z;
- for( i = c = 0; i < n; i++, s++, d++ )
+ for( i = 0; i < n; i++ )
{
- z = ( *d < c ); *d -= c;
- c = ( *d < *s ) + z; *d -= *s;
+ z = ( l[i] < c ); t = l[i] - c;
+ c = ( t < r[i] ) + z; d[i] = t - r[i];
}
return( c );
@@ -1372,7 +1375,6 @@
*/
int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B )
{
- mbedtls_mpi TB;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
mbedtls_mpi_uint carry;
@@ -1380,24 +1382,6 @@
MPI_VALIDATE_RET( A != NULL );
MPI_VALIDATE_RET( B != NULL );
- mbedtls_mpi_init( &TB );
-
- if( X == B )
- {
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &TB, B ) );
- B = &TB;
- }
-
- if( X != A )
- MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
-
- /*
- * X should always be positive as a result of unsigned subtractions.
- */
- X->s = 1;
-
- ret = 0;
-
for( n = B->n; n > 0; n-- )
if( B->p[n - 1] != 0 )
break;
@@ -1408,7 +1392,17 @@
goto cleanup;
}
- carry = mpi_sub_hlp( n, X->p, B->p );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, A->n ) );
+
+ /* Set the high limbs of X to match A. Don't touch the lower limbs
+ * because X might be aliased to B, and we must not overwrite the
+ * significant digits of B. */
+ if( A->n > n )
+ memcpy( X->p + n, A->p + n, ( A->n - n ) * ciL );
+ if( X->n > A->n )
+ memset( X->p + A->n, 0, ( X->n - A->n ) * ciL );
+
+ carry = mpi_sub_hlp( n, X->p, A->p, B->p );
if( carry != 0 )
{
/* Propagate the carry to the first nonzero limb of X. */
@@ -1424,10 +1418,10 @@
--X->p[n];
}
+ /* X should always be positive as a result of unsigned subtractions. */
+ X->s = 1;
+
cleanup:
-
- mbedtls_mpi_free( &TB );
-
return( ret );
}
@@ -1537,8 +1531,21 @@
return( mbedtls_mpi_sub_mpi( X, A, &_B ) );
}
-/*
- * Helper for mbedtls_mpi multiplication
+/** Helper for mbedtls_mpi multiplication.
+ *
+ * Add \p b * \p s to \p d.
+ *
+ * \param i The number of limbs of \p s.
+ * \param[in] s A bignum to multiply, of size \p i.
+ * It may overlap with \p d, but only if
+ * \p d <= \p s.
+ * Its leading limb must not be \c 0.
+ * \param[in,out] d The bignum to add to.
+ * It must be sufficiently large to store the
+ * result of the multiplication. This means
+ * \p i + 1 limbs if \p d[\p i - 1] started as 0 and \p b
+ * is not known a priori.
+ * \param b A scalar to multiply.
*/
static
#if defined(__APPLE__) && defined(__arm__)
@@ -1548,7 +1555,10 @@
*/
__attribute__ ((noinline))
#endif
-void mpi_mul_hlp( size_t i, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d, mbedtls_mpi_uint b )
+void mpi_mul_hlp( size_t i,
+ const mbedtls_mpi_uint *s,
+ mbedtls_mpi_uint *d,
+ mbedtls_mpi_uint b )
{
mbedtls_mpi_uint c = 0, t = 0;
@@ -1603,10 +1613,10 @@
t++;
- do {
+ while( c != 0 )
+ {
*d += c; c = ( *d < c ); d++;
}
- while( c != 0 );
}
/*
@@ -1654,17 +1664,38 @@
*/
int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b )
{
- mbedtls_mpi _B;
- mbedtls_mpi_uint p[1];
MPI_VALIDATE_RET( X != NULL );
MPI_VALIDATE_RET( A != NULL );
- _B.s = 1;
- _B.n = 1;
- _B.p = p;
- p[0] = b;
+ /* mpi_mul_hlp can't deal with a leading 0. */
+ size_t n = A->n;
+ while( n > 0 && A->p[n - 1] == 0 )
+ --n;
- return( mbedtls_mpi_mul_mpi( X, A, &_B ) );
+ /* The general method below doesn't work if n==0 or b==0. By chance
+ * calculating the result is trivial in those cases. */
+ if( b == 0 || n == 0 )
+ {
+ mbedtls_mpi_lset( X, 0 );
+ return( 0 );
+ }
+
+ /* Calculate A*b as A + A*(b-1) to take advantage of mpi_mul_hlp */
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ /* In general, A * b requires 1 limb more than b. If
