Merge pull request #6141 from mpg/driver-hashes-rsa-v21
Driver hashes rsa v21
diff --git a/ChangeLog.d/nonversioned-library-soname.txt b/ChangeLog.d/nonversioned-library-soname.txt
new file mode 100644
index 0000000..8d83a2d
--- /dev/null
+++ b/ChangeLog.d/nonversioned-library-soname.txt
@@ -0,0 +1,5 @@
+Features
+ * make: enable building unversioned shared library, with e.g.:
+ "SHARED=1 SOEXT_TLS=so SOEXT_X509=so SOEXT_CRYPTO=so make lib"
+ resulting in library names like "libmbedtls.so" rather than
+ "libmbedcrypto.so.11".
diff --git a/library/Makefile b/library/Makefile
index 3c4c7ea..2f58f66 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -47,9 +47,9 @@
endif
endif
-SOEXT_TLS=so.18
-SOEXT_X509=so.4
-SOEXT_CRYPTO=so.12
+SOEXT_TLS?=so.18
+SOEXT_X509?=so.4
+SOEXT_CRYPTO?=so.12
# Set AR_DASH= (empty string) to use an ar implementation that does not accept
# the - prefix for command line options (e.g. llvm-ar)
@@ -219,9 +219,11 @@
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_TLS) -L. -lmbedx509 -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
+ifneq ($(SOEXT_TLS),so)
libmbedtls.so: libmbedtls.$(SOEXT_TLS)
echo " LN $@ -> $<"
ln -sf $< $@
+endif
libmbedtls.dylib: $(OBJS_TLS) libmbedx509.dylib
echo " LD $@"
@@ -246,9 +248,11 @@
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_X509) -L. -lmbedcrypto $(LOCAL_LDFLAGS) $(LDFLAGS)
+ifneq ($(SOEXT_X509),so)
libmbedx509.so: libmbedx509.$(SOEXT_X509)
echo " LN $@ -> $<"
ln -sf $< $@
+endif
libmbedx509.dylib: $(OBJS_X509) libmbedcrypto.dylib
echo " LD $@"
@@ -273,9 +277,11 @@
echo " LD $@"
$(CC) -shared -Wl,-soname,$@ -o $@ $(OBJS_CRYPTO) $(LOCAL_LDFLAGS) $(LDFLAGS)
+ifneq ($(SOEXT_CRYPTO),so)
libmbedcrypto.so: libmbedcrypto.$(SOEXT_CRYPTO)
echo " LN $@ -> $<"
ln -sf $< $@
+endif
libmbedcrypto.dylib: $(OBJS_CRYPTO)
echo " LD $@"
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dada148..19b8a41 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7286,7 +7286,7 @@
const mbedtls_ssl_ciphersuite_t * const ciphersuite_info =
mbedtls_ssl_ciphersuite_from_id( ciphersuite_id );
- if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
+ if( ciphersuite_info != NULL && ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
return( tls_prf_sha384 );
#else
(void) ciphersuite_id;
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index 6d92de3..5aa0233 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -28,20 +28,26 @@
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#endif
-#define USAGE \
- "usage: %s [ <MBEDTLS_CONFIG> | -l ]\n\n" \
- "This program takes one command line argument which corresponds to\n" \
- "the string representation of a Mbed TLS compile time configuration.\n" \
- "The value 0 will be returned if this configuration is defined in the\n" \
- "Mbed TLS build and the macro expansion of that configuration will be\n" \
- "printed (if any). Otherwise, 1 will be returned.\n" \
- "-l\tPrint all available configuration.\n"
+#define USAGE \
+ "usage: %s [ -all | -any | -l ] <MBEDTLS_CONFIG> ...\n\n" \
+ "This program takes command line arguments which correspond to\n" \
+ "the string representation of Mbed TLS compile time configurations.\n\n" \
+ "If \"--all\" and \"--any\" are not used, then, if all given arguments\n" \
