Merge pull request #3419 from ndilieto/development
Pass "certificate policies" extension to callback
diff --git a/ChangeLog.d/bugfix_PR3405 b/ChangeLog.d/bugfix_PR3405
new file mode 100644
index 0000000..73c57c0
--- /dev/null
+++ b/ChangeLog.d/bugfix_PR3405
@@ -0,0 +1,5 @@
+Bugfix
+ * Update iv and len context pointers manually when reallocating buffers
+ using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues
+ when receiving a connection with CID, when these fields were shifted
+ in ssl_parse_record_header().
diff --git a/ChangeLog.d/bugfix_PR3421.txt b/ChangeLog.d/bugfix_PR3421.txt
new file mode 100644
index 0000000..b52dee0
--- /dev/null
+++ b/ChangeLog.d/bugfix_PR3421.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and fix submitted in #3421 by Nia Alarie.
diff --git a/ChangeLog.d/bugfix_PR3422.txt b/ChangeLog.d/bugfix_PR3422.txt
new file mode 100644
index 0000000..dfe152c
--- /dev/null
+++ b/ChangeLog.d/bugfix_PR3422.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix building library/net_sockets.c and the ssl_mail_client program on NetBSD. Contributed by Nia Alarie in #3422.
diff --git a/ChangeLog.d/tests-common-code.txt b/ChangeLog.d/tests-common-code.txt
new file mode 100644
index 0000000..0af2da5
--- /dev/null
+++ b/ChangeLog.d/tests-common-code.txt
@@ -0,0 +1,5 @@
+Changes
+ * The unit tests now rely on header files in tests/include/test and source
+ files in tests/src. When building with make or cmake, the files in
+ tests/src are compiled and the resulting object linked into each test
+ executable.
diff --git a/ChangeLog.d/uniformize_bounds_checks.txt b/ChangeLog.d/uniformize_bounds_checks.txt
new file mode 100644
index 0000000..210ab10
--- /dev/null
+++ b/ChangeLog.d/uniformize_bounds_checks.txt
@@ -0,0 +1,9 @@
+Bugfix
+ * Add additional bounds checks in ssl_write_client_hello() preventing
+ output buffer overflow if the configuration declared a buffer that was
+ too small.
+Changes
+ * Abort the ClientHello writing function as soon as some extension doesn't
+ fit into the record buffer. Previously, such extensions were silently
+ dropped. As a consequence, the TLS handshake now fails when the output
+ buffer is not large enough to hold the ClientHello.
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 63c0f67..151affd 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -20,7 +20,8 @@
* <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.
*/
-/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
+/*
+ * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index a72a8c2..f99e76f 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -9,7 +9,8 @@
* Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
* and also described by the IETF in <em>RFC 5794</em>.
*/
-/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 243ae63..696d400 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -12,7 +12,8 @@
* \author Daniel King <damaki.gh@gmail.com>
*/
-/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
+/*
+ * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 3d842ef..97f1c58 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -12,7 +12,8 @@
* \author Daniel King <damaki.gh@gmail.com>
*/
-/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
+/*
+ * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 2fb86c7..4288001 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -101,7 +101,7 @@
* ECP 4 10 (Started from top)
* MD 5 5
* HKDF 5 1 (Started from top)
- * SSL 5 1 (Started from 0x5F00)
+ * SSL 5 2 (Started from 0x5F00)
* CIPHER 6 8 (Started from 0x6080)
* SSL 6 24 (Started from top, plus 0x6000)
* SSL 7 32
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 05866a2..4a3e354 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -12,7 +12,8 @@
* \author Daniel King <damaki.gh@gmail.com>
*/
-/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
+/*
+ * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 65424d6..98264f9 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -129,6 +129,7 @@
#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */
#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /**< An operation failed due to an unexpected version or configuration. */
#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */
+#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 /**< Invalid value in SSL config */
/*
* Various constants
@@ -144,6 +145,9 @@
#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */
#define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */
+#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
+
+#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */
/* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
* NONE must be zero so that memset()ing structure to zero works */
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index cd881eb..c68038c 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -207,6 +207,12 @@
: ( MBEDTLS_SSL_IN_CONTENT_LEN ) \
)
+/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */
+#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534
+
+/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */
+#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535
+
/*
* Check that we obey the standard's message size bounds
*/
@@ -299,6 +305,41 @@
#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0)
#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1)
+/**
+ * \brief This function checks if the remaining size in a buffer is
+ * greater or equal than a needed space.
+ *
+ * \param cur Pointer to the current position in the buffer.
+ * \param end Pointer to one past the end of the buffer.
+ * \param need Needed space in bytes.
+ *
+ * \return Zero if the needed space is available in the buffer, non-zero
+ * otherwise.
+ */
+static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur,
+ const uint8_t *end, size_t need )
+{
+ return( ( cur > end ) || ( need > (size_t)( end - cur ) ) );
+}
+
+/**
+ * \brief This macro checks if the remaining size in a buffer is
+ * greater or equal than a needed space. If it is not the case,
+ * it returns an SSL_BUFFER_TOO_SMALL error.
+ *
+ * \param cur Pointer to the current position in the buffer.
+ * \param end Pointer to one past the end of the buffer.
+ * \param need Needed space in bytes.
+ *
+ */
+#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \
+ do { \
+ if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \
+ { \
+ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \
+ } \
+ } while( 0 )
+
#ifdef __cplusplus
extern "C" {
#endif
diff --git a/library/error.c b/library/error.c
index be60798..57171b3 100644
--- a/library/error.c
+++ b/library/error.c
@@ -526,6 +526,8 @@
return( "SSL - An operation failed due to an unexpected version or configuration" );
case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS):
return( "SSL - A cryptographic operation is in progress. Try again later" );
+ case -(MBEDTLS_ERR_SSL_BAD_CONFIG):
+ return( "SSL - Invalid value in SSL config" );
#endif /* MBEDTLS_SSL_TLS_C */
#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
diff --git a/library/net_sockets.c b/library/net_sockets.c
index 8258aea..b26e858 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -23,6 +23,7 @@
* be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L
+#define _XOPEN_SOURCE 600 /* sockaddr_storage */
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
@@ -322,7 +323,8 @@
struct sockaddr_storage client_addr;
#if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \
- defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t)
+ defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \
+ defined(socklen_t)
socklen_t n = (socklen_t) sizeof( client_addr );
socklen_t type_len = (socklen_t) sizeof( type );
#else
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 6932318..3dc3b86 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -1,7 +1,8 @@
/*
* PSA crypto layer on top of Mbed TLS crypto
*/
-/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index edf3ab6..ef40f79 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -1,7 +1,8 @@
/*
* PSA crypto core internal interfaces
*/
-/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h
index 3809787..e2b7466 100644
--- a/library/psa_crypto_its.h
+++ b/library/psa_crypto_its.h
@@ -1,7 +1,8 @@
/** \file psa_crypto_its.h
* \brief Interface of trusted storage that crypto is built on.
*/
-/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index 087c768..53a2600 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -1,7 +1,8 @@
/*
* PSA crypto support for secure element drivers
*/
-/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index c145065..3c29b12 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -1,7 +1,8 @@
/*
* PSA crypto support for secure element drivers
*/
-/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/psa_crypto_service_integration.h b/library/psa_crypto_service_integration.h
index 938bfe1..c129c8e 100644
--- a/library/psa_crypto_service_integration.h
+++ b/library/psa_crypto_service_integration.h
@@ -1,4 +1,5 @@
-/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c
index 6cd6a11..8ffb5a0 100644
--- a/library/psa_crypto_slot_management.c
+++ b/library/psa_crypto_slot_management.c
@@ -1,7 +1,8 @@
/*
* PSA crypto layer on top of Mbed TLS crypto
*/
-/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h
index 472253d..6cb02f5 100644
--- a/library/psa_crypto_slot_management.h
+++ b/library/psa_crypto_slot_management.h
@@ -1,7 +1,8 @@
/*
* PSA crypto layer on top of Mbed TLS crypto
*/
-/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c
index fa1214c..f12fe00 100644
--- a/library/psa_crypto_storage.c
+++ b/library/psa_crypto_storage.c
@@ -1,7 +1,8 @@
/*
* PSA persistent key storage
*/
-/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/psa_its_file.c b/library/psa_its_file.c
index 0935b27..86e2c42 100644
--- a/library/psa_its_file.c
+++ b/library/psa_its_file.c
@@ -1,7 +1,8 @@
/*
* PSA ITS simulator over stdio files.
*/
-/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 553e2b6..48ef30d 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -95,29 +95,26 @@
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
-static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t hostname_len;
*olen = 0;
if( ssl->hostname == NULL )
- return;
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s",
- ssl->hostname ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding server name extension: %s",
+ ssl->hostname ) );
hostname_len = strlen( ssl->hostname );
- if( end < p || (size_t)( end - p ) < hostname_len + 9 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 );
/*
* Sect. 3, RFC 6066 (TLS Extensions Definitions)
@@ -161,16 +158,18 @@
memcpy( p, ssl->hostname, hostname_len );
*olen = hostname_len + 9;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
-static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
@@ -178,21 +177,20 @@
* initial ClientHello, in which case also adding the renegotiation
* info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */
if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
- return;
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding renegotiation extension" ) );
- if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len );
/*
* Secure renegotiation
*/
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO )
+ & 0xFF );
*p++ = 0x00;
*p++ = ( ssl->verify_data_len + 1 ) & 0xFF;
@@ -201,6 +199,8 @@
memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
*olen = 5 + ssl->verify_data_len;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
@@ -209,14 +209,15 @@
*/
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t sig_alg_len = 0;
const int *md;
+
#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C)
unsigned char *sig_alg_list = buf + 6;
#endif
@@ -224,9 +225,13 @@
*olen = 0;
if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 )
- return;
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding signature_algorithms extension" ) );
+
+ if( ssl->conf->sig_hashes == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ )
{
@@ -236,13 +241,19 @@
#if defined(MBEDTLS_RSA_C)
sig_alg_len += 2;
#endif
+ if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "length in bytes of sig-hash-alg extension too big" ) );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
}
- if( end < p || (size_t)( end - p ) < sig_alg_len + 6 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ /* Empty signature algorithms list, this is a configuration error. */
+ if( sig_alg_len == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 );
/*
* Prepare signature_algorithms extension (TLS 1.2)
@@ -288,75 +299,75 @@
*p++ = (unsigned char)( ( sig_alg_len ) & 0xFF );
*olen = 6 + sig_alg_len;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
unsigned char *elliptic_curve_list = p + 6;
size_t elliptic_curve_len = 0;
const mbedtls_ecp_curve_info *info;
-#if defined(MBEDTLS_ECP_C)
const mbedtls_ecp_group_id *grp_id;
-#else
- ((void) ssl);
-#endif
*olen = 0;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding supported_elliptic_curves extension" ) );
-#if defined(MBEDTLS_ECP_C)
- for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
-#else
- for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
-#endif
+ if( ssl->conf->curve_list == NULL )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ for( grp_id = ssl->conf->curve_list;
+ *grp_id != MBEDTLS_ECP_DP_NONE;
+ grp_id++ )
{
-#if defined(MBEDTLS_ECP_C)
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-#endif
if( info == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) );
- return;
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "invalid curve in ssl configuration" ) );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
}
-
elliptic_curve_len += 2;
+
+ if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "malformed supported_elliptic_curves extension in config" ) );
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+ }
}
- if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ /* Empty elliptic curve list, this is a configuration error. */
+ if( elliptic_curve_len == 0 )
+ return( MBEDTLS_ERR_SSL_BAD_CONFIG );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len );
elliptic_curve_len = 0;
-#if defined(MBEDTLS_ECP_C)
- for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ )
-#else
- for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ )
-#endif
+ for( grp_id = ssl->conf->curve_list;
+ *grp_id != MBEDTLS_ECP_DP_NONE;
+ grp_id++ )
{
-#if defined(MBEDTLS_ECP_C)
info = mbedtls_ecp_curve_info_from_grp_id( *grp_id );
-#endif
elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8;
elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF;
}
- if( elliptic_curve_len == 0 )
- return;
-
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES )
+ & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF );
@@ -365,27 +376,28 @@
*p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF );
*olen = 6 + elliptic_curve_len;
+
+ return( 0 );
}
-static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
+ (void) ssl; /* ssl used for debugging only */
*olen = 0;
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding supported_point_formats extension" ) );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 );
- if( end < p || (size_t)( end - p ) < 6 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
-
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS )
+ & 0xFF );
*p++ = 0x00;
*p++ = 2;
@@ -394,33 +406,32 @@
*p++ = MBEDTLS_ECP_PF_UNCOMPRESSED;
*olen = 6;
+
+ return( 0 );
}
#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C ||
MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t kkpp_len;
*olen = 0;
/* Skip costly extension if we can't use EC J-PAKE anyway */
if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 )
- return;
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding ecjpake_kkpp extension" ) );
- if( end - p < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF );
@@ -436,19 +447,20 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) );
ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx,
- p + 2, end - p - 2, &kkpp_len,
- ssl->conf->f_rng, ssl->conf->p_rng );
+ p + 2, end - p - 2, &kkpp_len,
+ ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret );
- return;
+ MBEDTLS_SSL_DEBUG_RET( 1 ,
+ "mbedtls_ecjpake_write_round_one", ret );
+ return( ret );
}
ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len );
if( ssl->handshake->ecjpake_cache == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) );
- return;
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
}
memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
@@ -459,12 +471,7 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) );
kkpp_len = ssl->handshake->ecjpake_cache_len;
-
- if( (size_t)( end - p - 2 ) < kkpp_len )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len );
memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
}
@@ -473,17 +480,19 @@
*p++ = (unsigned char)( ( kkpp_len ) & 0xFF );
*olen = kkpp_len + 4;
+
+ return( 0 );
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-static void ssl_write_cid_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_cid_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
size_t ext_len;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
/*
* Quoting draft-ietf-tls-dtls-connection-id-05
@@ -498,17 +507,13 @@
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ||
ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED )
{
- return;
+ return( 0 );
}
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) );
/* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX
* which is at most 255, so the increment cannot overflow. */
- if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) );
/* Add extension ID + size */
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF );
@@ -521,33 +526,33 @@
memcpy( p, ssl->own_cid, ssl->own_cid_len );
*olen = ssl->own_cid_len + 5;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf,
- size_t *olen )
+static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
- if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) {
- return;
- }
+ if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE )
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding max_fragment_length extension" ) );
- if( end < p || (size_t)( end - p ) < 5 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH )
+ & 0xFF );
*p++ = 0x00;
*p++ = 1;
@@ -555,30 +560,28 @@
*p++ = ssl->conf->mfl_code;
*olen = 5;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
-static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding truncated_hmac extension" ) );
- if( end < p || (size_t)( end - p ) < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF );
@@ -587,32 +590,29 @@
*p++ = 0x00;
*olen = 4;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_TRUNCATED_HMAC */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED ||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac "
- "extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding encrypt_then_mac extension" ) );
- if( end < p || (size_t)( end - p ) < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF );
@@ -621,65 +621,63 @@
*p++ = 0x00;
*olen = 4;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
*olen = 0;
if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED ||
ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret "
- "extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding extended_master_secret extension" ) );
- if( end < p || (size_t)( end - p ) < 4 )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 )
+ & 0xFF );
+ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET )
+ & 0xFF );
*p++ = 0x00;
*p++ = 0x00;
*olen = 4;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
-static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t tlen = ssl->session_negotiate->ticket_len;
*olen = 0;
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, adding session ticket extension" ) );
- if( end < p || (size_t)( end - p ) < 4 + tlen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ /* The addition is safe here since the ticket length is 16 bit. */
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF );
@@ -690,44 +688,40 @@
*olen = 4;
if( ssl->session_negotiate->ticket == NULL || tlen == 0 )
- {
- return;
- }
+ return( 0 );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "sending session ticket of length %d", tlen ) );
memcpy( p, ssl->session_negotiate->ticket, tlen );
*olen += tlen;
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
#if defined(MBEDTLS_SSL_ALPN)
-static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
- unsigned char *buf, size_t *olen )
+static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ const unsigned char *end,
+ size_t *olen )
{
unsigned char *p = buf;
- const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN;
size_t alpnlen = 0;
const char **cur;
*olen = 0;
if( ssl->conf->alpn_list == NULL )
- {
- return;
- }
+ return( 0 );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) );
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
- alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
+ alpnlen += strlen( *cur ) + 1;
- if( end < p || (size_t)( end - p ) < 6 + alpnlen )
- {
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) );
- return;
- }
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF );
@@ -745,7 +739,11 @@
for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ )
{
- *p = (unsigned char)( strlen( *cur ) & 0xFF );
+ /*
+ * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of
+ * protocol names is less than 255.