+ * A->p[n - 1] * b / b == A->p[n - 1], then A * b fits in the same
+ * number of limbs as A and the call to grow() is not required since
+ * copy() will take care of the growth if needed. However, experimentally,
+ * making the call to grow() unconditional causes slightly fewer
+ * calls to calloc() in ECP code, presumably because it reuses the
+ * same mpi for a while and this way the mpi is more likely to directly
+ * grow to its final size. */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( X, n + 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, A ) );
+ mpi_mul_hlp( n, A->p, X->p, b - 1 );
+
+cleanup:
+ return( ret );
}
/*
@@ -1805,7 +1836,7 @@
MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &Z, A->n + 2 ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &Z, 0 ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, 2 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &T1, A->n + 2 ) );
k = mbedtls_mpi_bitlen( &Y ) % biL;
if( k < biL - 1 )
@@ -2071,7 +2102,7 @@
* do the calculation without using conditional tests. */
/* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */
d[n] += 1;
- d[n] -= mpi_sub_hlp( n, d, N->p );
+ d[n] -= mpi_sub_hlp( n, d, d, N->p );
/* If d0 < N then d < (2^biL)^n
* so d[n] == 0 and we want to keep A as it is.
* If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 839fb5e..962d5af 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -1000,25 +1000,20 @@
#define ADD( j ) add32( &cur, A( j ), &c );
#define SUB( j ) sub32( &cur, A( j ), &c );
+#define ciL (sizeof(mbedtls_mpi_uint)) /* chars in limb */
+#define biL (ciL << 3) /* bits in limb */
+
/*
* Helpers for the main 'loop'
- * (see fix_negative for the motivation of C)
*/
#define INIT( b ) \
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; \
signed char c = 0, cc; \
uint32_t cur; \
size_t i = 0, bits = (b); \
- mbedtls_mpi C; \
- mbedtls_mpi_uint Cp[ (b) / 8 / sizeof( mbedtls_mpi_uint) + 1 ]; \
- \
- C.s = 1; \
- C.n = (b) / 8 / sizeof( mbedtls_mpi_uint) + 1; \
- C.p = Cp; \
- memset( Cp, 0, C.n * sizeof( mbedtls_mpi_uint ) ); \
- \
- MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, (b) * 2 / 8 / \
- sizeof( mbedtls_mpi_uint ) ) ); \
+ /* N is the size of the product of two b-bit numbers, plus one */ \
+ /* limb for fix_negative */ \
+ MBEDTLS_MPI_CHK( mbedtls_mpi_grow( N, ( b ) * 2 / biL + 1 ) ); \
LOAD32;
#define NEXT \
@@ -1033,33 +1028,32 @@
STORE32; i++; \
cur = c > 0 ? c : 0; STORE32; \
cur = 0; while( ++i < MAX32 ) { STORE32; } \
- if( c < 0 ) MBEDTLS_MPI_CHK( fix_negative( N, c, &C, bits ) );
+ if( c < 0 ) fix_negative( N, c, bits );
/*
* If the result is negative, we get it in the form
* c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
*/
-static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits )
+static inline void fix_negative( mbedtls_mpi *N, signed char c, size_t bits )
{
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ size_t i;
- /* C = - c * 2^(bits + 32) */
-#if !defined(MBEDTLS_HAVE_INT64)
- ((void) bits);
-#else
- if( bits == 224 )
- C->p[ C->n - 1 ] = ((mbedtls_mpi_uint) -c) << 32;
- else
-#endif
- C->p[ C->n - 1 ] = (mbedtls_mpi_uint) -c;
-
- /* N = - ( C - N ) */
- MBEDTLS_MPI_CHK( mbedtls_mpi_sub_abs( N, C, N ) );
+ /* Set N := N - 2^bits */
+ --N->p[0];
+ for( i = 0; i <= bits / 8 / sizeof( mbedtls_mpi_uint ); i++ )
+ {
+ N->p[i] = ~(mbedtls_mpi_uint)0 - N->p[i];
+ }
N->s = -1;
-cleanup:
-
- return( ret );