+ "are defined in the Mbed TLS build, 0 is returned; otherwise 1 is\n" \
+ "returned. Macro expansions of configurations will be printed (if any).\n" \
+ "-l\tPrint all available configuration.\n" \
+ "-all\tReturn 0 if all configurations are defined. Otherwise, return 1\n" \
+ "-any\tReturn 0 if any configuration is defined. Otherwise, return 1\n" \
+ "-h\tPrint this usage\n"
+
#include <string.h>
#include "query_config.h"
int main( int argc, char *argv[] )
{
- if ( argc != 2 )
+ int i;
+
+ if ( argc == 1 || strcmp( argv[1], "-h" ) == 0 )
{
mbedtls_printf( USAGE, argv[0] );
return( MBEDTLS_EXIT_FAILURE );
@@ -53,5 +59,31 @@
return( 0 );
}
- return( query_config( argv[1] ) );
+ if( strcmp( argv[1], "-all" ) == 0 )
+ {
+ for( i = 2; i < argc; i++ )
+ {
+ if( query_config( argv[i] ) != 0 )
+ return( 1 );
+ }
+ return( 0 );
+ }
+
+ if( strcmp( argv[1], "-any" ) == 0 )
+ {
+ for( i = 2; i < argc; i++ )
+ {
+ if( query_config( argv[i] ) == 0 )
+ return( 0 );
+ }
+ return( 1 );
+ }
+
+ for( i = 1; i < argc; i++ )
+ {
+ if( query_config( argv[i] ) != 0 )
+ return( 1 );
+ }
+
+ return( 0 );
}
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index f5d7033..7fc8c6c 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -96,7 +96,7 @@
mv tmp library/CMakeLists.txt
[ $VERBOSE ] && echo "Bumping SOVERSION for libmbedcrypto in library/Makefile"
- sed -e "s/SOEXT_CRYPTO=so.[0-9]\{1,\}/SOEXT_CRYPTO=so.$SO_CRYPTO/g" < library/Makefile > tmp
+ sed -e "s/SOEXT_CRYPTO?=so.[0-9]\{1,\}/SOEXT_CRYPTO?=so.$SO_CRYPTO/g" < library/Makefile > tmp
mv tmp library/Makefile
fi
@@ -107,7 +107,7 @@
mv tmp library/CMakeLists.txt
[ $VERBOSE ] && echo "Bumping SOVERSION for libmbedx509 in library/Makefile"
- sed -e "s/SOEXT_X509=so.[0-9]\{1,\}/SOEXT_X509=so.$SO_X509/g" < library/Makefile > tmp
+ sed -e "s/SOEXT_X509?=so.[0-9]\{1,\}/SOEXT_X509?=so.$SO_X509/g" < library/Makefile > tmp
mv tmp library/Makefile
fi
@@ -118,7 +118,7 @@
mv tmp library/CMakeLists.txt
[ $VERBOSE ] && echo "Bumping SOVERSION for libmbedtls in library/Makefile"
- sed -e "s/SOEXT_TLS=so.[0-9]\{1,\}/SOEXT_TLS=so.$SO_TLS/g" < library/Makefile > tmp
+ sed -e "s/SOEXT_TLS?=so.[0-9]\{1,\}/SOEXT_TLS?=so.$SO_TLS/g" < library/Makefile > tmp
mv tmp library/Makefile
fi
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 357a10f..d498d50 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -223,6 +223,34 @@
esac
}
+requires_all_configs_enabled() {
+ if ! $P_QUERY -all $*
+ then
+ SKIP_NEXT="YES"
+ fi
+}
+
+requires_all_configs_disabled() {
+ if $P_QUERY -any $*
+ then
+ SKIP_NEXT="YES"
+ fi
+}
+
+requires_any_configs_enabled() {
+ if ! $P_QUERY -any $*
+ then
+ SKIP_NEXT="YES"
+ fi
+}
+
+requires_any_configs_disabled() {
+ if $P_QUERY -all $*
+ then
+ SKIP_NEXT="YES"
+ fi
+}
+
get_config_value_or_default() {
# This function uses the query_config command line option to query the
# required Mbed TLS compile time configuration from the ssl_server2
@@ -874,12 +902,12 @@
( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) &
DOG_PID=$!
- wait $CLI_PID
+ # For Ubuntu 22.04, `Terminated` message is outputed by wait command.
+ # To remove it from stdout, redirect stdout/stderr to CLI_OUT
+ wait $CLI_PID >> $CLI_OUT 2>&1
CLI_EXIT=$?
kill $DOG_PID >/dev/null 2>&1
- # For Ubuntu 22.04, `Terminated` message is outputed by wait command.