+ */
+ *p = (unsigned char)strlen( *cur );
memcpy( p + 1, *cur, *p );
p += 1 + *p;
}
@@ -759,6 +757,8 @@
/* Extension length = olen - 2 (ext_type) - 2 (ext_len) */
buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF );
buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF );
+
+ return( 0 );
}
#endif /* MBEDTLS_SSL_ALPN */
@@ -815,9 +815,10 @@
*
* \return 0 if valid, else 1
*/
-static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info,
- const mbedtls_ssl_context * ssl,
- int min_minor_ver, int max_minor_ver )
+static int ssl_validate_ciphersuite(
+ const mbedtls_ssl_ciphersuite_t * suite_info,
+ const mbedtls_ssl_context * ssl,
+ int min_minor_ver, int max_minor_ver )
{
(void) ssl;
if( suite_info == NULL )
@@ -861,8 +862,11 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i, n, olen, ext_len = 0;
+
unsigned char *buf;
unsigned char *p, *q;
+ const unsigned char *end;
+
unsigned char offer_compress;
const int *ciphersuites;
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -889,23 +893,41 @@
if( ssl->conf->max_major_ver == 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, "
- "consider using mbedtls_ssl_config_defaults()" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
+ buf = ssl->out_msg;
+ end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN;
+
/*
- * 0 . 0 handshake type
- * 1 . 3 handshake length
+ * Check if there's enough space for the first part of the ClientHello
+ * consisting of the 38 bytes described below, the session identifier (at
+ * most 32 bytes) and its length (1 byte).
+ *
+ * Use static upper bounds instead of the actual values
+ * to allow the compiler to optimize this away.
+ */
+ MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );
+
+ /*
+ * The 38 first bytes of the ClientHello:
+ * 0 . 0 handshake type (written later)
+ * 1 . 3 handshake length (written later)
* 4 . 5 highest version supported
* 6 . 9 current UNIX time
* 10 . 37 random bytes
+ *
+ * The current UNIX time (4 bytes) and following 28 random bytes are written
+ * by ssl_generate_random() into ssl->handshake->randbytes buffer and then
+ * copied from there into the output buffer.
*/
- buf = ssl->out_msg;
- p = buf + 4;
- mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
- ssl->conf->transport, p );
+ p = buf + 4;
+ mbedtls_ssl_write_version( ssl->conf->max_major_ver,
+ ssl->conf->max_minor_ver,
+ ssl->conf->transport, p );
p += 2;
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]",
@@ -925,7 +947,7 @@
* 38 . 38 session id length
* 39 . 39+n session id
* 39+n . 39+n DTLS only: cookie length (1 byte)
- * 40+n . .. DTSL only: cookie
+ * 40+n . .. DTLS only: cookie
* .. . .. ciphersuitelist length (2 bytes)
* .. . .. ciphersuitelist
* .. . .. compression methods length (1 byte)
@@ -956,7 +978,8 @@
if( ssl->session_negotiate->ticket != NULL &&
ssl->session_negotiate->ticket_len != 0 )
{
- ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 );
+ ret = ssl->conf->f_rng( ssl->conf->p_rng,
+ ssl->session_negotiate->id, 32 );
if( ret != 0 )
return( ret );
@@ -966,6 +989,12 @@
}
#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+ /*
+ * The first check of the output buffer size above (
+ * MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );)
+ * has checked that there is enough space in the output buffer for the
+ * session identifier length byte and the session identifier (n <= 32).
+ */
*p++ = (unsigned char) n;
for( i = 0; i < n; i++ )
@@ -975,11 +1004,26 @@
MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n );
/*
+ * With 'n' being the length of the session identifier
+ *
+ * 39+n . 39+n DTLS only: cookie length (1 byte)
+ * 40+n . .. DTLS only: cookie
+ * .. . .. ciphersuitelist length (2 bytes)
+ * .. . .. ciphersuitelist
+ * .. . .. compression methods length (1 byte)
+ * .. . .. compression methods
+ * .. . .. extensions length (2 bytes)
+ * .. . .. extensions
+ */
+
+ /*
* DTLS cookie
*/
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 );
+
if( ssl->handshake->verify_cookie == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) );
@@ -992,6 +1036,9 @@
ssl->handshake->verify_cookie_len );
*p++ = ssl->handshake->verify_cookie_len;
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end,
+ ssl->handshake->verify_cookie_len );
memcpy( p, ssl->handshake->verify_cookie,
ssl->handshake->verify_cookie_len );
p += ssl->handshake->verify_cookie_len;
@@ -1007,6 +1054,8 @@
/* Skip writing ciphersuite length for now */
n = 0;
q = p;
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
p += 2;
for( i = 0; ciphersuites[i] != 0; i++ )
@@ -1026,12 +1075,15 @@
uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info );
#endif
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+
n++;
*p++ = (unsigned char)( ciphersuites[i] >> 8 );
*p++ = (unsigned char)( ciphersuites[i] );
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) );
/*
* Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV
@@ -1041,6 +1093,7 @@
#endif
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 );
*p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO );
n++;
@@ -1051,6 +1104,8 @@
if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK )
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) );
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 );
*p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE );
n++;
@@ -1081,8 +1136,10 @@
{
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d",
- MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) );
+ MBEDTLS_SSL_COMPRESS_DEFLATE,
+ MBEDTLS_SSL_COMPRESS_NULL ) );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 );
*p++ = 2;
*p++ = MBEDTLS_SSL_COMPRESS_DEFLATE;
*p++ = MBEDTLS_SSL_COMPRESS_NULL;
@@ -1093,27 +1150,45 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d",
MBEDTLS_SSL_COMPRESS_NULL ) );
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
*p++ = 1;
*p++ = MBEDTLS_SSL_COMPRESS_NULL;
}
- // First write extensions, then the total length
- //
+ /* First write extensions, then the total length */
+
+ MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 );
+
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
/* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
* even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
#if defined(MBEDTLS_SSL_RENEGOTIATION)
- ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
- ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
@@ -1121,51 +1196,100 @@
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( uses_ec )
{
- ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret );
+ return( ret );
+ }
ext_len += olen;
- ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret );
+ return( ret );
+ }
ext_len += olen;
}
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
- ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
- ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_ALPN)
- ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen );
+ if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len,
+ end, &olen ) ) != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret );
+ return( ret );
+ }
ext_len += olen;
#endif
@@ -1173,10 +1297,12 @@
((void) olen);
MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
- ext_len ) );
+ ext_len ) );
if( ext_len > 0 )
{
+ /* No need to check for space here, because the extension
+ * writing functions already took care of that. */
*p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
*p++ = (unsigned char)( ( ext_len ) & 0xFF );
p += ext_len;
@@ -1229,8 +1355,10 @@
ssl->peer_verify_data, ssl->verify_data_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
}
@@ -1239,9 +1367,12 @@
{
if( len != 1 || buf[0] != 0x00 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-zero length renegotiation info" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1264,9 +1395,12 @@
len != 1 ||
buf[0] != ssl->conf->mfl_code )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching max fragment length extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching max fragment length extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1282,9 +1416,12 @@
if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ||
len != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching truncated HMAC extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching truncated HMAC extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1361,9 +1498,12 @@
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
len != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching encrypt-then-MAC extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching encrypt-then-MAC extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1384,9 +1524,12 @@
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ||
len != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching extended master secret extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching extended master secret extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1406,9 +1549,12 @@
if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ||
len != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching session ticket extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-matching session ticket extension" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1489,8 +1635,10 @@
buf, len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( ret );
}
@@ -1509,8 +1657,10 @@
if( ssl->conf->alpn_list == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1690,12 +1840,13 @@
if( ssl->conf->renego_max_records >= 0 &&
ssl->renego_records_seen > ssl->conf->renego_max_records )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, "
- "but not honored by server" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "renegotiation requested, but not honored by server" ) );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "non-handshake message during renegotiation" ) );
ssl->keep_current_message = 1;
return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO );
@@ -1703,8 +1854,10 @@
#endif /* MBEDTLS_SSL_RENEGOTIATION */
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -1758,11 +1911,13 @@
ssl->major_ver > ssl->conf->max_major_ver ||
ssl->minor_ver > ssl->conf->max_minor_ver )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - "
- " min: [%d:%d], server: [%d:%d], max: [%d:%d]",
- ssl->conf->min_major_ver, ssl->conf->min_minor_ver,
- ssl->major_ver, ssl->minor_ver,
- ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]",
+ ssl->conf->min_major_ver,
+ ssl->conf->min_minor_ver,
+ ssl->major_ver, ssl->minor_ver,
+ ssl->conf->max_major_ver,
+ ssl->conf->max_minor_ver ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION );
@@ -1799,8 +1954,10 @@
ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
}
@@ -1839,9 +1996,12 @@
if( comp != MBEDTLS_SSL_COMPRESS_NULL )
#endif/* MBEDTLS_ZLIB_SUPPORT */
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server hello, bad compression: %d", comp ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE );
}
@@ -1851,7 +2011,8 @@
ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i );
if( ssl->handshake->ciphersuite_info == NULL )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "ciphersuite info for %04x not found", i ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
@@ -1891,8 +2052,10 @@
if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR );
return( ret );
}
}
@@ -1901,7 +2064,8 @@
ssl->handshake->resume ? "a" : "no" ) );
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) );
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d",
+ buf[37 + n] ) );
/*
* Perform cipher suite validation in same way as in ssl_write_client_hello.
@@ -1912,8 +2076,10 @@
if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1924,16 +2090,21 @@
}
}
- suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
- if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 )
+ suite_info = mbedtls_ssl_ciphersuite_from_id(
+ ssl->session_negotiate->ciphersuite );
+ if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver,
+ ssl->minor_ver ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "server hello, chosen ciphersuite: %s", suite_info->name ) );
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA &&
@@ -1950,15 +2121,18 @@
)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
ssl->session_negotiate->compression = comp;
ext = buf + 40 + n;
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, total extension length: %d", ext_len ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2,
+ ( "server hello, total extension length: %d", ext_len ) );
while( ext_len )
{
@@ -1970,8 +2144,9 @@
if( ext_size + 4 > ext_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -1991,7 +2166,8 @@
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "found max_fragment_length extension" ) );
if( ( ret = ssl_parse_max_fragment_length_ext( ssl,
ext + 4, ext_size ) ) != 0 )
@@ -2044,7 +2220,8 @@
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended_master_secret extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "found extended_master_secret extension" ) );
if( ( ret = ssl_parse_extended_ms_ext( ssl,
ext + 4, ext_size ) ) != 0 )
@@ -2071,7 +2248,8 @@
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "found supported_point_formats extension" ) );
if( ( ret = ssl_parse_supported_point_formats_ext( ssl,
ext + 4, ext_size ) ) != 0 )
@@ -2107,8 +2285,8 @@
#endif /* MBEDTLS_SSL_ALPN */
default:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)",
- ext_id ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "unknown extension found: %d (ignoring)", ext_id ) );
}
ext_len -= 4 + ext_size;
@@ -2125,9 +2303,11 @@
* Renegotiation security checks
*/
if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
+ ssl->conf->allow_legacy_renegotiation ==
+ MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "legacy renegotiation, breaking off handshake" ) );
handshake_failure = 1;
}
#if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -2135,12 +2315,14 @@
ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION &&
renegotiation_info_seen == 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "renegotiation_info extension missing (secure)" ) );
handshake_failure = 1;
}
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS &&
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
- ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
+ ssl->conf->allow_legacy_renegotiation ==
+ MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) );
handshake_failure = 1;
@@ -2149,15 +2331,18 @@
ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
renegotiation_info_seen == 1 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "renegotiation_info extension present (legacy)" ) );
handshake_failure = 1;
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
if( handshake_failure == 1 )
{
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO );
}
@@ -2168,7 +2353,8 @@
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p,
+static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
+ unsigned char **p,
unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
@@ -2182,7 +2368,8 @@
* opaque dh_Ys<1..2^16-1>;
* } ServerDHParams;
*/
- if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 )
+ if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx,
+ p, end ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret );
return( ret );
@@ -2340,7 +2527,8 @@
if( ssl_check_server_ecdh_params( ssl ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message (ECDHE curve)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2366,8 +2554,8 @@
*/
if( end - (*p) < 2 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
- "(psk_identity_hint length)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message (psk_identity_hint length)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
len = (*p)[0] << 8 | (*p)[1];
@@ -2375,8 +2563,8 @@
if( end - (*p) < len )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
- "(psk_identity_hint length)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message (psk_identity_hint length)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2419,8 +2607,9 @@
* opaque random[46];
* } PreMasterSecret;
*/
- mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver,
- ssl->conf->transport, p );
+ mbedtls_ssl_write_version( ssl->conf->max_major_ver,
+ ssl->conf->max_minor_ver,
+ ssl->conf->transport, p );
if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 )
{
@@ -2506,20 +2695,22 @@
/*
* Get hash algorithm
*/
- if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE )
+ if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) )
+ == MBEDTLS_MD_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported "
- "HashAlgorithm %d", *(p)[0] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
/*
* Get signature algorithm
*/
- if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE )
+ if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) )
+ == MBEDTLS_PK_NONE )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported "
- "SignatureAlgorithm %d", (*p)[1] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2528,13 +2719,15 @@
*/
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered",
- *(p)[0] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d",
+ (*p)[1] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d",
+ (*p)[0] ) );
*p += 2;
return( 0 );
@@ -2625,8 +2818,10 @@
if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( ret );
}
@@ -2656,8 +2851,10 @@
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -2676,10 +2873,12 @@
goto exit;
}
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must "
- "not be skipped" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "server key exchange message must not be skipped" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -2703,8 +2902,10 @@
if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
} /* FALLTROUGH */
@@ -2726,8 +2927,10 @@
if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
@@ -2743,8 +2946,10 @@
if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
@@ -2762,8 +2967,10 @@
if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
@@ -2779,8 +2986,10 @@
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
@@ -2813,17 +3022,24 @@
if( ssl_parse_signature_algorithm( ssl, &p, end,
&md_alg, &pk_alg ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
- if( pk_alg != mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
+ if( pk_alg !=
+ mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "bad server key exchange message" ) );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
}
@@ -2853,8 +3069,10 @@
if( p > end - 2 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
sig_len = ( p[0] << 8 ) | p[1];
@@ -2863,8 +3081,10 @@
if( p != end - sig_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2924,8 +3144,10 @@
if( !mbedtls_pk_can_do( peer_pk, pk_alg ) )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
}
@@ -2940,8 +3162,10 @@
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS )
#endif
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret );
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS )
@@ -3013,8 +3237,10 @@
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
@@ -3090,8 +3316,9 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
- size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
- | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
+ size_t sig_alg_len =
+ ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 )
+ | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) );
#if defined(MBEDTLS_DEBUG_C)
unsigned char* sig_alg;
size_t i;
@@ -3109,11 +3336,14 @@
* buf[...hdr_len + 3 + n + sig_alg_len],
* which is one less than we need the buf to be.
*/
- if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len )
+ if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl )
+ + 3 + n + sig_alg_len )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR );
return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST );
}
@@ -3121,8 +3351,9 @@
sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n;
for( i = 0; i < sig_alg_len; i += 2 )
{
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d"
- ",%d", sig_alg[i], sig_alg[i + 1] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "Supported Signature Algorithm found: %d,%d",
+ sig_alg[i], sig_alg[i + 1] ) );
}
#endif
@@ -3213,9 +3444,9 @@
header_len = 6;
ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx,
- (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
- &ssl->out_msg[header_len], content_len,
- ssl->conf->f_rng, ssl->conf->p_rng );
+ (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ),
+ &ssl->out_msg[header_len], content_len,
+ ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret );
@@ -3226,10 +3457,10 @@
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx,
- ssl->handshake->premaster,
- MBEDTLS_PREMASTER_SIZE,
- &ssl->handshake->pmslen,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ ssl->handshake->premaster,
+ MBEDTLS_PREMASTER_SIZE,
+ &ssl->handshake->pmslen,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret );
return( ret );
@@ -3379,10 +3610,10 @@
content_len = ssl->handshake->ecrs_n;
#endif
if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx,
- &ssl->handshake->pmslen,
- ssl->handshake->premaster,
- MBEDTLS_MPI_MAX_SIZE,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ &ssl->handshake->pmslen,
+ ssl->handshake->premaster,
+ MBEDTLS_MPI_MAX_SIZE,
+ ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret );
#if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
@@ -3419,8 +3650,8 @@
if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or "
- "SSL buffer too short" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "psk identity too long or SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
@@ -3471,8 +3702,8 @@
if( header_len + 2 + content_len >
MBEDTLS_SSL_OUT_CONTENT_LEN )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long"
- " or SSL buffer too short" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "psk identity or DHM size too long or SSL buffer too short" ) );
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
}
@@ -3530,7 +3761,8 @@
ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 &&
ssl_conf_has_static_raw_psk( ssl->conf ) == 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1,
+ ( "skip PMS generation for opaque PSK" ) );
}
else
#endif /* MBEDTLS_USE_PSA_CRYPTO &&
@@ -3538,7 +3770,8 @@
if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl,
ciphersuite_info->key_exchange ) ) != 0 )
{
- MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret );
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "mbedtls_ssl_psk_derive_premaster", ret );
return( ret );
}
}
@@ -3736,8 +3969,9 @@
* Until we encounter a server that does not, we will take this
* shortcut.