+ /* Add |c| * 2^(bits + 32) to the absolute value. Since c and N are
+ * negative, this adds c * 2^(bits + 32). */
+ mbedtls_mpi_uint msw = (mbedtls_mpi_uint) -c;
+#if defined(MBEDTLS_HAVE_INT64)
+ if( bits == 224 )
+ msw <<= 32;
+#endif
+ N->p[bits / 8 / sizeof( mbedtls_mpi_uint)] += msw;
}
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index f8e2276..cf07a36 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -303,13 +303,15 @@
status = psa_load_persistent_key_into_slot( *p_slot );
if( status != PSA_SUCCESS )
+ {
psa_wipe_key_slot( *p_slot );
-
+ if( status == PSA_ERROR_DOES_NOT_EXIST )
+ status = PSA_ERROR_INVALID_HANDLE;
+ }
return( status );
#else
- return( PSA_ERROR_DOES_NOT_EXIST );
+ return( PSA_ERROR_INVALID_HANDLE );
#endif /* defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) */
-
}
psa_status_t psa_unlock_key_slot( psa_key_slot_t *slot )
@@ -397,6 +399,9 @@
if( status != PSA_SUCCESS )
{
*handle = PSA_KEY_HANDLE_INIT;
+ if( status == PSA_ERROR_INVALID_HANDLE )
+ status = PSA_ERROR_DOES_NOT_EXIST;
+
return( status );
}
@@ -421,8 +426,12 @@
status = psa_get_and_lock_key_slot_in_memory( handle, &slot );
if( status != PSA_SUCCESS )
- return( status );
+ {
+ if( status == PSA_ERROR_DOES_NOT_EXIST )
+ status = PSA_ERROR_INVALID_HANDLE;
+ return( status );
+ }
if( slot->lock_count <= 1 )
return( psa_wipe_key_slot( slot ) );
else
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 251cbb6..9c5911b 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -266,6 +266,21 @@
#define ecp_clear_precomputed( g )
#endif
+#if defined(MBEDTLS_ECP_C)
+static int set_ecp_curve( const char *string, mbedtls_ecp_curve_info *curve )
+{
+ const mbedtls_ecp_curve_info *found =
+ mbedtls_ecp_curve_info_from_name( string );
+ if( found != NULL )
+ {
+ *curve = *found;
+ return( 1 );
+ }
+ else
+ return( 0 );
+}
+#endif
+
unsigned char buf[BUFSIZE];
typedef struct {
@@ -289,6 +304,17 @@
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char alloc_buf[HEAP_SIZE] = { 0 };
#endif
+#if defined(MBEDTLS_ECP_C)
+ mbedtls_ecp_curve_info single_curve[2] = {
+ { MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
+ { MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
+ };
+ const mbedtls_ecp_curve_info *curve_list = mbedtls_ecp_curve_list( );
+#endif
+
+#if defined(MBEDTLS_ECP_C)
+ (void) curve_list; /* Unused in some configurations where no benchmark uses ECC */
+#endif
if( argc <= 1 )
{
@@ -356,6 +382,10 @@
todo.ecdsa = 1;
else if( strcmp( argv[i], "ecdh" ) == 0 )
todo.ecdh = 1;
+#if defined(MBEDTLS_ECP_C)
+ else if( set_ecp_curve( argv[i], single_curve ) )
+ curve_list = single_curve;
+#endif
else
{
mbedtls_printf( "Unrecognized option: %s\n", argv[i] );
@@ -845,7 +875,7 @@
memset( buf, 0x2A, sizeof( buf ) );
- for( curve_info = mbedtls_ecp_curve_list();
+ for( curve_info = curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
@@ -867,7 +897,7 @@
mbedtls_ecdsa_free( &ecdsa );
}
- for( curve_info = mbedtls_ecp_curve_list();
+ for( curve_info = curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
@@ -911,8 +941,23 @@
};
const mbedtls_ecp_curve_info *curve_info;
size_t olen;
+ const mbedtls_ecp_curve_info *selected_montgomery_curve_list =
+ montgomery_curve_list;
- for( curve_info = mbedtls_ecp_curve_list();
+ if( curve_list == (const mbedtls_ecp_curve_info*) &single_curve )
+ {
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_group_init( &grp );
+ if( mbedtls_ecp_group_load( &grp, curve_list->grp_id ) != 0 )