- # To remove it from stdout, redirect stdout/stderr to CLI_OUT
wait $DOG_PID >> $CLI_OUT 2>&1
echo "EXIT: $CLI_EXIT" >> $CLI_OUT
@@ -1230,7 +1258,9 @@
# terminate the server (and the proxy)
kill $SRV_PID
- wait $SRV_PID
+ # For Ubuntu 22.04, `Terminated` message is outputed by wait command.
+ # To remove it from stdout, redirect stdout/stderr to SRV_OUT
+ wait $SRV_PID >> $SRV_OUT 2>&1
SRV_RET=$?
if [ -n "$PXY_CMD" ]; then
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 4ea4d3b..5332c07 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -708,6 +708,10 @@
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6"
+ECP point set zero
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_set_zero:MBEDTLS_ECP_DP_SECP256R1:"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579"
+
ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate)
depends_on:MBEDTLS_ECP_DP_CURVE448_ENABLED
ecp_test_vec_x:MBEDTLS_ECP_DP_CURVE448:"eb7298a5c0d8c29a1dab27f1a6826300917389449741a974f5bac9d98dc298d46555bce8bae89eeed400584bb046cf75579f51d125498f98":"a01fc432e5807f17530d1288da125b0cd453d941726436c8bbd9c5222c3da7fa639ce03db8d23b274a0721a1aed5227de6e3b731ccf7089b":"ad997351b6106f36b0d1091b929c4c37213e0d2b97e85ebb20c127691d0dad8f1d8175b0723745e639a3cb7044290b99e0e2a0c27a6a301c":"0936f37bc6c1bd07ae3dec7ab5dc06a73ca13242fb343efc72b9d82730b445f3d4b0bd077162a46dcfec6f9b590bfcbcf520cdb029a8b73e":"9d874a5137509a449ad5853040241c5236395435c36424fd560b0cb62b281d285275a740ce32a22dd1740f4aa9161cec95ccc61a18f4ff07"
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 2cabef4..65c7067 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1020,6 +1020,72 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void ecp_set_zero( int id, data_t * P_bin )
+{
+ mbedtls_ecp_group grp;
+ mbedtls_ecp_point pt, zero_pt, nonzero_pt;
+
+ mbedtls_ecp_group_init( &grp );
+ mbedtls_ecp_point_init( &pt );
+ mbedtls_ecp_point_init( &zero_pt );
+ mbedtls_ecp_point_init( &nonzero_pt );
+
+ // Set zero and non-zero points for comparison
+ TEST_EQUAL( mbedtls_ecp_set_zero( &zero_pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_group_load( &grp, id ), 0 );
+ TEST_EQUAL( mbedtls_ecp_point_read_binary( &grp, &nonzero_pt,
+ P_bin->x, P_bin->len ), 0 );
+ TEST_EQUAL( mbedtls_ecp_is_zero( &zero_pt ), 1 );
+ TEST_EQUAL( mbedtls_ecp_is_zero( &nonzero_pt ), 0 );
+
+ // Test initialized point
+ TEST_EQUAL( mbedtls_ecp_set_zero( &pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 1 );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &zero_pt ),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ // Test zeroed point
+ TEST_EQUAL( mbedtls_ecp_set_zero( &pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 1 );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &pt ),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ // Set point to non-zero value
+ TEST_EQUAL( mbedtls_ecp_point_read_binary( &grp, &pt,
+ P_bin->x, P_bin->len ), 0 );
+ TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &pt), 0 );
+
+ // Test non-zero point
+ TEST_EQUAL( mbedtls_ecp_set_zero( &pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 1 );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &pt ),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+ // Test freed non-zero point
+ TEST_EQUAL( mbedtls_ecp_point_read_binary( &grp, &pt,
+ P_bin->x, P_bin->len ), 0 );
+ mbedtls_ecp_point_free( &pt );
+ TEST_EQUAL( mbedtls_ecp_set_zero( &pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_is_zero( &pt ), 1 );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &zero_pt, &pt ), 0 );
+ TEST_EQUAL( mbedtls_ecp_point_cmp( &nonzero_pt, &pt),
+ MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+
+exit:
+ mbedtls_ecp_group_free( &grp );
+ mbedtls_ecp_point_free( &pt );
+ mbedtls_ecp_point_free( &zero_pt );
+ mbedtls_ecp_point_free( &nonzero_pt );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void ecp_selftest( )
{