*
- * Reason: Otherwise we should have running hashes for SHA512 and SHA224
- * in order to satisfy 'weird' needs from the server side.
+ * Reason: Otherwise we should have running hashes for SHA512 and
+ * SHA224 in order to satisfy 'weird' needs from the server
+ * side.
*/
if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
{
@@ -3821,8 +4055,10 @@
if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) );
- mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
- MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
+ mbedtls_ssl_send_alert_message(
+ ssl,
+ MBEDTLS_SSL_ALERT_LEVEL_FATAL,
+ MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
}
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 4bf9058..323784c 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -134,8 +134,7 @@
{
unsigned char hmac_out[COOKIE_MD_OUTLEN];
- if( (size_t)( end - *p ) < COOKIE_HMAC_LEN )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN );
if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 ||
mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 ||
@@ -165,8 +164,7 @@
if( ctx == NULL || cli_id == NULL )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
- if( (size_t)( end - *p ) < COOKIE_LEN )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN );
#if defined(MBEDTLS_HAVE_TIME)
t = (unsigned long) mbedtls_time( NULL );
diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c
index 8a76b42..6b50b55 100644
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@@ -35,6 +35,7 @@
#define mbedtls_free free
#endif
+#include "mbedtls/ssl_internal.h"
#include "mbedtls/ssl_ticket.h"
#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
@@ -224,8 +225,7 @@
/* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag,
* in addition to session itself, that will be checked when writing it. */
- if( end - start < TICKET_MIN_LEN )
- return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
+ MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN );
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 30c917b..250ef98 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3686,11 +3686,13 @@
/* If the buffers are too small - reallocate */
{
int modified = 0;
- size_t written_in = 0;
- size_t written_out = 0;
+ size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
+ size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
if( ssl->in_buf != NULL )
{
written_in = ssl->in_msg - ssl->in_buf;
+ iv_offset_in = ssl->in_iv - ssl->in_buf;
+ len_offset_in = ssl->in_len - ssl->in_buf;
if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN )
{
if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN,
@@ -3709,6 +3711,8 @@
if( ssl->out_buf != NULL )
{
written_out = ssl->out_msg - ssl->out_buf;
+ iv_offset_out = ssl->out_iv - ssl->out_buf;
+ len_offset_out = ssl->out_len - ssl->out_buf;
if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN )
{
if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN,
@@ -3728,9 +3732,14 @@
/* Update pointers here to avoid doing it twice. */
mbedtls_ssl_reset_in_out_pointers( ssl );
/* Fields below might not be properly updated with record
- * splitting, so they are manually updated here. */
+ * splitting or with CID, so they are manually updated here. */
ssl->out_msg = ssl->out_buf + written_out;
+ ssl->out_len = ssl->out_buf + len_offset_out;
+ ssl->out_iv = ssl->out_buf + iv_offset_out;
+
ssl->in_msg = ssl->in_buf + written_in;
+ ssl->in_len = ssl->in_buf + len_offset_in;
+ ssl->in_iv = ssl->in_buf + iv_offset_in;
}
}
#endif
@@ -4665,7 +4674,9 @@
cur_len = strlen( *p );
tot_len += cur_len;
- if( cur_len == 0 || cur_len > 255 || tot_len > 65535 )
+ if( ( cur_len == 0 ) ||
+ ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) ||
+ ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) )
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@@ -5960,14 +5971,15 @@
{
int modified = 0;
uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl );
- size_t written_in = 0;
- size_t written_out = 0;
+ size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0;
+ size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0;
if( ssl->in_buf != NULL )
{
written_in = ssl->in_msg - ssl->in_buf;
+ iv_offset_in = ssl->in_iv - ssl->in_buf;
+ len_offset_in = ssl->in_len - ssl->in_buf;
if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len )
{
- written_in = ssl->in_msg - ssl->in_buf;
if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) );
@@ -5985,6 +5997,8 @@
if(ssl->out_buf != NULL )
{
written_out = ssl->out_msg - ssl->out_buf;
+ iv_offset_out = ssl->out_iv - ssl->out_buf;
+ len_offset_out = ssl->out_len - ssl->out_buf;
if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) &&
ssl->out_left < buf_len )
{
@@ -6004,9 +6018,14 @@
/* Update pointers here to avoid doing it twice. */
mbedtls_ssl_reset_in_out_pointers( ssl );
/* Fields below might not be properly updated with record
- * splitting, so they are manually updated here. */
+ * splitting or with CID, so they are manually updated here. */
ssl->out_msg = ssl->out_buf + written_out;
+ ssl->out_len = ssl->out_buf + len_offset_out;
+ ssl->out_iv = ssl->out_buf + iv_offset_out;
+
ssl->in_msg = ssl->in_buf + written_in;
+ ssl->in_len = ssl->in_buf + len_offset_in;
+ ssl->in_iv = ssl->in_buf + iv_offset_in;
}
}
#endif
diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c
index f17c641..b0c1fea 100644
--- a/programs/aes/aescrypt2.c
+++ b/programs/aes/aescrypt2.c
@@ -22,7 +22,7 @@
/* Enable definition of fileno() even when compiling with -std=c99. Must be
* set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
-#define _POSIX_C_SOURCE 1
+#define _POSIX_C_SOURCE 200112L
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 1e03d43..5c70480 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -23,7 +23,7 @@
/* Enable definition of fileno() even when compiling with -std=c99. Must be
* set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
-#define _POSIX_C_SOURCE 1
+#define _POSIX_C_SOURCE 200112L
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c
index f156b7b..97beb0e 100644
--- a/programs/psa/crypto_examples.c
+++ b/programs/psa/crypto_examples.c
@@ -1,3 +1,22 @@
+/*
+ * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
#include "psa/crypto.h"
#include <string.h>
#include <stdio.h>
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 1dbbc81..b633f75 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -30,7 +30,8 @@
* `key_ladder_demo.sh` for an example run.
*/
-/* Copyright (C) 2018, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2018, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh
index 2cec945..fc2ef33 100755
--- a/programs/psa/key_ladder_demo.sh
+++ b/programs/psa/key_ladder_demo.sh
@@ -1,4 +1,22 @@
#!/bin/sh
+#
+# Copyright (C) 2018, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
set -e -u
program="${0%/*}"/key_ladder_demo
diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c
index d8ffd46..964e7b3 100644
--- a/programs/psa/psa_constant_names.c
+++ b/programs/psa/psa_constant_names.c
@@ -1,3 +1,22 @@
+/*
+ * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
#include <errno.h>
#include <stdint.h>
#include <stdio.h>
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 08ff025..b7458cd 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -23,6 +23,7 @@
* be set before config.h, which pulls in glibc's features.h indirectly.
* Harmless on other platforms. */
#define _POSIX_C_SOURCE 200112L
+#define _XOPEN_SOURCE 600
#if !defined(MBEDTLS_CONFIG_FILE)
#include "mbedtls/config.h"
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 5dd1871..3fd065e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3718,7 +3718,7 @@
{
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret );
- goto exit;
+ goto reset;
}
mbedtls_printf( " EAP-TLS key material is:" );
@@ -3739,7 +3739,7 @@
{
mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n",
(unsigned int) -ret );
- goto exit;
+ goto reset;
}
mbedtls_printf( " EAP-TLS IV is:" );
diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh
index 29033d5..cfc269a 100755
--- a/programs/test/udp_proxy_wrapper.sh
+++ b/programs/test/udp_proxy_wrapper.sh
@@ -1,6 +1,23 @@
#!/bin/sh
# -*-sh-basic-offset: 4-*-
# Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...]
+#
+# Copyright (C) 2017, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
set -u
diff --git a/scripts/abi_check.py b/scripts/abi_check.py
index c2aca50..b8fc9b8 100755
--- a/scripts/abi_check.py
+++ b/scripts/abi_check.py
@@ -1,9 +1,5 @@
#!/usr/bin/env python3
"""
-This file is part of Mbed TLS (https://tls.mbed.org)
-
-Copyright (c) 2018, Arm Limited, All Rights Reserved
-
Purpose
This script is a small wrapper around the abi-compliance-checker and
@@ -15,6 +11,23 @@
while running the script. Note: must be run from Mbed TLS root.
"""
+# Copyright (c) 2018, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
import os
import sys
import traceback
diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh
index dfe1177..f270bf4 100755
--- a/scripts/apidoc_full.sh
+++ b/scripts/apidoc_full.sh
@@ -6,6 +6,23 @@
#
# /!\ This must not be a Makefile target, as it would create a race condition
# when multiple targets are invoked in the same parallel build.
+#
+# Copyright (C) 2016, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index cf875c8..88e3a46 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -1,8 +1,21 @@
#!/bin/bash
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh
index 69777a6..1a2a6d1 100755
--- a/scripts/ecc-heap.sh
+++ b/scripts/ecc-heap.sh
@@ -6,6 +6,23 @@
# Usage (preferably on a 32-bit platform):
# cmake -D CMAKE_BUILD_TYPE=Release .
# scripts/ecc-heap.sh | tee ecc-heap.log
+#
+# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index 961a0d6..de7b68f 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -1,8 +1,21 @@
#!/bin/sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl
index 150e10e..f3814f4 100755
--- a/scripts/generate_errors.pl
+++ b/scripts/generate_errors.pl
@@ -4,6 +4,23 @@
#
# Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments,
# or generate_errors.pl include_dir data_dir error_file
+#
+# Copyright (C) 2011-2020, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use strict;
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index 1bd82ca..e60bb88 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -1,5 +1,21 @@
#!/usr/bin/env perl
#
+# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use strict;
diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py
index 175cd9f..3d2e681 100755
--- a/scripts/generate_psa_constants.py
+++ b/scripts/generate_psa_constants.py
@@ -11,6 +11,23 @@
* OUTPUT_FILE_DIR passed: writes to OUTPUT_FILE_DIR/
"""
+# Copyright (C) 2018-2020, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
import os
import re
import sys
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index d94fdad..c9ef838 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -15,6 +15,23 @@
# function by using the template in scripts/data_files/query_config.fmt.
#
# Usage: ./scripts/generate_query_config.pl without arguments
+#
+# Copyright (C) 2018-2019, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use strict;
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 1f67055..d72d19d 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -5,6 +5,23 @@
#
# Must be run from mbedTLS root or scripts directory.
# Takes no argument.
+#
+# Copyright (C) 2013-2020, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use warnings;
use strict;
diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl
index 4e3342a..f5d870f 100755
--- a/scripts/massif_max.pl
+++ b/scripts/massif_max.pl
@@ -1,6 +1,23 @@
#!/usr/bin/env perl
# Parse a massif.out.xxx file and output peak total memory usage
+#
+# Copyright (C) 2014, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use warnings;
use strict;
diff --git a/scripts/memory.sh b/scripts/memory.sh
index c415f92..15693a0 100755
--- a/scripts/memory.sh
+++ b/scripts/memory.sh
@@ -5,6 +5,23 @@
#
# Use different build options for measuring executable size and memory usage,
# since for memory we want debug information.
+#
+# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 3545279..0044a22 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -2,9 +2,22 @@
# output_env.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/scripts/rename.pl b/scripts/rename.pl
index fb42809..1e8dbf4 100755
--- a/scripts/rename.pl
+++ b/scripts/rename.pl
@@ -1,8 +1,21 @@
#!/usr/bin/env perl
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh
index df9450e..1a16540 100755
--- a/scripts/tmp_ignore_makefiles.sh
+++ b/scripts/tmp_ignore_makefiles.sh
@@ -2,6 +2,23 @@
# Temporarily (de)ignore Makefiles generated by CMake to allow easier
# git development
+#
+# Copyright (C) 2014, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
IGNORE=""
diff --git a/tests/.gitignore b/tests/.gitignore
index fbbd0df..d49611c 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -8,4 +8,7 @@
data_files/ctr_drbg_seed
data_files/entropy_seed
-/instrument_record_status.h
+include/test/instrument_record_status.h
+
+src/*.o
+src/libmbed*
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index bd5ed83..39a7a2c 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -46,9 +46,9 @@
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
)
- include_directories(${CMAKE_CURRENT_SOURCE_DIR})
- add_executable(test_suite_${data_name} test_suite_${data_name}.c)
+ add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtests>)
target_link_libraries(test_suite_${data_name} ${libs})
+ target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include)
if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX})
message(STATUS "The test suite ${data_name} will not be executed.")
else()
@@ -66,6 +66,10 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-")
endif(MSVC)
+file(GLOB MBEDTESTS_FILES ${CMAKE_CURRENT_SOURCE_DIR}/src/*.c)
+add_library(mbedtests OBJECT ${MBEDTESTS_FILES})
+target_include_directories(mbedtests PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include)
+
add_test_suite(aes aes.cbc)
add_test_suite(aes aes.cfb)
add_test_suite(aes aes.ecb)
diff --git a/tests/Makefile b/tests/Makefile
index e74bf95..6f3179c 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -6,7 +6,7 @@
WARNING_CFLAGS ?= -Wall -Wextra
LDFLAGS ?=
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -I../library -D_FILE_OFFSET_BITS=64
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I./include -I../include -I../library -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L../library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
@@ -21,9 +21,9 @@
LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L
ifndef SHARED
-DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
+MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
else
-DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
+MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@@ -74,9 +74,16 @@
all: $(BINARIES)
-$(DEP):
+$(MBEDLIBS):
$(MAKE) -C ../library
+MBEDTESTS_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c))
+
+# Rule to compile common test C files in src folder
+src/%.o : src/%.c
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
+
C_FILES := $(addsuffix .c,$(APPS))
# Wildcard target for test code generation:
@@ -105,23 +112,26 @@
-o .
-$(BINARIES): %$(EXEXT): %.c $(DEP)
+$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(MBEDTESTS_OBJS)
echo " CC $<"
- $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(MBEDTESTS_OBJS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
# Some test suites require additional header files.
-$(filter test_suite_psa_crypto%, $(BINARIES)): psa_crypto_helpers.h
+$(filter test_suite_psa_crypto%, $(BINARIES)): include/test/psa_crypto_helpers.h
$(addprefix embedded_,$(filter test_suite_psa_crypto%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_crypto_helpers.h
-$(filter test_suite_psa_%, $(BINARIES)): psa_helpers.h
+$(filter test_suite_psa_%, $(BINARIES)): include/test/psa_helpers.h
$(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_helpers.h
clean:
ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax TESTS
+ rm -f src/*.o src/libmbed*
else
if exist *.c del /Q /F *.c
if exist *.exe del /Q /F *.exe
if exist *.datax del /Q /F *.datax
+ if exist src/*.o del /Q /F src/*.o
+ if exist src/libmbed* del /Q /F src/libmed*
ifneq ($(wildcard TESTS/.*),)
rmdir /Q /S TESTS
endif
@@ -152,7 +162,7 @@
generate-target-tests: $(EMBEDDED_TESTS)
define copy_header_to_target
-TESTS/mbedtls/$(1)/$(2): $(2)
+TESTS/mbedtls/$(1)/$(2): include/test/$(2)
echo " Copy ./$$@"
ifndef WINDOWS
mkdir -p $$(@D)
@@ -163,11 +173,11 @@
endif
endef
-$(foreach app, $(APPS), $(foreach file, $(wildcard *.h), \
+$(foreach app, $(APPS), $(foreach file, $(notdir $(wildcard include/test/*.h)), \
$(eval $(call copy_header_to_target,$(app),$(file)))))
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
-$(BINARIES): instrument_record_status.h
-instrument_record_status.h: ../include/psa/crypto.h Makefile
+$(BINARIES): include/test/instrument_record_status.h
+include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p'
endif
diff --git a/tests/compat.sh b/tests/compat.sh
index 54bc0b7..6aa35d2 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -2,9 +2,22 @@
# compat.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2012-2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/context-info.sh b/tests/context-info.sh
index 78aeb70..344dd4e 100755
--- a/tests/context-info.sh
+++ b/tests/context-info.sh
@@ -2,9 +2,22 @@
# context-info.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2012-2020, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# This program is intended for testing the ssl_context_info program
#
diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh
index 22f3bf5..60813d8 100755
--- a/tests/data_files/dir-maxpath/long.sh
+++ b/tests/data_files/dir-maxpath/long.sh
@@ -1,4 +1,21 @@
#!/bin/sh
+#
+# Copyright (C) 2017, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu
diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl
index d0ec137..4c15be2 100755
--- a/tests/data_files/print_c.pl
+++ b/tests/data_files/print_c.pl
@@ -1,4 +1,22 @@
#!/usr/bin/env perl
+#
+# Copyright (C) 2017, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
use strict;
use warnings;
diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh
index 86edf5a..d3b4629 100755
--- a/tests/git-scripts/pre-push.sh
+++ b/tests/git-scripts/pre-push.sh
@@ -1,9 +1,22 @@
#!/bin/sh
# pre-push.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2017, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
new file mode 100644
index 0000000..36ec8e6
--- /dev/null
+++ b/tests/include/test/helpers.h
@@ -0,0 +1,86 @@
+/**
+ * \file helpers.h
+ *
+ * \brief This file contains the prototypes of helper functions for the
+ * purpose of testing.