+ mbedtls_exit( 1 );
+ if( mbedtls_ecp_get_type( &grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
+ selected_montgomery_curve_list = single_curve;
+ else /* empty list */
+ selected_montgomery_curve_list = single_curve + 1;
+ mbedtls_ecp_group_free( &grp );
+ }
+
+ for( curve_info = curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
@@ -938,7 +983,7 @@
}
/* Montgomery curves need to be handled separately */
- for ( curve_info = montgomery_curve_list;
+ for ( curve_info = selected_montgomery_curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
@@ -960,7 +1005,7 @@
mbedtls_mpi_free( &z );
}
- for( curve_info = mbedtls_ecp_curve_list();
+ for( curve_info = curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++ )
{
@@ -986,7 +1031,7 @@
}
/* Montgomery curves need to be handled separately */
- for ( curve_info = montgomery_curve_list;
+ for ( curve_info = selected_montgomery_curve_list;
curve_info->grp_id != MBEDTLS_ECP_DP_NONE;
curve_info++)
{
@@ -1015,7 +1060,6 @@
{
mbedtls_ecdh_context ecdh_srv, ecdh_cli;
unsigned char buf_srv[BUFSIZE], buf_cli[BUFSIZE];
- const mbedtls_ecp_curve_info * curve_list = mbedtls_ecp_curve_list();
const mbedtls_ecp_curve_info *curve_info;
size_t olen;
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 6c54900..3de2361 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -114,8 +114,8 @@
echo "Usage: $0 [options]"
printf " -h|--help\tPrint this help.\n"
printf " -m|--memcheck\tCheck memory leaks and errors.\n"
- printf " -f|--filter\tOnly matching tests are executed (BRE)\n"
- printf " -e|--exclude\tMatching tests are excluded (BRE)\n"
+ printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n"
+ printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n"
printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
printf " -s|--show-numbers\tShow test numbers in front of test names\n"
printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
@@ -178,6 +178,14 @@
;;
esac
+# Read boolean configuration options from config.h for easy and quick
+# testing. Skip non-boolean options (with something other than spaces
+# and a comment after "#define SYMBOL"). The variable contains a
+# space-separated list of symbols.
+CONFIGS_ENABLED=" $(<"$CONFIG_H" \
+ sed -n 's!^ *#define *\([A-Za-z][0-9A-Z_a-z]*\) *\(/*\)*!\1!p' |
+ tr '\n' ' ')"
+
# Skip next test; use this macro to skip tests which are legitimate
# in theory and expected to be re-introduced at some point, but
# aren't expected to succeed at the moment due to problems outside
@@ -188,16 +196,17 @@
# skip next test if the flag is not enabled in config.h
requires_config_enabled() {
- if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
- SKIP_NEXT="YES"
- fi
+ case $CONFIGS_ENABLED in
+ *" $1 "*) :;;
+ *) SKIP_NEXT="YES";;
+ esac
}
# skip next test if the flag is enabled in config.h
requires_config_disabled() {
- if grep "^#define $1" $CONFIG_H > /dev/null; then
- SKIP_NEXT="YES"
- fi
+ case $CONFIGS_ENABLED in
+ *" $1 "*) SKIP_NEXT="YES";;
+ esac
}
get_config_value_or_default() {
@@ -233,10 +242,16 @@
fi
}
+# Space-separated list of ciphersuites supported by this build of
+# Mbed TLS.
+P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null |
+ grep TLS- |
+ tr -s ' \n' ' ')"
requires_ciphersuite_enabled() {
- if [ -z "$($P_CLI --help 2>/dev/null | grep $1)" ]; then
- SKIP_NEXT="YES"
- fi
+ case $P_CIPHERSUITES in
+ *" $1 "*) :;;
+ *) SKIP_NEXT="YES";;
+ esac
}
# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...]
@@ -462,17 +477,21 @@
# is_polar <cmd_line>
is_polar() {
- echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
+ case "$1" in
+ *ssl_client2*) true;;
+ *ssl_server2*) true;;
+ *) false;;
+ esac
}
# openssl s_server doesn't have -www with DTLS
check_osrv_dtls() {
- if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then
- NEEDS_INPUT=1
- SRV_CMD="$( echo $SRV_CMD | sed s/-www// )"
- else
- NEEDS_INPUT=0
- fi
+ case "$SRV_CMD" in
+ *s_server*-dtls*)
+ NEEDS_INPUT=1
+ SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";;
+ *) NEEDS_INPUT=0;;
+ esac
}
# provide input to commands that need it
@@ -627,11 +646,10 @@
# check if the given command uses dtls and sets global variable DTLS
detect_dtls() {
- if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then
- DTLS=1
- else
- DTLS=0
- fi
+ case "$1" in
+ *dtls=1*|-dtls|-u) DTLS=1;;
+ *) DTLS=0;;
+ esac
}
# check if the given command uses gnutls and sets global variable CMD_IS_GNUTLS
@@ -680,8 +698,7 @@
NAME="$1"
shift 1
- if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
- else
+ if is_excluded "$NAME"; then
SKIP_NEXT="NO"
# There was no request to run the test, so don't record its outcome.
return
@@ -690,10 +707,11 @@
print_name "$NAME"
# Do we only run numbered tests?
- if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
- elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then :
- else
- SKIP_NEXT="YES"
+ if [ -n "$RUN_TEST_NUMBER" ]; then
+ case ",$RUN_TEST_NUMBER," in
+ *",$TESTS,"*) :;;
+ *) SKIP_NEXT="YES";;
+ esac
fi
# does this test use a proxy?
@@ -711,10 +729,10 @@
shift 3
# Check if test uses files
- TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" )
- if [ ! -z "$TEST_USES_FILES" ]; then
- requires_config_enabled MBEDTLS_FS_IO
- fi
+ case "$SRV_CMD $CLI_CMD" in
+ *data_files/*)
+ requires_config_enabled MBEDTLS_FS_IO;;
+ esac
# If the client or serve requires a ciphersuite, check that it's enabled.
maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@"
@@ -1017,7 +1035,7 @@
run_test_memory_after_hanshake_with_mfl()
{
# The test passes if the difference is around 2*(16k-MFL)
- local MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))"
+ MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))"
# Leave some margin for robustness
MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))"
@@ -1079,6 +1097,46 @@
get_options "$@"
+# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell
+# patterns rather than regular expressions, use a case statement instead
+# of calling grep. To keep the optimizer simple, it is incomplete and only
+# detects simple cases: plain substring, everything, nothing.
+#
+# As an exception, the character '.' is treated as an ordinary character
+# if it is the only special character in the string. This is because it's
+# rare to need "any one character", but needing a literal '.' is common
+# (e.g. '-f "DTLS 1.2"').
+need_grep=
+case "$FILTER" in
+ '^$') simple_filter=;;
+ '.*') simple_filter='*';;
+ *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
+ need_grep=1;;
+ *) # No regexp or shell-pattern special character
+ simple_filter="*$FILTER*";;
+esac
+case "$EXCLUDE" in
+ '^$') simple_exclude=;;
+ '.*') simple_exclude='*';;
+ *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
+ need_grep=1;;
+ *) # No regexp or shell-pattern special character
+ simple_exclude="*$EXCLUDE*";;
+esac
+if [ -n "$need_grep" ]; then
+ is_excluded () {
+ ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE"
+ }
+else
+ is_excluded () {
+ case "$1" in
+ $simple_exclude) true;;
+ $simple_filter) false;;
+ *) true;;
+ esac
+ }
+fi
+
# sanity checks, avoid an avalanche of errors
P_SRV_BIN="${P_SRV%%[ ]*}"
P_CLI_BIN="${P_CLI%%[ ]*}"
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 484e97f..4e56800 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -205,7 +205,7 @@
psa_set_key_algorithm( &attributes, PSA_ALG_CTR );
psa_set_key_type( &attributes, PSA_KEY_TYPE_AES );
TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