+ */
+
+/*
+ * Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef TEST_HELPERS_H
+#define TEST_HELPERS_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_snprintf snprintf
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#define mbedtls_exit exit
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+int mbedtls_test_platform_setup( void );
+void mbedtls_test_platform_teardown( void );
+
+int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf );
+void mbedtls_test_hexify( unsigned char *obuf,
+ const unsigned char *ibuf,
+ int len );
+
+/**
+ * Allocate and zeroize a buffer.
+ *
+ * If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
+ *
+ * For convenience, dies if allocation fails.
+ */
+unsigned char *mbedtls_test_zero_alloc( size_t len );
+
+/**
+ * Allocate and fill a buffer from hex data.
+ *
+ * The buffer is sized exactly as needed. This allows to detect buffer
+ * overruns (including overreads) when running the test suite under valgrind.
+ *
+ * If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
+ *
+ * For convenience, dies if allocation fails.
+ */
+unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen );
+
+int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b,
+ uint32_t a_len, uint32_t b_len );
+
+#endif /* TEST_HELPERS_H */
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
new file mode 100644
index 0000000..aaf13ad
--- /dev/null
+++ b/tests/include/test/macros.h
@@ -0,0 +1,138 @@
+/**
+ * \file macros.h
+ *
+ * \brief This file contains generic macros for the purpose of testing.
+ */
+
+/*
+ * Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef TEST_MACROS_H
+#define TEST_MACROS_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdlib.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#define mbedtls_fprintf fprintf
+#define mbedtls_snprintf snprintf
+#define mbedtls_calloc calloc
+#define mbedtls_free free
+#define mbedtls_exit exit
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif
+
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
+#include "mbedtls/memory_buffer_alloc.h"
+#endif
+
+#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
+{ \
+ mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
+ __FILE__, __LINE__, #a ); \
+ mbedtls_exit( 1 ); \
+}
+
+#if defined(__GNUC__)
+/* Test if arg and &(arg)[0] have the same type. This is true if arg is
+ * an array but not if it's a pointer. */
+#define IS_ARRAY_NOT_POINTER( arg ) \
+ ( ! __builtin_types_compatible_p( __typeof__( arg ), \
+ __typeof__( &( arg )[0] ) ) )
+#else
+/* On platforms where we don't know how to implement this check,
+ * omit it. Oh well, a non-portable check is better than nothing. */
+#define IS_ARRAY_NOT_POINTER( arg ) 1
+#endif
+
+/* A compile-time constant with the value 0. If `const_expr` is not a
+ * compile-time constant with a nonzero value, cause a compile-time error. */
+#define STATIC_ASSERT_EXPR( const_expr ) \
+ ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
+/* Return the scalar value `value` (possibly promoted). This is a compile-time
+ * constant if `value` is. `condition` must be a compile-time constant.
+ * If `condition` is false, arrange to cause a compile-time error. */
+#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
+ ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
+
+#define ARRAY_LENGTH_UNSAFE( array ) \
+ ( sizeof( array ) / sizeof( *( array ) ) )
+/** Return the number of elements of a static or stack array.
+ *
+ * \param array A value of array (not pointer) type.
+ *
+ * \return The number of elements of the array.
+ */
+#define ARRAY_LENGTH( array ) \
+ ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
+ ARRAY_LENGTH_UNSAFE( array ) ) )
+
+/** Return the smaller of two values.
+ *
+ * \param x An integer-valued expression without side effects.
+ * \param y An integer-valued expression without side effects.
+ *
+ * \return The smaller of \p x and \p y.
+ */
+#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) )
+
+/** Return the larger of two values.
+ *
+ * \param x An integer-valued expression without side effects.
+ * \param y An integer-valued expression without side effects.
+ *
+ * \return The larger of \p x and \p y.
+ */
+#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) )
+
+/*
+ * 32-bit integer manipulation macros (big endian)
+ */
+#ifndef GET_UINT32_BE
+#define GET_UINT32_BE(n,b,i) \
+{ \
+ (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
+ | ( (uint32_t) (b)[(i) + 1] << 16 ) \
+ | ( (uint32_t) (b)[(i) + 2] << 8 ) \
+ | ( (uint32_t) (b)[(i) + 3] ); \
+}
+#endif
+
+#ifndef PUT_UINT32_BE
+#define PUT_UINT32_BE(n,b,i) \
+{ \
+ (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
+ (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
+ (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
+ (b)[(i) + 3] = (unsigned char) ( (n) ); \
+}
+#endif
+
+#endif /* TEST_MACROS_H */
diff --git a/tests/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
similarity index 97%
rename from tests/psa_crypto_helpers.h
rename to tests/include/test/psa_crypto_helpers.h
index 19303de..8cd361f 100644
--- a/tests/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -1,7 +1,8 @@
/*
* Helper functions for tests that use the PSA Crypto API.
*/
-/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -22,7 +23,7 @@
#ifndef PSA_CRYPTO_HELPERS_H
#define PSA_CRYPTO_HELPERS_H
-#include "psa_helpers.h"
+#include "test/psa_helpers.h"
#include <psa/crypto.h>
diff --git a/tests/psa_helpers.h b/tests/include/test/psa_helpers.h
similarity index 94%
rename from tests/psa_helpers.h
rename to tests/include/test/psa_helpers.h
index 79f6837..352ae67 100644
--- a/tests/psa_helpers.h
+++ b/tests/include/test/psa_helpers.h
@@ -1,7 +1,8 @@
/*
* Helper functions for tests that use any PSA API.
*/
-/* Copyright (C) 2019, ARM Limited, All Rights Reserved
+/*
+ * Copyright (C) 2019, ARM Limited, All Rights Reserved
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
diff --git a/tests/include/test/random.h b/tests/include/test/random.h
new file mode 100644
index 0000000..e085f16
--- /dev/null
+++ b/tests/include/test/random.h
@@ -0,0 +1,107 @@
+/**
+ * \file random.h
+ *
+ * \brief This file contains the prototypes of helper functions to generate
+ * random numbers for the purpose of testing.
+ */
+
+/*
+ * Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#ifndef TEST_RANDOM_H
+#define TEST_RANDOM_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
+typedef struct
+{
+ unsigned char *buf;
+ size_t length;
+} mbedtls_test_rnd_buf_info;
+
+/**
+ * Info structure for the pseudo random function
+ *
+ * Key should be set at the start to a test-unique value.
+ * Do not forget endianness!
+ * State( v0, v1 ) should be set to zero.
+ */
+typedef struct
+{
+ uint32_t key[16];
+ uint32_t v0, v1;
+} mbedtls_test_rnd_pseudo_info;
+
+/**
+ * This function just returns data from rand().
+ * Although predictable and often similar on multiple
+ * runs, this does not result in identical random on
+ * each run. So do not use this if the results of a
+ * test depend on the random data that is generated.
+ *
+ * rng_state shall be NULL.
+ */
+int mbedtls_test_rnd_std_rand( void *rng_state,
+ unsigned char *output,
+ size_t len );
+
+/**
+ * This function only returns zeros
+ *
+ * rng_state shall be NULL.
+ */
+int mbedtls_test_rnd_zero_rand( void *rng_state,
+ unsigned char *output,
+ size_t len );
+
+/**
+ * This function returns random based on a buffer it receives.
+ *
+ * rng_state shall be a pointer to a rnd_buf_info structure.
+ *
+ * The number of bytes released from the buffer on each call to
+ * the random function is specified by per_call. (Can be between
+ * 1 and 4)
+ *
+ * After the buffer is empty it will return rand();
+ */
+int mbedtls_test_rnd_buffer_rand( void *rng_state,
+ unsigned char *output,
+ size_t len );
+
+/**
+ * This function returns random based on a pseudo random function.
+ * This means the results should be identical on all systems.
+ * Pseudo random is based on the XTEA encryption algorithm to
+ * generate pseudorandom.
+ *
+ * rng_state shall be a pointer to a rnd_pseudo_info structure.
+ */
+int mbedtls_test_rnd_pseudo_rand( void *rng_state,
+ unsigned char *output,
+ size_t len );
+
+#endif /* TEST_RANDOM_H */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index d911d49..e18d91a 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2,9 +2,22 @@
# all.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2014-2017, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
@@ -122,6 +135,14 @@
FORCE=0
KEEP_GOING=0
+ # Seed value used with the --release-test option.
+ #
+ # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
+ # both values are kept in sync. If you change the value here because it
+ # breaks some tests, you'll definitely want to change it in
+ # basic-build-test.sh as well.
+ RELEASE_SEED=1
+
: ${MBEDTLS_TEST_OUTCOME_FILE=}
: ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
export MBEDTLS_TEST_OUTCOME_FILE
@@ -219,7 +240,7 @@
--outcome-file=<path> File where test outcomes are written (not done if
empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
--random-seed Use a random seed value for randomized tests (default).
- -r|--release-test Run this script in release mode. This fixes the seed value to 1.
+ -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
-s|--seed Integer seed value to use for this test run.
Tool path options:
@@ -369,7 +390,7 @@
--outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
--random-seed) unset SEED;;
- --release-test|-r) SEED=1;;
+ --release-test|-r) SEED=$RELEASE_SEED;;
--seed|-s) shift; SEED="$1";;
-*)
echo >&2 "Unknown option: $1"
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 0be8705..83646f3 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -2,9 +2,22 @@
# basic-build-tests.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
@@ -43,6 +56,14 @@
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
+# Used to make ssl-opt.sh deterministic.
+#
+# See also RELEASE_SEED in all.sh. Debugging is easier if both values are kept
+# in sync. If you change the value here because it breaks some tests, you'll
+# definitely want to change it in all.sh as well.
+: ${SEED:=1}
+export SEED
+
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
# we just export the variables they require
export OPENSSL_CMD="$OPENSSL"
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index 4967699..c474654 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -7,6 +7,23 @@
# sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen -
# but that would warn about any undocumented item, while our goal is to find
# items that are documented, but not marked as such by mistake.
+#
+# Copyright (C) 2012-2016, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use warnings;
use strict;
diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py
index 62b526a..1cef2d5 100755
--- a/tests/scripts/check-files.py
+++ b/tests/scripts/check-files.py
@@ -1,7 +1,21 @@
#!/usr/bin/env python3
-# This file is part of Mbed TLS (https://tls.mbed.org)
# Copyright (c) 2018, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
"""
This script checks the current state of the source code for minor issues,
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index f41e465..e39b661 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -1,8 +1,21 @@
#! /usr/bin/env sh
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2018, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh
index dc097ee..e2019cc 100755
--- a/tests/scripts/check-names.sh
+++ b/tests/scripts/check-names.sh
@@ -1,8 +1,21 @@
#!/bin/sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu
diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh
index cd18518..c5597f1 100755
--- a/tests/scripts/check-python-files.sh
+++ b/tests/scripts/check-python-files.sh
@@ -1,8 +1,21 @@
#! /usr/bin/env sh
-# This file is part of Mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2018, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose:
#
diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl
index 8119a46..cd6ea0d 100755
--- a/tests/scripts/curves.pl
+++ b/tests/scripts/curves.pl
@@ -3,6 +3,21 @@
# curves.pl
#
# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl
index 898ae49..08d99ab 100755
--- a/tests/scripts/depends-hashes.pl
+++ b/tests/scripts/depends-hashes.pl
@@ -3,6 +3,21 @@
# depends-hashes.pl
#
# Copyright (c) 2017, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl
index 0cc01f2..1577fee 100755
--- a/tests/scripts/depends-pkalgs.pl
+++ b/tests/scripts/depends-pkalgs.pl
@@ -3,6 +3,21 @@
# depends-pkalgs.pl
#
# Copyright (c) 2017, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
index e7758c9..ed8a9ef 100755
--- a/tests/scripts/doxygen.sh
+++ b/tests/scripts/doxygen.sh
@@ -1,6 +1,23 @@
#!/bin/sh
# Make sure the doxygen documentation builds without warnings
+#
+# Copyright (C) 2016, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
# Abort on errors (and uninitiliased variables)
set -eu
diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl
index 3c074be..715eac3 100755
--- a/tests/scripts/gen_ctr_drbg.pl
+++ b/tests/scripts/gen_ctr_drbg.pl
@@ -3,6 +3,23 @@
# Based on NIST CTR_DRBG.rsp validation file
# Only uses AES-256-CTR cases that use a Derivation function
# and concats nonce and personalization for initialization.
+#
+# Copyright (C) 2011, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use strict;
diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl
index 03809cb..6e4cb1f 100755
--- a/tests/scripts/gen_gcm_decrypt.pl
+++ b/tests/scripts/gen_gcm_decrypt.pl
@@ -2,6 +2,23 @@
#
# Based on NIST gcmDecryptxxx.rsp validation files
# Only first 3 of every set used for compile time saving
+#
+# Copyright (C) 2012-2013, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use strict;
diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl
index 29ec677..c58f3f1 100755
--- a/tests/scripts/gen_gcm_encrypt.pl
+++ b/tests/scripts/gen_gcm_encrypt.pl
@@ -2,6 +2,23 @@
#
# Based on NIST gcmEncryptIntIVxxx.rsp validation files
# Only first 3 of every set used for compile time saving
+#
+# Copyright (C) 2012-2013, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use strict;
diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
index 110cb4b..bbdeb8b 100755
--- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl
+++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl
@@ -1,5 +1,21 @@
#!/usr/bin/env perl
#
+# Copyright (C) 2011-2015, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use strict;
diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index cbc2f59..e3ae015 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -7,6 +7,23 @@
# Usage: generate-afl-tests.sh <test data file path>
# <test data file path> - should be the path to one of the test suite files
# such as 'test_suite_mpi.data'
+#
+# Copyright (C) 2016, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
# Abort on errors
set -e
diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl
index 851de1b..be9567f 100755
--- a/tests/scripts/key-exchanges.pl
+++ b/tests/scripts/key-exchanges.pl
@@ -3,6 +3,21 @@
# key-exchanges.pl
#
# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl
index e59517b..46de303 100755
--- a/tests/scripts/list-enum-consts.pl
+++ b/tests/scripts/list-enum-consts.pl
@@ -1,4 +1,21 @@
#!/usr/bin/env perl
+#
+# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use warnings;
use strict;
diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh
index 24e7404..1284552 100755
--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@@ -5,6 +5,23 @@
# Outputs the line count of the file to stdout.
#
# Usage: list-identifiers.sh [ -i | --internal ]
+#
+# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu
diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh
index 3540b8e..786aef9 100755
--- a/tests/scripts/list-macros.sh
+++ b/tests/scripts/list-macros.sh
@@ -1,4 +1,21 @@
#!/bin/sh
+#
+# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu
diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh
index 1c348a7..f4c20b2 100755
--- a/tests/scripts/list-symbols.sh
+++ b/tests/scripts/list-symbols.sh
@@ -1,4 +1,21 @@
#!/bin/sh
+#
+# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
set -eu
diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py
index e38beea..7673236 100755
--- a/tests/scripts/psa_collect_statuses.py
+++ b/tests/scripts/psa_collect_statuses.py
@@ -12,6 +12,23 @@
only supported with make (as opposed to CMake or other build methods).
"""
+# Copyright (C) 2019, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
import argparse
import os
import subprocess
diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl
index 431e592..6937031 100755
--- a/tests/scripts/recursion.pl
+++ b/tests/scripts/recursion.pl
@@ -7,6 +7,23 @@
# an unbounded way, those functions should use interation instead.
#
# Typical usage: scripts/recursion.pl library/*.c
+#
+# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use warnings;
use strict;
diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl
index d06badd..45823c0 100755
--- a/tests/scripts/run-test-suites.pl
+++ b/tests/scripts/run-test-suites.pl
@@ -2,9 +2,22 @@
# run-test-suites.pl
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2015-2018, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
=head1 SYNOPSIS
diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl
index 11cbf1b..6e576d6 100755
--- a/tests/scripts/tcp_client.pl
+++ b/tests/scripts/tcp_client.pl
@@ -4,6 +4,23 @@
# Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1
# DATA: hex-encoded data to send to the server
# RESPONSE: regexp that must match the server's response
+#
+# Copyright (C) 2017, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
use warnings;
use strict;
diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl
index e33aca7..0e36dd6 100755
--- a/tests/scripts/test-ref-configs.pl
+++ b/tests/scripts/test-ref-configs.pl
@@ -2,9 +2,22 @@
# test-ref-configs.pl
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2013-2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py
index 2c9f058..2d6e382 100755
--- a/tests/scripts/test_psa_constant_names.py
+++ b/tests/scripts/test_psa_constant_names.py
@@ -7,6 +7,23 @@
or 1 (with a Python backtrace) if there was an operational error.
"""
+# Copyright (C) 2018-2020, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
+
import argparse
from collections import namedtuple
import itertools
diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb
index 8164acb..43fde75 100644
--- a/tests/scripts/test_zeroize.gdb
+++ b/tests/scripts/test_zeroize.gdb
@@ -1,8 +1,21 @@
# test_zeroize.gdb
#
-# This file is part of Mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2018, Arm Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh
index 9866ca7..c6de12c 100755
--- a/tests/scripts/travis-log-failure.sh
+++ b/tests/scripts/travis-log-failure.sh
@@ -2,9 +2,22 @@
# travis-log-failure.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
new file mode 100644
index 0000000..08d88a5
--- /dev/null
+++ b/tests/src/helpers.c
@@ -0,0 +1,152 @@
+/*
+ * Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#include <test/helpers.h>
+#include <test/macros.h>
+#include <string.h>
+
+#if defined(MBEDTLS_PLATFORM_C)
+static mbedtls_platform_context platform_ctx;
+#endif
+
+int mbedtls_test_platform_setup( void )
+{
+ int ret = 0;
+#if defined(MBEDTLS_PLATFORM_C)
+ ret = mbedtls_platform_setup( &platform_ctx );
+#endif /* MBEDTLS_PLATFORM_C */
+ return( ret );
+}
+
+void mbedtls_test_platform_teardown( void )
+{
+#if defined(MBEDTLS_PLATFORM_C)
+ mbedtls_platform_teardown( &platform_ctx );
+#endif /* MBEDTLS_PLATFORM_C */
+}
+
+int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf )
+{
+ unsigned char c, c2;
+ int len = strlen( ibuf ) / 2;
+ TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
+
+ while( *ibuf != 0 )
+ {
+ c = *ibuf++;
+ if( c >= '0' && c <= '9' )
+ c -= '0';
+ else if( c >= 'a' && c <= 'f' )
+ c -= 'a' - 10;
+ else if( c >= 'A' && c <= 'F' )
+ c -= 'A' - 10;
+ else
+ TEST_HELPER_ASSERT( 0 );
+
+ c2 = *ibuf++;
+ if( c2 >= '0' && c2 <= '9' )
+ c2 -= '0';
+ else if( c2 >= 'a' && c2 <= 'f' )
+ c2 -= 'a' - 10;
+ else if( c2 >= 'A' && c2 <= 'F' )
+ c2 -= 'A' - 10;
+ else
+ TEST_HELPER_ASSERT( 0 );
+
+ *obuf++ = ( c << 4 ) | c2;
+ }
+
+ return len;
+}
+
+void mbedtls_test_hexify( unsigned char *obuf,
+ const unsigned char *ibuf,
+ int len )
+{
+ unsigned char l, h;
+
+ while( len != 0 )
+ {
+ h = *ibuf / 16;
+ l = *ibuf % 16;
+
+ if( h < 10 )
+ *obuf++ = '0' + h;
+ else
+ *obuf++ = 'a' + h - 10;
+
+ if( l < 10 )
+ *obuf++ = '0' + l;
+ else
+ *obuf++ = 'a' + l - 10;
+
+ ++ibuf;
+ len--;
+ }
+}
+
+unsigned char *mbedtls_test_zero_alloc( size_t len )
+{
+ void *p;
+ size_t actual_len = ( len != 0 ) ? len : 1;
+
+ p = mbedtls_calloc( 1, actual_len );
+ TEST_HELPER_ASSERT( p != NULL );
+
+ memset( p, 0x00, actual_len );
+
+ return( p );
+}
+
+unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen )
+{
+ unsigned char *obuf;
+
+ *olen = strlen( ibuf ) / 2;
+
+ if( *olen == 0 )
+ return( mbedtls_test_zero_alloc( *olen ) );
+
+ obuf = mbedtls_calloc( 1, *olen );
+ TEST_HELPER_ASSERT( obuf != NULL );
+
+ (void) mbedtls_test_unhexify( obuf, ibuf );
+
+ return( obuf );
+}
+
+int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b,
+ uint32_t a_len, uint32_t b_len )
+{
+ int ret = 0;
+ uint32_t i = 0;
+
+ if( a_len != b_len )
+ return( -1 );
+
+ for( i = 0; i < a_len; i++ )
+ {
+ if( a[i] != b[i] )
+ {
+ ret = -1;
+ break;
+ }
+ }
+ return ret;
+}
diff --git a/tests/src/random.c b/tests/src/random.c
new file mode 100644
index 0000000..3345f78
--- /dev/null
+++ b/tests/src/random.c
@@ -0,0 +1,128 @@
+/**
+ * \file random.c
+ *
+ * \brief This file contains the helper functions to generate random numbers
+ * for the purpose of testing.
+ */
+
+/*
+ * Copyright (C) 2020, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+#include <test/macros.h>
+#include <test/random.h>
+#include <string.h>
+
+int mbedtls_test_rnd_std_rand( void *rng_state,
+ unsigned char *output,
+ size_t len )
+{
+#if !defined(__OpenBSD__)
+ size_t i;
+
+ if( rng_state != NULL )
+ rng_state = NULL;
+
+ for( i = 0; i < len; ++i )
+ output[i] = rand();
+#else
+ if( rng_state != NULL )
+ rng_state = NULL;
+
+ arc4random_buf( output, len );
+#endif /* !OpenBSD */
+
+ return( 0 );
+}
+
+int mbedtls_test_rnd_zero_rand( void *rng_state,
+ unsigned char *output,
+ size_t len )
+{
+ if( rng_state != NULL )
+ rng_state = NULL;
+
+ memset( output, 0, len );
+
+ return( 0 );
+}
+
+int mbedtls_test_rnd_buffer_rand( void *rng_state,
+ unsigned char *output,
+ size_t len )
+{
+ mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state;
+ size_t use_len;
+
+ if( rng_state == NULL )
+ return( mbedtls_test_rnd_std_rand( NULL, output, len ) );
+
+ use_len = len;
+ if( len > info->length )
+ use_len = info->length;
+
+ if( use_len )
+ {
+ memcpy( output, info->buf, use_len );
+ info->buf += use_len;
+ info->length -= use_len;
+ }
+
+ if( len - use_len > 0 )
+ return( mbedtls_test_rnd_std_rand( NULL, output + use_len,
+ len - use_len ) );
+
+ return( 0 );
+}
+
+int mbedtls_test_rnd_pseudo_rand( void *rng_state,
+ unsigned char *output,
+ size_t len )
+{
+ mbedtls_test_rnd_pseudo_info *info =
+ (mbedtls_test_rnd_pseudo_info *) rng_state;
+ uint32_t i, *k, sum, delta=0x9E3779B9;
+ unsigned char result[4], *out = output;
+
+ if( rng_state == NULL )
+ return( mbedtls_test_rnd_std_rand( NULL, output, len ) );
+
+ k = info->key;
+
+ while( len > 0 )
+ {
+ size_t use_len = ( len > 4 ) ? 4 : len;
+ sum = 0;
+
+ for( i = 0; i < 32; i++ )
+ {
+ info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) )
+ + info->v1 ) ^ ( sum + k[sum & 3] );
+ sum += delta;
+ info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) )
+ + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] );
+ }
+
+ PUT_UINT32_BE( info->v0, result, 0 );
+ memcpy( out, result, use_len );
+ len -= use_len;
+ out += 4;
+ }
+
+ return( 0 );
+}
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index df3f53b..8d28b63 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2,9 +2,22 @@
# ssl-opt.sh
#
-# This file is part of mbed TLS (https://tls.mbed.org)
-#
# Copyright (c) 2016, ARM Limited, All Rights Reserved
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# This file is part of Mbed TLS (https://tls.mbed.org)
#
# Purpose
#
@@ -2201,6 +2214,32 @@
-c "ignoring unexpected CID" \
-s "ignoring unexpected CID"
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
+ "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
+ "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -s "Reallocating in_buf" \
+ -s "Reallocating out_buf"
+
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
+run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \
+ "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
+ "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \
+ 0 \
+ -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+ -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+ -s "(initial handshake) Use of Connection ID has been negotiated" \
+ -c "(initial handshake) Use of Connection ID has been negotiated" \
+ -s "Reallocating in_buf" \
+ -s "Reallocating out_buf"
+
# Tests for Encrypt-then-MAC extension
run_test "Encrypt then MAC: default" \
@@ -9141,7 +9180,11 @@
-s "exported ivlen is " \
-c "exported maclen is " \
-c "exported keylen is " \
- -c "exported ivlen is "
+ -c "exported ivlen is " \
+ -c "EAP-TLS key material is:"\
+ -s "EAP-TLS key material is:"\
+ -c "EAP-TLS IV is:" \
+ -s "EAP-TLS IV is:"
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index f38502f..a5285a3 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -2,6 +2,10 @@
/*----------------------------------------------------------------------------*/
/* Headers */
+#include <test/macros.h>
+#include <test/helpers.h>
+#include <test/random.h>
+
#include <stdlib.h>
#if defined(MBEDTLS_PLATFORM_C)
@@ -311,65 +315,6 @@
#define TEST_VALID_PARAM( TEST ) \
TEST_ASSERT( ( TEST, 1 ) );
-#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
-{ \
- mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
- __FILE__, __LINE__, #a ); \
- mbedtls_exit( 1 ); \
-}
-
-#if defined(__GNUC__)
-/* Test if arg and &(arg)[0] have the same type. This is true if arg is
- * an array but not if it's a pointer. */
-#define IS_ARRAY_NOT_POINTER( arg ) \
- ( ! __builtin_types_compatible_p( __typeof__( arg ), \
- __typeof__( &( arg )[0] ) ) )
-#else
-/* On platforms where we don't know how to implement this check,
- * omit it. Oh well, a non-portable check is better than nothing. */
-#define IS_ARRAY_NOT_POINTER( arg ) 1
-#endif
-
-/* A compile-time constant with the value 0. If `const_expr` is not a
- * compile-time constant with a nonzero value, cause a compile-time error. */
-#define STATIC_ASSERT_EXPR( const_expr ) \
- ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) )
-/* Return the scalar value `value` (possibly promoted). This is a compile-time
- * constant if `value` is. `condition` must be a compile-time constant.
- * If `condition` is false, arrange to cause a compile-time error. */
-#define STATIC_ASSERT_THEN_RETURN( condition, value ) \
- ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) )
-
-#define ARRAY_LENGTH_UNSAFE( array ) \
- ( sizeof( array ) / sizeof( *( array ) ) )
-/** Return the number of elements of a static or stack array.
- *
- * \param array A value of array (not pointer) type.
- *
- * \return The number of elements of the array.
- */
-#define ARRAY_LENGTH( array ) \
- ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \
- ARRAY_LENGTH_UNSAFE( array ) ) )
-
-/** Return the smaller of two values.
- *
- * \param x An integer-valued expression without side effects.
- * \param y An integer-valued expression without side effects.
- *
- * \return The smaller of \p x and \p y.
- */
-#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) )
-
-/** Return the larger of two values.
- *
- * \param x An integer-valued expression without side effects.
- * \param y An integer-valued expression without side effects.
- *
- * \return The larger of \p x and \p y.
- */
-#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) )
-
/** Allocate memory dynamically and fail the test case if this fails.
*
* You must set \p pointer to \c NULL before calling this macro and
@@ -402,30 +347,6 @@
} \
while( 0 )
-/*
- * 32-bit integer manipulation macros (big endian)
- */
-#ifndef GET_UINT32_BE
-#define GET_UINT32_BE(n,b,i) \
-{ \
- (n) = ( (uint32_t) (b)[(i) ] << 24 ) \
- | ( (uint32_t) (b)[(i) + 1] << 16 ) \
- | ( (uint32_t) (b)[(i) + 2] << 8 ) \
- | ( (uint32_t) (b)[(i) + 3] ); \
-}
-#endif
-
-#ifndef PUT_UINT32_BE
-#define PUT_UINT32_BE(n,b,i) \
-{ \
- (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \
- (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \
- (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \
- (b)[(i) + 3] = (unsigned char) ( (n) ); \
-}
-#endif
-
-
/*----------------------------------------------------------------------------*/
/* Global variables */
@@ -448,10 +369,6 @@
test_info_t;
static test_info_t test_info;
-#if defined(MBEDTLS_PLATFORM_C)
-mbedtls_platform_context platform_ctx;
-#endif
-
#if defined(MBEDTLS_CHECK_PARAMS)
jmp_buf param_fail_jmp;
jmp_buf jmp_tmp;
@@ -504,22 +421,6 @@
test_info.filename = filename;
}
-static int platform_setup()
-{
- int ret = 0;
-#if defined(MBEDTLS_PLATFORM_C)
- ret = mbedtls_platform_setup( &platform_ctx );
-#endif /* MBEDTLS_PLATFORM_C */
- return( ret );
-}
-
-static void platform_teardown()
-{
-#if defined(MBEDTLS_PLATFORM_C)
- mbedtls_platform_teardown( &platform_ctx );
-#endif /* MBEDTLS_PLATFORM_C */
-}
-
#if defined(MBEDTLS_CHECK_PARAMS)
void mbedtls_param_failed( const char *failure_condition,
const char *file,
@@ -586,268 +487,3 @@
fclose( out_stream );
}
#endif /* __unix__ || __APPLE__ __MACH__ */
-
-int unhexify( unsigned char *obuf, const char *ibuf )
-{
- unsigned char c, c2;
- int len = strlen( ibuf ) / 2;
- TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
-
- while( *ibuf != 0 )
- {
- c = *ibuf++;
- if( c >= '0' && c <= '9' )
- c -= '0';
- else if( c >= 'a' && c <= 'f' )
- c -= 'a' - 10;
- else if( c >= 'A' && c <= 'F' )
- c -= 'A' - 10;
- else
- TEST_HELPER_ASSERT( 0 );
-
- c2 = *ibuf++;
- if( c2 >= '0' && c2 <= '9' )
- c2 -= '0';
- else if( c2 >= 'a' && c2 <= 'f' )
- c2 -= 'a' - 10;
- else if( c2 >= 'A' && c2 <= 'F' )
- c2 -= 'A' - 10;
- else
- TEST_HELPER_ASSERT( 0 );
-
- *obuf++ = ( c << 4 ) | c2;
- }
-
- return len;
-}
-
-void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
-{
- unsigned char l, h;
-
- while( len != 0 )
- {
- h = *ibuf / 16;
- l = *ibuf % 16;
-
- if( h < 10 )
- *obuf++ = '0' + h;
- else
- *obuf++ = 'a' + h - 10;
-
- if( l < 10 )
- *obuf++ = '0' + l;
- else
- *obuf++ = 'a' + l - 10;
-
- ++ibuf;
- len--;
- }
-}
-
-/**
- * Allocate and zeroize a buffer.
- *
- * If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
- *
- * For convenience, dies if allocation fails.
- */
-static unsigned char *zero_alloc( size_t len )
-{
- void *p;
- size_t actual_len = ( len != 0 ) ? len : 1;
-
- p = mbedtls_calloc( 1, actual_len );
- TEST_HELPER_ASSERT( p != NULL );
-
- memset( p, 0x00, actual_len );
-
- return( p );
-}
-
-/**
- * Allocate and fill a buffer from hex data.