- PSA_ERROR_DOES_NOT_EXIST );
+ PSA_ERROR_INVALID_HANDLE );
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID( psa_get_key_id( &attributes ) ), 0 );
TEST_EQUAL(
@@ -217,10 +217,10 @@
TEST_EQUAL( psa_get_key_bits( &attributes ), 0 );
TEST_EQUAL( psa_export_key( key, buffer, sizeof( buffer ), &length ),
- PSA_ERROR_DOES_NOT_EXIST );
+ PSA_ERROR_INVALID_HANDLE );
TEST_EQUAL( psa_export_public_key( key,
buffer, sizeof( buffer ), &length ),
- PSA_ERROR_DOES_NOT_EXIST );
+ PSA_ERROR_INVALID_HANDLE );
ok = 1;
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.data b/tests/suites/test_suite_psa_crypto_slot_management.data
index eedd3f3..0fedd14 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.data
+++ b/tests/suites/test_suite_psa_crypto_slot_management.data
@@ -89,15 +89,15 @@
Open failure: invalid identifier (0)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:0:PSA_ERROR_INVALID_HANDLE
+open_fail:0:PSA_ERROR_DOES_NOT_EXIST
Open failure: invalid identifier (random seed UID)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_INVALID_HANDLE
+open_fail:PSA_CRYPTO_ITS_RANDOM_SEED_UID:PSA_ERROR_DOES_NOT_EXIST
Open failure: invalid identifier (reserved range)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
-open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_INVALID_HANDLE
+open_fail:PSA_KEY_ID_VENDOR_MAX + 1:PSA_ERROR_DOES_NOT_EXIST
Open failure: invalid identifier (implementation range)
depends_on:MBEDTLS_PSA_CRYPTO_STORAGE_C
@@ -178,16 +178,16 @@
copy_to_occupied:PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_LIFETIME_PERSISTENT:1:PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f"
invalid handle: 0
-invalid_handle:INVALID_HANDLE_0:PSA_SUCCESS:PSA_ERROR_INVALID_HANDLE
+invalid_handle:INVALID_HANDLE_0:PSA_SUCCESS
invalid handle: never opened
-invalid_handle:INVALID_HANDLE_UNOPENED:PSA_ERROR_DOES_NOT_EXIST:PSA_ERROR_DOES_NOT_EXIST
+invalid_handle:INVALID_HANDLE_UNOPENED:PSA_ERROR_INVALID_HANDLE
invalid handle: already closed
-invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_DOES_NOT_EXIST:PSA_ERROR_DOES_NOT_EXIST
+invalid_handle:INVALID_HANDLE_CLOSED:PSA_ERROR_INVALID_HANDLE
invalid handle: huge
-invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE:PSA_ERROR_INVALID_HANDLE
+invalid_handle:INVALID_HANDLE_HUGE:PSA_ERROR_INVALID_HANDLE
Open many transient keys
many_transient_keys:42
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index bafb7d8..dac52ab 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -178,8 +178,8 @@
/* Test that the key is now invalid. */
TEST_EQUAL( psa_get_key_attributes( key, &attributes ),
- PSA_ERROR_DOES_NOT_EXIST );
- TEST_EQUAL( psa_close_key( key ), PSA_ERROR_DOES_NOT_EXIST );
+ PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_close_key( key ), PSA_ERROR_INVALID_HANDLE );
exit:
/*
@@ -326,10 +326,10 @@
* existing key.
*/
TEST_EQUAL( psa_get_key_attributes( handle, &read_attributes ),
- PSA_ERROR_DOES_NOT_EXIST );
- TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_DOES_NOT_EXIST );
+ PSA_ERROR_INVALID_HANDLE );
+ TEST_EQUAL( psa_close_key( handle ), PSA_ERROR_INVALID_HANDLE );
TEST_EQUAL( psa_get_key_attributes( id, &read_attributes ),
- PSA_ERROR_DOES_NOT_EXIST );
+ PSA_ERROR_INVALID_HANDLE );
break;
}
@@ -728,13 +728,12 @@
/* BEGIN_CASE */
void invalid_handle( int handle_construction,
- int close_status_arg, int usage_status_arg )
+ int close_status_arg )
{
psa_key_handle_t valid_handle = PSA_KEY_HANDLE_INIT;
psa_key_handle_t invalid_handle = PSA_KEY_HANDLE_INIT;
psa_key_id_t key_id;
psa_status_t close_status = close_status_arg;
- psa_status_t usage_status = usage_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t material[1] = "a";
@@ -793,7 +792,7 @@
/* Attempt to use the invalid handle. */
TEST_EQUAL( psa_get_key_attributes( invalid_handle, &attributes ),
- usage_status );
+ PSA_ERROR_INVALID_HANDLE );
TEST_EQUAL( psa_close_key( invalid_handle ), close_status );
TEST_EQUAL( psa_destroy_key( invalid_handle ), close_status );