- *
- * The buffer is sized exactly as needed. This allows to detect buffer
- * overruns (including overreads) when running the test suite under valgrind.
- *
- * If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
- *
- * For convenience, dies if allocation fails.
- */
-unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
-{
- unsigned char *obuf;
-
- *olen = strlen( ibuf ) / 2;
-
- if( *olen == 0 )
- return( zero_alloc( *olen ) );
-
- obuf = mbedtls_calloc( 1, *olen );
- TEST_HELPER_ASSERT( obuf != NULL );
-
- (void) unhexify( obuf, ibuf );
-
- return( obuf );
-}
-
-/**
- * This function just returns data from rand().
- * Although predictable and often similar on multiple
- * runs, this does not result in identical random on
- * each run. So do not use this if the results of a
- * test depend on the random data that is generated.
- *
- * rng_state shall be NULL.
- */
-static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
-{
-#if !defined(__OpenBSD__)
- size_t i;
-
- if( rng_state != NULL )
- rng_state = NULL;
-
- for( i = 0; i < len; ++i )
- output[i] = rand();
-#else
- if( rng_state != NULL )
- rng_state = NULL;
-
- arc4random_buf( output, len );
-#endif /* !OpenBSD */
-
- return( 0 );
-}
-
-/**
- * This function only returns zeros
- *
- * rng_state shall be NULL.
- */
-int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
-{
- if( rng_state != NULL )
- rng_state = NULL;
-
- memset( output, 0, len );
-
- return( 0 );
-}
-
-typedef struct
-{
- unsigned char *buf;
- size_t length;
-} rnd_buf_info;
-
-/**
- * This function returns random based on a buffer it receives.
- *
- * rng_state shall be a pointer to a rnd_buf_info structure.
- *
- * The number of bytes released from the buffer on each call to
- * the random function is specified by per_call. (Can be between
- * 1 and 4)
- *
- * After the buffer is empty it will return rand();
- */
-int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
-{
- rnd_buf_info *info = (rnd_buf_info *) rng_state;
- size_t use_len;
-
- if( rng_state == NULL )
- return( rnd_std_rand( NULL, output, len ) );
-
- use_len = len;
- if( len > info->length )
- use_len = info->length;
-
- if( use_len )
- {
- memcpy( output, info->buf, use_len );
- info->buf += use_len;
- info->length -= use_len;
- }
-
- if( len - use_len > 0 )
- return( rnd_std_rand( NULL, output + use_len, len - use_len ) );
-
- return( 0 );
-}
-
-/**
- * Info structure for the pseudo random function
- *
- * Key should be set at the start to a test-unique value.
- * Do not forget endianness!
- * State( v0, v1 ) should be set to zero.
- */
-typedef struct
-{
- uint32_t key[16];
- uint32_t v0, v1;
-} rnd_pseudo_info;
-
-/**
- * This function returns random based on a pseudo random function.
- * This means the results should be identical on all systems.
- * Pseudo random is based on the XTEA encryption algorithm to
- * generate pseudorandom.
- *
- * rng_state shall be a pointer to a rnd_pseudo_info structure.
- */
-int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
-{
- rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
- uint32_t i, *k, sum, delta=0x9E3779B9;
- unsigned char result[4], *out = output;
-
- if( rng_state == NULL )
- return( rnd_std_rand( NULL, output, len ) );
-
- k = info->key;
-
- while( len > 0 )
- {
- size_t use_len = ( len > 4 ) ? 4 : len;
- sum = 0;
-
- for( i = 0; i < 32; i++ )
- {
- info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) )
- + info->v1 ) ^ ( sum + k[sum & 3] );
- sum += delta;
- info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) )
- + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] );
- }
-
- PUT_UINT32_BE( info->v0, result, 0 );
- memcpy( out, result, use_len );
- len -= use_len;
- out += 4;
- }
-
- return( 0 );
-}
-
-int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len )
-{
- int ret = 0;
- uint32_t i = 0;
-
- if( a_len != b_len )
- return( -1 );
-
- for( i = 0; i < a_len; i++ )
- {
- if( a[i] != b[i] )
- {
- ret = -1;
- break;
- }
- }
- return ret;
-}
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index db65c0f..c57fa07 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -277,7 +277,8 @@
{
if ( verify_string( &val ) == 0 )
{
- *int_params_store = unhexify( (unsigned char *) val, val );
+ *int_params_store = mbedtls_test_unhexify(
+ (unsigned char *) val, val );
*out++ = val;
*out++ = (char *)(int_params_store++);
}
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index ff4cf20..75656a8 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -21,7 +21,7 @@
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
#if !defined(_POSIX_C_SOURCE)
-#define _POSIX_C_SOURCE 1 // for fileno() from <stdio.h>
+#define _POSIX_C_SOURCE 200112L // for fileno() from <stdio.h>
#endif
#endif
@@ -261,7 +261,7 @@
*/
int main( int argc, const char *argv[] )
{
- int ret = platform_setup();
+ int ret = mbedtls_test_platform_setup();
if( ret != 0 )
{
mbedtls_fprintf( stderr,
@@ -271,6 +271,6 @@
}
ret = execute_tests( argc, argv );
- platform_teardown();
+ mbedtls_test_platform_teardown();
return( ret );
}
diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function
index 3d88957..f7a9f04 100644
--- a/tests/suites/target_test.function
+++ b/tests/suites/target_test.function
@@ -75,7 +75,7 @@
c[1] = greentea_getc();
c[2] = '\0';
- TEST_HELPER_ASSERT( unhexify( &byte, c ) != 2 );
+ TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, c ) != 2 );
return( byte );
}
@@ -101,7 +101,7 @@
};
const uint8_t c[9] = { c_be[6], c_be[7], c_be[4], c_be[5], c_be[2],
c_be[3], c_be[0], c_be[1], '\0' };
- TEST_HELPER_ASSERT( unhexify( (uint8_t*)&value, c ) != 8 );
+ TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, c ) != 8 );
return( value );
}
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index da8c1e9..f1be3ce 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -23,7 +23,8 @@
{
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 16, hex_dst_string->len ) == 0 );
}
exit:
@@ -47,7 +48,8 @@
{
TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 16, hex_dst_string->len ) == 0 );
}
exit:
@@ -72,7 +74,9 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
@@ -96,7 +100,9 @@
if( cbc_result == 0)
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
@@ -119,17 +125,18 @@
mbedtls_aes_xts_init( &ctx );
- data_unit = unhexify_alloc( hex_data_unit_string, &data_unit_len );
+ data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string,
+ &data_unit_len );
TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE );
- key = unhexify_alloc( hex_key_string, &key_len );
+ key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len );
TEST_ASSERT( key_len % 2 == 0 );
- src = unhexify_alloc( hex_src_string, &src_len );
- dst = unhexify_alloc( hex_dst_string, &dst_len );
+ src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len );
+ dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len );
TEST_ASSERT( src_len == dst_len );
- output = zero_alloc( dst_len );
+ output = mbedtls_test_zero_alloc( dst_len );
TEST_ASSERT( mbedtls_aes_xts_setkey_enc( &ctx, key, key_len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, src_len,
@@ -162,17 +169,18 @@
mbedtls_aes_xts_init( &ctx );
- data_unit = unhexify_alloc( hex_data_unit_string, &data_unit_len );
+ data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string,
+ &data_unit_len );
TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE );
- key = unhexify_alloc( hex_key_string, &key_len );
+ key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len );
TEST_ASSERT( key_len % 2 == 0 );
- src = unhexify_alloc( hex_src_string, &src_len );
- dst = unhexify_alloc( hex_dst_string, &dst_len );
+ src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len );
+ dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len );
TEST_ASSERT( src_len == dst_len );
- output = zero_alloc( dst_len );
+ output = mbedtls_test_zero_alloc( dst_len );
TEST_ASSERT( mbedtls_aes_xts_setkey_dec( &ctx, key, key_len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_DECRYPT, src_len,
@@ -241,7 +249,8 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 16, hex_dst_string->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -263,7 +272,8 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 16, hex_dst_string->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -284,7 +294,9 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -305,7 +317,9 @@
mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
exit:
mbedtls_aes_free( &ctx );
@@ -340,9 +354,9 @@
TEST_ASSERT( strlen( hex_src_string ) <= ( 64 * 2 ) );
TEST_ASSERT( strlen( hex_dst_string ) <= ( 64 * 2 ) );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- in_buffer_len = unhexify( src_str, hex_src_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ mbedtls_test_unhexify( iv_str, hex_iv_string );
+ in_buffer_len = mbedtls_test_unhexify( src_str, hex_src_string );
TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == 0 );
src_str_next = src_str;
@@ -352,7 +366,7 @@
TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset,
iv_str, src_str_next, output ) == 0 );
- hexify( dst_str, output, fragment_size );
+ mbedtls_test_hexify( dst_str, output, fragment_size );
TEST_ASSERT( strncmp( (char *) dst_str, hex_dst_string,
( 2 * fragment_size ) ) == 0 );
diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function
index ae3b032..9aa4913 100644
--- a/tests/suites/test_suite_arc4.function
+++ b/tests/suites/test_suite_arc4.function
@@ -21,7 +21,9 @@
mbedtls_arc4_setup(&ctx, key_str->x, key_str->len);
TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 );
- TEST_ASSERT( hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
exit:
mbedtls_arc4_free( &ctx );
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index 7e35f15..89de82f 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -222,8 +222,8 @@
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- data_len = unhexify( src_str, hex_src_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ data_len = mbedtls_test_unhexify( src_str, hex_src_string );
TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 )
== setkey_result );
@@ -234,7 +234,7 @@
TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i )
== 0 );
}
- hexify( dst_str, output, data_len );
+ mbedtls_test_hexify( dst_str, output, data_len );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
@@ -261,8 +261,8 @@
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- data_len = unhexify( src_str, hex_src_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ data_len = mbedtls_test_unhexify( src_str, hex_src_string );
TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 )
== setkey_result );
@@ -273,7 +273,7 @@
TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i )
== 0 );
}
- hexify( dst_str, output, data_len );
+ mbedtls_test_hexify( dst_str, output, data_len );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
@@ -303,9 +303,9 @@
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ mbedtls_test_unhexify( iv_str, hex_iv_string );
+ data_len = mbedtls_test_unhexify( src_str, hex_src_string );
mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len,
@@ -313,7 +313,7 @@
== cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, data_len );
+ mbedtls_test_hexify( dst_str, output, data_len );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
@@ -343,9 +343,9 @@
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ mbedtls_test_unhexify( iv_str, hex_iv_string );
+ data_len = mbedtls_test_unhexify( src_str, hex_src_string );
mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 );
TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, data_len,
@@ -353,7 +353,7 @@
== cbc_result );
if( cbc_result == 0 )
{
- hexify( dst_str, output, data_len );
+ mbedtls_test_hexify( dst_str, output, data_len );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
}
@@ -384,16 +384,16 @@
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ mbedtls_test_unhexify( iv_str, hex_iv_string );
+ data_len = mbedtls_test_unhexify( src_str, hex_src_string );
mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT,
data_len, &iv_offset, iv_str,
src_str, output )
== result );
- hexify( dst_str, output, data_len );
+ mbedtls_test_hexify( dst_str, output, data_len );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
@@ -423,16 +423,16 @@
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ mbedtls_test_unhexify( iv_str, hex_iv_string );
+ data_len = mbedtls_test_unhexify( src_str, hex_src_string );
mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT,
data_len, &iv_offset, iv_str,
src_str, output )
== result );
- hexify( dst_str, output, data_len );
+ mbedtls_test_hexify( dst_str, output, data_len );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
@@ -463,15 +463,15 @@
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ mbedtls_test_unhexify( iv_str, hex_iv_string );
+ data_len = mbedtls_test_unhexify( src_str, hex_src_string );
mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str,
blk, src_str, output )
== result );
- hexify( dst_str, output, data_len );
+ mbedtls_test_hexify( dst_str, output, data_len );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
@@ -502,15 +502,15 @@
memset( output, 0x00, sizeof( output ) );
mbedtls_aria_init( &ctx );
- key_len = unhexify( key_str, hex_key_string );
- unhexify( iv_str, hex_iv_string );
- data_len = unhexify( src_str, hex_src_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ mbedtls_test_unhexify( iv_str, hex_iv_string );
+ data_len = mbedtls_test_unhexify( src_str, hex_src_string );
mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 );
TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str,
blk, src_str, output )
== result );
- hexify( dst_str, output, data_len );
+ mbedtls_test_hexify( dst_str, output, data_len );
TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 );
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index 3a8bf43..dc6ec15 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -55,7 +55,7 @@
unsigned char *res = NULL;
size_t len;
- res = zero_alloc( dst_buf_size );
+ res = mbedtls_test_zero_alloc( dst_buf_size );
TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result );
if( result == 0 )
@@ -76,7 +76,7 @@
unsigned char *res = NULL;
size_t len;
- res = zero_alloc( dst_buf_size );
+ res = mbedtls_test_zero_alloc( dst_buf_size );
TEST_ASSERT( mbedtls_base64_decode( res, dst_buf_size, &len, (unsigned char *) src,
strlen( src ) ) == result );
diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function
index 7a93cd1..eb6891c 100644
--- a/tests/suites/test_suite_blowfish.function
+++ b/tests/suites/test_suite_blowfish.function
@@ -181,7 +181,8 @@
{
TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 8, hex_dst_string->len ) == 0 );
}
exit:
@@ -205,7 +206,8 @@
{
TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 8, hex_dst_string->len ) == 0 );
}
exit:
@@ -231,7 +233,9 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
@@ -256,7 +260,9 @@
if( cbc_result == 0)
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
@@ -280,7 +286,9 @@
mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
@@ -303,7 +311,9 @@
mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
@@ -327,7 +337,9 @@
mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
exit:
mbedtls_blowfish_free( &ctx );
diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function
index 9408348..4949feb 100644
--- a/tests/suites/test_suite_camellia.function
+++ b/tests/suites/test_suite_camellia.function
@@ -189,7 +189,8 @@
{
TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 16, hex_dst_string->len ) == 0 );
}
exit:
@@ -213,7 +214,8 @@
{
TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 16, hex_dst_string->len ) == 0 );
}
exit:
@@ -238,7 +240,9 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
@@ -263,7 +267,9 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
@@ -287,7 +293,8 @@
mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 16, hex_dst_string->len ) == 0 );
exit:
mbedtls_camellia_free( &ctx );
@@ -310,7 +317,8 @@
mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 16, hex_dst_string->len ) == 0 );
exit:
mbedtls_camellia_free( &ctx );
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 16f9f8e..01e1a17 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -218,12 +218,14 @@
memset( source_address, 0x00, sizeof( source_address ) );
memset( frame_counter, 0x00, sizeof( frame_counter ) );
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- add_len = unhexify( add, add_hex );
- result_len = unhexify( result, result_hex );
- source_address_len = unhexify( source_address, source_address_hex );
- frame_counter_len = unhexify( frame_counter, frame_counter_hex );
+ key_len = mbedtls_test_unhexify( key, key_hex );
+ msg_len = mbedtls_test_unhexify( msg, msg_hex );
+ add_len = mbedtls_test_unhexify( add, add_hex );
+ result_len = mbedtls_test_unhexify( result, result_hex );
+ source_address_len = mbedtls_test_unhexify( source_address,
+ source_address_hex );
+ frame_counter_len = mbedtls_test_unhexify( frame_counter,
+ frame_counter_hex );
if( sec_level % 4 == 0)
tag_len = 0;
@@ -286,12 +288,14 @@
memset( frame_counter, 0x00, sizeof( frame_counter ) );
memset( tag, 0x00, sizeof( tag ) );
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- add_len = unhexify( add, add_hex );
- result_len = unhexify( result, result_hex );
- source_address_len = unhexify( source_address, source_address_hex );
- frame_counter_len = unhexify( frame_counter, frame_counter_hex );
+ key_len = mbedtls_test_unhexify( key, key_hex );
+ msg_len = mbedtls_test_unhexify( msg, msg_hex );
+ add_len = mbedtls_test_unhexify( add, add_hex );
+ result_len = mbedtls_test_unhexify( result, result_hex );
+ source_address_len = mbedtls_test_unhexify( source_address,
+ source_address_hex );
+ frame_counter_len = mbedtls_test_unhexify( frame_counter,
+ frame_counter_hex );
if( sec_level % 4 == 0)
tag_len = 0;
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 49b389c..48ac975 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -31,10 +31,10 @@
memset( dst_str, 0x00, sizeof( dst_str ) );
memset( output, 0x00, sizeof( output ) );
- key_len = unhexify( key_str, hex_key_string );
- nonce_len = unhexify( nonce_str, hex_nonce_string );
- src_len = unhexify( src_str, hex_src_string );
- dst_len = unhexify( dst_str, hex_dst_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string );
+ src_len = mbedtls_test_unhexify( src_str, hex_src_string );
+ dst_len = mbedtls_test_unhexify( dst_str, hex_dst_string );
TEST_ASSERT( src_len == dst_len );
TEST_ASSERT( key_len == 32U );
@@ -45,7 +45,7 @@
*/
TEST_ASSERT( mbedtls_chacha20_crypt( key_str, nonce_str, counter, src_len, src_str, output ) == 0 );
- hexify( dst_str, output, src_len );
+ mbedtls_test_hexify( dst_str, output, src_len );
TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 );
/*
@@ -60,7 +60,7 @@
memset( output, 0x00, sizeof( output ) );
TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len, src_str, output ) == 0 );
- hexify( dst_str, output, src_len );
+ mbedtls_test_hexify( dst_str, output, src_len );
TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 );
/*
@@ -75,7 +75,7 @@
TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str, output ) == 0 );
TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len - 1, src_str + 1, output + 1 ) == 0 );
- hexify( dst_str, output, src_len );
+ mbedtls_test_hexify( dst_str, output, src_len );
TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 );
mbedtls_chacha20_free( &ctx );
diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function
index 8e56bf6..aeaf1d74 100644
--- a/tests/suites/test_suite_chachapoly.function
+++ b/tests/suites/test_suite_chachapoly.function
@@ -33,12 +33,12 @@
memset( output_str, 0x00, sizeof( output_str ) );
memset( mac_str, 0x00, sizeof( mac_str ) );
- aad_len = unhexify( aad_str, hex_aad_string );
- input_len = unhexify( input_str, hex_input_string );
- output_len = unhexify( output_str, hex_output_string );
- key_len = unhexify( key_str, hex_key_string );
- nonce_len = unhexify( nonce_str, hex_nonce_string );
- mac_len = unhexify( mac_str, hex_mac_string );
+ aad_len = mbedtls_test_unhexify( aad_str, hex_aad_string );
+ input_len = mbedtls_test_unhexify( input_str, hex_input_string );
+ output_len = mbedtls_test_unhexify( output_str, hex_output_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string );
+ mac_len = mbedtls_test_unhexify( mac_str, hex_mac_string );
TEST_ASSERT( key_len == 32 );
TEST_ASSERT( nonce_len == 12 );
@@ -87,12 +87,12 @@
memset( output_str, 0x00, sizeof( output_str ) );
memset( mac_str, 0x00, sizeof( mac_str ) );
- aad_len = unhexify( aad_str, hex_aad_string );
- input_len = unhexify( input_str, hex_input_string );
- output_len = unhexify( output_str, hex_output_string );
- key_len = unhexify( key_str, hex_key_string );
- nonce_len = unhexify( nonce_str, hex_nonce_string );
- mac_len = unhexify( mac_str, hex_mac_string );
+ aad_len = mbedtls_test_unhexify( aad_str, hex_aad_string );
+ input_len = mbedtls_test_unhexify( input_str, hex_input_string );
+ output_len = mbedtls_test_unhexify( output_str, hex_output_string );
+ key_len = mbedtls_test_unhexify( key_str, hex_key_string );
+ nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string );
+ mac_len = mbedtls_test_unhexify( mac_str, hex_mac_string );
TEST_ASSERT( key_len == 32 );
TEST_ASSERT( nonce_len == 12 );
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index 8405f69..8b2956f 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -10,7 +10,7 @@
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
#endif
/* END_HEADER */
@@ -1161,15 +1161,15 @@
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
mbedtls_cipher_info_from_type( cipher_id ) ) );
- key_len = unhexify( key, hex_key );
- inputlen = unhexify( input, hex_input );
- resultlen = unhexify( result, hex_result );
+ key_len = mbedtls_test_unhexify( key, hex_key );
+ inputlen = mbedtls_test_unhexify( input, hex_input );
+ resultlen = mbedtls_test_unhexify( result, hex_result );
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) );
if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode )
TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) );
- iv_len = unhexify( iv, hex_iv );
+ iv_len = mbedtls_test_unhexify( iv, hex_iv );
TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL,
iv_len, input, inputlen,
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 8317c08..5e4cd26 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -316,7 +316,8 @@
mbedtls_ctr_drbg_init( &ctx );
- TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, rnd_std_rand, NULL, NULL, 0 ) == 0 );
+ TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_rnd_std_rand,
+ NULL, NULL, 0 ) == 0 );
TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret );
TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret );
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index b5acb7b..625c87a 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -28,7 +28,8 @@
mbedtls_des_setkey_enc( &ctx, key_str->x );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 8, hex_dst_string->len ) == 0 );
exit:
mbedtls_des_free( &ctx );
@@ -49,7 +50,8 @@
mbedtls_des_setkey_dec( &ctx, key_str->x );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 8, hex_dst_string->len ) == 0 );
exit:
mbedtls_des_free( &ctx );
@@ -73,7 +75,9 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
@@ -98,7 +102,9 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
@@ -126,7 +132,8 @@
TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 8, hex_dst_string->len ) == 0 );
exit:
mbedtls_des3_free( &ctx );
@@ -153,7 +160,8 @@
TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 8, hex_dst_string->len ) == 0 );
exit:
mbedtls_des3_free( &ctx );
@@ -184,7 +192,9 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
@@ -216,7 +226,9 @@
if( cbc_result == 0 )
{
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index 8a05a38..0a5c617 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -36,17 +36,17 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
mbedtls_dhm_make_params( NULL, buflen,
buf, &len,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
mbedtls_dhm_make_params( &ctx, buflen,
NULL, &len,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
mbedtls_dhm_make_params( &ctx, buflen,
buf, NULL,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
mbedtls_dhm_make_params( &ctx, buflen,
@@ -69,12 +69,12 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
mbedtls_dhm_make_public( NULL, buflen,
buf, buflen,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
mbedtls_dhm_make_public( &ctx, buflen,
NULL, buflen,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
mbedtls_dhm_make_public( &ctx, buflen,
@@ -83,16 +83,16 @@
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( NULL, buf, buflen,
- &len, rnd_std_rand,
+ mbedtls_dhm_calc_secret( NULL, buf, buflen, &len,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( &ctx, NULL, buflen,
- &len, rnd_std_rand,
+ mbedtls_dhm_calc_secret( &ctx, NULL, buflen, &len,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA,
- mbedtls_dhm_calc_secret( &ctx, buf, buflen,
- NULL, rnd_std_rand,
+ mbedtls_dhm_calc_secret( &ctx, buf, buflen, NULL,
+ mbedtls_test_rnd_std_rand,
NULL ) );
#if defined(MBEDTLS_ASN1_PARSE_C)
@@ -130,7 +130,7 @@
size_t sec_srv_len;
size_t sec_cli_len;
int x_size, i;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_dhm_init( &ctx_srv );
mbedtls_dhm_init( &ctx_cli );
@@ -138,7 +138,7 @@
memset( pub_cli, 0x00, 1000 );
memset( sec_srv, 0x00, 1000 );
memset( sec_cli, 0x00, 1000 );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
/*
* Set params
@@ -151,7 +151,9 @@
/*
* First key exchange
*/
- TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == result );
+ TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == result );
if ( result != 0 )
goto exit;
@@ -159,10 +161,15 @@
ske[ske_len++] = 0;
TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
- TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ),
+ &sec_srv_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
TEST_ASSERT( sec_srv_len == sec_cli_len );
@@ -173,7 +180,10 @@
for( i = 0; i < 3; i++ )
{
sec_srv_len = 1000;
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv,
+ sizeof( sec_srv ), &sec_srv_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( sec_srv_len == sec_cli_len );
TEST_ASSERT( sec_srv_len != 0 );
@@ -185,15 +195,22 @@
*/
p = ske;
- TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
ske[ske_len++] = 0;
ske[ske_len++] = 0;
TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 );
- TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 );
- TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ),
+ &sec_srv_len,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 );
TEST_ASSERT( sec_srv_len == sec_cli_len );
diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function
index d6bed7f..0caf091 100644
--- a/tests/suites/test_suite_ecdh.function
+++ b/tests/suites/test_suite_ecdh.function
@@ -19,7 +19,7 @@
static int load_private_key( int grp_id, data_t *private_key,
mbedtls_ecp_keypair *ecp,
- rnd_pseudo_info *rnd_info )
+ mbedtls_test_rnd_pseudo_info *rnd_info )
{
int ok = 0;
TEST_ASSERT( mbedtls_ecp_read_key( grp_id, ecp,
@@ -29,7 +29,8 @@
/* Calculate the public key from the private key. */
TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d,
&ecp->grp.G,
- &rnd_pseudo_rand, rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ rnd_info ) == 0 );
ok = 1;
exit:
return( ok );
@@ -72,49 +73,54 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_gen_public( NULL, &m, &P,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_gen_public( &grp, NULL, &P,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_gen_public( &grp, &m, NULL,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_gen_public( &grp, &m, &P,
NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_compute_shared( NULL, &m, &P, &m,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_setup( NULL, valid_grp ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( NULL, &olen,
- buf, buflen,
- rnd_std_rand, NULL ) );
+ mbedtls_ecdh_make_params( NULL, &olen, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, NULL,
- buf, buflen,
- rnd_std_rand, NULL ) );
+ mbedtls_ecdh_make_params( &ctx, NULL, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, &olen,
- NULL, buflen,
- rnd_std_rand, NULL ) );
+ mbedtls_ecdh_make_params( &ctx, &olen, NULL, buflen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_params( &ctx, &olen,
- buf, buflen,
- NULL, NULL ) );
+ mbedtls_ecdh_make_params( &ctx, &olen, buf, buflen, NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_read_params( NULL,
@@ -141,25 +147,19 @@
invalid_side ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( NULL, &olen,
- buf, buflen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecdh_make_public( NULL, &olen, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, NULL,
- buf, buflen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecdh_make_public( &ctx, NULL, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, &olen,
- NULL, buflen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecdh_make_public( &ctx, &olen, NULL, buflen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_make_public( &ctx, &olen,
- buf, buflen,
- NULL,
- NULL ) );
+ mbedtls_ecdh_make_public( &ctx, &olen, buf, buflen, NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdh_read_public( NULL, buf, buflen ) );
@@ -167,17 +167,16 @@
mbedtls_ecdh_read_public( &ctx, NULL, buflen ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen,
+ mbedtls_test_rnd_std_rand, NULL ) );
exit:
return;
@@ -190,22 +189,25 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point qA, qB;
mbedtls_mpi dA, dB, zA, zB;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB );
mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &rnd_pseudo_rand, &rnd_info )
- == 0 );
- TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &rnd_pseudo_rand, &rnd_info )
- == 0 );
+ TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB,
NULL, NULL ) == 0 );
@@ -227,7 +229,7 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point qA, qB;
mbedtls_mpi dA, dB, zA, zB, check;
- rnd_buf_info rnd_info_A, rnd_info_B;
+ mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB );
@@ -269,7 +271,8 @@
}
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
- rnd_buffer_rand, &rnd_info_A ) == 0 );
+ mbedtls_test_rnd_buffer_rand,
+ &rnd_info_A ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
@@ -277,7 +280,8 @@
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 );
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
- rnd_buffer_rand, &rnd_info_B ) == 0 );
+ mbedtls_test_rnd_buffer_rand,
+ &rnd_info_B ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
@@ -305,28 +309,31 @@
unsigned char buf[1000];
const unsigned char *vbuf;
size_t len;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
unsigned char res_buf[1000];
size_t res_len;
mbedtls_ecdh_init( &srv );
mbedtls_ecdh_init( &cli );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 );
memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
memset( buf, 0x00, sizeof( buf ) );
TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000,
NULL, NULL ) == 0 );
TEST_ASSERT( len == res_len );
@@ -351,7 +358,7 @@
size_t z_len;
unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES];
unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES];
- rnd_buf_info rnd_info_A, rnd_info_B;
+ mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B;
int cnt_restart;
mbedtls_ecp_group grp;
@@ -359,13 +366,13 @@
mbedtls_ecdh_init( &srv );
mbedtls_ecdh_init( &cli );
- z_len = unhexify( z, z_str );
+ z_len = mbedtls_test_unhexify( z, z_str );
rnd_info_A.buf = rnd_buf_A;
- rnd_info_A.length = unhexify( rnd_buf_A, dA_str );
+ rnd_info_A.length = mbedtls_test_unhexify( rnd_buf_A, dA_str );
rnd_info_B.buf = rnd_buf_B;
- rnd_info_B.length = unhexify( rnd_buf_B, dB_str );
+ rnd_info_B.length = mbedtls_test_unhexify( rnd_buf_B, dB_str );
/* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure
* in every configuration, therefore we load it separately. */
@@ -393,7 +400,8 @@
cnt_restart = 0;
do {
ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ),
- rnd_buffer_rand, &rnd_info_A );
+ mbedtls_test_rnd_buffer_rand,
+ &rnd_info_A );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 );
@@ -411,7 +419,8 @@
cnt_restart = 0;
do {
ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ),
- rnd_buffer_rand, &rnd_info_B );
+ mbedtls_test_rnd_buffer_rand,
+ &rnd_info_B );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == 0 );
@@ -470,26 +479,29 @@
const unsigned char *vbuf;
size_t len;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecdh_init( &srv );
mbedtls_ecdh_init( &cli );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 );
memset( buf, 0x00, sizeof( buf ) ); vbuf = buf;
TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 );
memset( buf, 0x00, sizeof( buf ) );
TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 );
TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL,
NULL ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 );
@@ -507,14 +519,14 @@
int ours_first,
data_t *expected )
{
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
mbedtls_ecp_keypair their_key;
mbedtls_ecdh_context ecdh;
unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES];
size_t shared_secret_length = 0;
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_ecdh_init( &ecdh );
mbedtls_ecp_keypair_init( &our_key );
mbedtls_ecp_keypair_init( &their_key );
@@ -545,7 +557,7 @@
&ecdh,
&shared_secret_length,
shared_secret, sizeof( shared_secret ),
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( shared_secret_length == expected->len );
TEST_ASSERT( memcmp( expected->x, shared_secret,
shared_secret_length ) == 0 );
@@ -565,12 +577,12 @@
int ours_first,
int expected_ret )
{
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair our_key;
mbedtls_ecp_keypair their_key;
mbedtls_ecdh_context ecdh;
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_ecdh_init( &ecdh );
mbedtls_ecp_keypair_init( &our_key );
mbedtls_ecp_keypair_init( &their_key );
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index 59c1c49..76f72e2 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -31,23 +31,28 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign( NULL, &m, &m, &m,
buf, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign( &grp, NULL, &m, &m,
buf, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign( &grp, &m, NULL, &m,
buf, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign( &grp, &m, &m, NULL,
buf, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign( &grp, &m, &m, &m,
NULL, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign( &grp, &m, &m, &m,
buf, sizeof( buf ),
@@ -58,27 +63,32 @@
mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m,
buf, sizeof( buf ),
valid_md,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m,
buf, sizeof( buf ),
valid_md,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m,
buf, sizeof( buf ),
valid_md,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL,
buf, sizeof( buf ),
valid_md,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m,
NULL, sizeof( buf ),
valid_md,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
@@ -103,62 +113,48 @@
&P, &m, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( NULL,
- valid_md,
- buf, sizeof( buf ),
- buf, &slen,
- rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx,
- valid_md,
- NULL, sizeof( buf ),
- buf, &slen,
- rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx,
- valid_md,
- buf, sizeof( buf ),
- NULL, &slen,
- rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature( &ctx,
- valid_md,
- buf, sizeof( buf ),
- buf, NULL,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ),
+ buf, &slen, mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( NULL,
- valid_md,
- buf, sizeof( buf ),
- buf, &slen,
- rnd_std_rand,
- NULL, NULL ) );
+ mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ),
+ buf, &slen, mbedtls_test_rnd_std_rand,
+ NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx,
- valid_md,
- NULL, sizeof( buf ),
- buf, &slen,
- rnd_std_rand,
- NULL, NULL ) );
+ mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
+ NULL, &slen, mbedtls_test_rnd_std_rand,
+ NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx,
- valid_md,
- buf, sizeof( buf ),
- NULL, &slen,
- rnd_std_rand,
- NULL, NULL ) );
+ mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ),
+ buf, NULL, mbedtls_test_rnd_std_rand,
+ NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecdsa_write_signature_restartable( &ctx,
- valid_md,
- buf, sizeof( buf ),
- buf, NULL,
- rnd_std_rand,
- NULL, NULL ) );
+ mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf,
+ sizeof( buf ), buf, &slen,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL,
+ sizeof( buf ), buf, &slen,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
+ sizeof( buf ), NULL, &slen,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf,
+ sizeof( buf ), buf, NULL,
+ mbedtls_test_rnd_std_rand,
+ NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_read_signature( NULL,
@@ -191,7 +187,8 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_genkey( NULL, valid_group,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecdsa_genkey( &ctx, valid_group,
NULL, NULL ) );
@@ -213,23 +210,26 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
unsigned char buf[MBEDTLS_MD_MAX_SIZE];
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( buf, 0, sizeof( buf ) );
/* prepare material for signature */
- TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 );
+ TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
+ buf, sizeof( buf ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
- == 0 );
+ TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ),
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 );
exit:
@@ -248,7 +248,7 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
mbedtls_mpi d, r, s, r_check, s_check;
- rnd_buf_info rnd_info;
+ mbedtls_test_rnd_buf_info rnd_info;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
@@ -276,7 +276,7 @@
}
TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len,
- rnd_buffer_rand, &rnd_info ) == result );
+ mbedtls_test_rnd_buffer_rand, &rnd_info ) == result );
if ( result == 0)
{
@@ -332,7 +332,8 @@
TEST_ASSERT(
mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen,
- md_alg, rnd_std_rand, NULL )
+ md_alg, mbedtls_test_rnd_std_rand,
+ NULL )
== 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 );
@@ -349,26 +350,30 @@
void ecdsa_write_read_random( int id )
{
mbedtls_ecdsa_context ctx;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
unsigned char hash[32];
unsigned char sig[200];
size_t sig_len, i;
mbedtls_ecdsa_init( &ctx );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( hash, 0, sizeof( hash ) );
memset( sig, 0x2a, sizeof( sig ) );
/* prepare material for signature */
- TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 );
+ TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info,
+ hash, sizeof( hash ) ) == 0 );
/* generate signing key */
- TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
/* generate and write signature, then read and verify it */
TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256,
hash, sizeof( hash ),
- sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ sig, &sig_len, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ),
sig, sig_len ) == 0 );
@@ -420,9 +425,9 @@
mbedtls_ecdsa_init( &ctx );
mbedtls_ecdsa_restart_init( &rs_ctx );
- hash_len = unhexify(hash, h_str);
- sig_len = unhexify(sig, s_str);
- pk_len = unhexify(pk, k_str);
+ hash_len = mbedtls_test_unhexify(hash, h_str);
+ sig_len = mbedtls_test_unhexify(sig, s_str);
+ pk_len = mbedtls_test_unhexify(pk, k_str);
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 );
@@ -494,7 +499,7 @@
TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 );
- slen_check = unhexify( sig_check, sig_str );
+ slen_check = mbedtls_test_unhexify( sig_check, sig_str );
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 38f190d..ab672a8 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -136,54 +136,33 @@
mbedtls_ecjpake_check( NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( NULL,
- buf, len,
- &olen,
- rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx,
- NULL, len,
- &olen,
- rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx,
- buf, len,
- NULL,
- rnd_std_rand,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_one( &ctx,
- buf, len,
- &olen,
- NULL,
- NULL ) );
+ mbedtls_ecjpake_write_round_one( NULL, buf, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( NULL,
- buf, len,
- &olen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecjpake_write_round_one( &ctx, NULL, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx,
- NULL, len,
- &olen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecjpake_write_round_one( &ctx, buf, len, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx,
- buf, len,
- NULL,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecjpake_write_round_one( &ctx, buf, len, &olen, NULL, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_write_round_two( &ctx,
- buf, len,
- &olen,
- NULL,
- NULL ) );
+ mbedtls_ecjpake_write_round_two( NULL, buf, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two( &ctx, NULL, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two( &ctx, buf, len, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) );
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
+ mbedtls_ecjpake_write_round_two( &ctx, buf, len, &olen, NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecjpake_read_round_one( NULL,
@@ -200,29 +179,19 @@
NULL, len ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( NULL,
- buf, len,
- &olen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecjpake_derive_secret( NULL, buf, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx,
- NULL, len,
- &olen,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecjpake_derive_secret( &ctx, NULL, len, &olen,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx,
- buf, len,
- NULL,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecjpake_derive_secret( &ctx, buf, len, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecjpake_derive_secret( &ctx,
- buf, len,
- &olen,
- NULL,
- NULL ) );
+ mbedtls_ecjpake_derive_secret( &ctx, buf, len, &olen, NULL, NULL ) );
exit:
return;
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 6385e77..07b3eea 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -69,12 +69,12 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_gen_privkey( NULL,
&m,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_gen_privkey( &grp,
NULL,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_gen_privkey( &grp,
@@ -222,29 +222,37 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_mul( NULL, &P, &m, &P,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_mul( &grp, NULL, &m, &P,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_mul( &grp, &P, NULL, &P,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_mul( &grp, &P, &m, NULL,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_mul_restartable( NULL, &P, &m, &P,
- rnd_std_rand, NULL , NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL , NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P,
- rnd_std_rand, NULL , NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL , NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P,
- rnd_std_rand, NULL , NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL , NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL,
- rnd_std_rand, NULL , NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL , NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_muladd( NULL, &P, &m, &P,
@@ -300,45 +308,38 @@
mbedtls_ecp_check_privkey( &grp, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( NULL, &P,
- &m, &P,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecp_gen_keypair_base( NULL, &P, &m, &P,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, NULL,
- &m, &P,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecp_gen_keypair_base( &grp, NULL, &m, &P,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P,
- NULL, &P,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecp_gen_keypair_base( &grp, &P, NULL, &P,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P,
- &m, NULL,
- rnd_std_rand,
- NULL ) );
+ mbedtls_ecp_gen_keypair_base( &grp, &P, &m, NULL,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
- mbedtls_ecp_gen_keypair_base( &grp, &P,
- &m, &P,
- NULL,
- NULL ) );
+ mbedtls_ecp_gen_keypair_base( &grp, &P, &m, &P, NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_gen_keypair( NULL,
&m, &P,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_gen_keypair( &grp,
NULL, &P,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_gen_keypair( &grp,
&m, NULL,
- rnd_std_rand,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_gen_keypair( &grp,
@@ -348,7 +349,8 @@
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_gen_key( valid_group, NULL,
- rnd_std_rand, NULL ) );
+ mbedtls_test_rnd_std_rand,
+ NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecp_gen_key( valid_group, &kp,
NULL, NULL ) );
@@ -576,12 +578,12 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point R;
mbedtls_mpi dA, xA, yA, dB, xB, yB, xZ, yZ;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R );
mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); mbedtls_mpi_init( &dB );
mbedtls_mpi_init( &xB ); mbedtls_mpi_init( &yB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
@@ -597,7 +599,7 @@
TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
@@ -611,7 +613,7 @@
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yB ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
@@ -630,13 +632,13 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point R;
mbedtls_mpi dA, xA, dB, xB, xS;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R );
mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA );
mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xB );
mbedtls_mpi_init( &xS );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
@@ -649,12 +651,12 @@
TEST_ASSERT( mbedtls_mpi_read_string( &xS, 16, xS_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R,
- &rnd_pseudo_rand, &rnd_info ) == 0 );
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 );
@@ -683,12 +685,12 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point P, nP, R;
mbedtls_mpi n;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R );
mbedtls_ecp_point_init( &P ); mbedtls_ecp_point_init( &nP );
mbedtls_mpi_init( &n );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
@@ -707,7 +709,7 @@
== 0 );
TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &n, &P,
- &rnd_pseudo_rand, &rnd_info )
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info )
== expected_ret );
if( expected_ret == 0 )
@@ -740,7 +742,8 @@
TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 );
- TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &rnd_zero_rand, NULL )
+ TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G,
+ &mbedtls_test_rnd_zero_rand, NULL )
== MBEDTLS_ERR_ECP_RANDOM_FAILED );
exit:
@@ -806,7 +809,7 @@
if( ret == 0 )
{
- TEST_ASSERT( hexcmp( buf, out->x, olen, out->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 );
}
exit:
@@ -1052,17 +1055,18 @@
mbedtls_ecp_group grp;
mbedtls_ecp_point Q;
mbedtls_mpi d;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &Q );
mbedtls_mpi_init( &d );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
- TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info )
- == 0 );
+ TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &Q ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == 0 );
@@ -1078,12 +1082,14 @@
void mbedtls_ecp_gen_key( int id )
{
mbedtls_ecp_keypair key;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_ecp_keypair_init( &key );
- memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) );
- TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, &rnd_pseudo_rand, &rnd_info ) == 0 );
+ TEST_ASSERT( mbedtls_ecp_gen_key( id, &key,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &key.grp, &key.Q ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_privkey( &key.grp, &key.d ) == 0 );
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 1fcb681..b28d918ba 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -55,8 +55,11 @@
{
TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
- TEST_ASSERT( hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x,
+ tag_len, hex_tag_string->len ) == 0 );
}
exit:
@@ -94,7 +97,9 @@
{
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, pt_result->x,
+ src_str->len,
+ pt_result->len ) == 0 );
}
}
diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function
index 3e87207..47e8ee6 100644
--- a/tests/suites/test_suite_hkdf.function
+++ b/tests/suites/test_suite_hkdf.function
@@ -28,17 +28,20 @@
const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md != NULL );
- ikm_len = unhexify( ikm, hex_ikm_string );
- salt_len = unhexify( salt, hex_salt_string );
- info_len = unhexify( info, hex_info_string );
- okm_len = unhexify( expected_okm, hex_okm_string );
+ ikm_len = mbedtls_test_unhexify( ikm, hex_ikm_string );
+ salt_len = mbedtls_test_unhexify( salt, hex_salt_string );
+ info_len = mbedtls_test_unhexify( info, hex_info_string );
+ okm_len = mbedtls_test_unhexify( expected_okm, hex_okm_string );
ret = mbedtls_hkdf( md, salt, salt_len, ikm, ikm_len, info, info_len, okm,
okm_len);
TEST_ASSERT( ret == 0 );
- // Run hexify on it so that it looks nicer if the assertion fails
- hexify( okm_hex, okm, okm_len );
+ /*
+ * Run mbedtls_test_hexify on it so that it looks nicer if the assertion
+ * fails.
+ */
+ mbedtls_test_hexify( okm_hex, okm, okm_len );
TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) );
}
/* END_CASE */
@@ -60,9 +63,9 @@
output_prk_len = mbedtls_md_get_size( md );
output_prk = mbedtls_calloc( 1, output_prk_len );
- ikm = unhexify_alloc( hex_ikm_string, &ikm_len );
- salt = unhexify_alloc( hex_salt_string, &salt_len );
- prk = unhexify_alloc( hex_prk_string, &prk_len );
+ ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len );
+ salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len );
+ prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
TEST_ASSERT( prk_len == output_prk_len );
ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, output_prk );
@@ -95,9 +98,9 @@
output_okm = mbedtls_calloc( OKM_LEN, 1 );
- prk = unhexify_alloc( hex_prk_string, &prk_len );
- info = unhexify_alloc( hex_info_string, &info_len );
- okm = unhexify_alloc( hex_okm_string, &okm_len );
+ prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len );
+ info = mbedtls_test_unhexify_alloc( hex_info_string, &info_len );
+ okm = mbedtls_test_unhexify_alloc( hex_okm_string, &okm_len );
TEST_ASSERT( prk_len == mbedtls_md_get_size( md ) );
TEST_ASSERT( okm_len < OKM_LEN );
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index b526f43..512eeb8 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -129,8 +129,9 @@
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
- TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, rnd_std_rand, NULL,
- NULL, 0 ) == 0 );
+ TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info,
+ mbedtls_test_rnd_std_rand, NULL,
+ NULL, 0 ) == 0 );
TEST_ASSERT( mbedtls_hmac_drbg_write_seed_file( &ctx, path ) == ret );
TEST_ASSERT( mbedtls_hmac_drbg_update_seed_file( &ctx, path ) == ret );
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 11cf88a..be57829 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -145,7 +145,9 @@
TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ mbedtls_md_get_size( md_info ),
+ hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -167,8 +169,9 @@
TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x,
- mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ mbedtls_md_get_size( md_info ),
+ hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -208,15 +211,18 @@
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x,
- mbedtls_md_get_size( md_info ), hex_hash_string->len) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ mbedtls_md_get_size( md_info ),
+ hex_hash_string->len) == 0 );
/* Test clone */
memset( output, 0x00, 100 );
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ mbedtls_md_get_size( md_info ),
+ hex_hash_string->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -255,14 +261,18 @@
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ mbedtls_md_get_size( md_info ),
+ hex_hash_string->len ) == 0 );
/* Test clone */
memset( output, 0x00, 100 );
TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ mbedtls_md_get_size( md_info ),
+ hex_hash_string->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -289,7 +299,8 @@
TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ trunc_size, hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -321,7 +332,8 @@
TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ trunc_size, hex_hash_string->len ) == 0 );
/* Test again, for reset() */
memset( output, 0x00, 100 );
@@ -331,7 +343,8 @@
TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) );
TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ trunc_size, hex_hash_string->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -355,6 +368,8 @@
TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ mbedtls_md_get_size( md_info ),
+ hex_hash_string->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 02004ef..ed2ae58 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -20,7 +20,9 @@
ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 ) ;
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ sizeof output,
+ hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -39,7 +41,9 @@
ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ sizeof output,
+ hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -58,7 +62,9 @@
ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ sizeof output,
+ hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -77,7 +83,9 @@
ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output );
TEST_ASSERT( ret == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ sizeof output,
+ hex_hash_string->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function
index 43975cb..e54aaff 100644
--- a/tests/suites/test_suite_mpi.function
+++ b/tests/suites/test_suite_mpi.function
@@ -240,7 +240,8 @@
mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
- mbedtls_mpi_fill_random( NULL, 42, rnd_std_rand,
+ mbedtls_mpi_fill_random( NULL, 42,
+ mbedtls_test_rnd_std_rand,
NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA,
mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) );
@@ -373,7 +374,8 @@
if( result == 0)
{
- TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
+ buflen, input_A->len ) == 0 );
}
exit:
@@ -404,7 +406,8 @@
if( result == 0)
{
- TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
+ buflen, input_A->len ) == 0 );
}
exit:
@@ -438,7 +441,8 @@
TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 );
- TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x,
+ buflen, input_A->len ) == 0 );
}
exit:
@@ -1192,7 +1196,7 @@
mbedtls_mpi_init( &X );
TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 );
- res = mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL );
+ res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( res == div_result );
exit:
@@ -1241,7 +1245,8 @@
mbedtls_mpi_init( &X );
- my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, rnd_std_rand, NULL );
+ my_ret = mbedtls_mpi_gen_prime( &X, bits, flags,
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
@@ -1251,14 +1256,16 @@
TEST_ASSERT( actual_bits >= (size_t) bits );
TEST_ASSERT( actual_bits <= (size_t) bits + 1 );
- TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL )
- == 0 );
+ TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
+ mbedtls_test_rnd_std_rand,
+ NULL ) == 0 );
if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH )
{
/* X = ( X - 1 ) / 2 */
TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 );
- TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL )
- == 0 );
+ TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40,
+ mbedtls_test_rnd_std_rand,
+ NULL ) == 0 );
}
}
diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function
index 9c34ea6..827c690 100644
--- a/tests/suites/test_suite_nist_kw.function
+++ b/tests/suites/test_suite_nist_kw.function
@@ -259,9 +259,9 @@
memset( msg, 0x00, sizeof( msg ) );
memset( result, '+', sizeof( result ) );
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- result_len = unhexify( expected_result, result_hex );
+ key_len = mbedtls_test_unhexify( key, key_hex );
+ msg_len = mbedtls_test_unhexify( msg, msg_hex );
+ result_len = mbedtls_test_unhexify( expected_result, result_hex );
output_len = sizeof( result );
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 1 )
@@ -306,9 +306,9 @@
memset( result, '+', sizeof( result ) );
memset( expected_result, 0x00, sizeof( expected_result ) );
- key_len = unhexify( key, key_hex );
- msg_len = unhexify( msg, msg_hex );
- result_len = unhexify( expected_result, result_hex );
+ key_len = mbedtls_test_unhexify( key, key_hex );
+ msg_len = mbedtls_test_unhexify( msg, msg_hex );
+ result_len = mbedtls_test_unhexify( expected_result, result_hex );
output_len = sizeof( result );
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 0 )
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index d88ca54..dbc52e5 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -17,7 +17,7 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "mbedtls/psa_util.h"
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
#define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) )
#else
/* Define empty macros so that we can use them in the preamble and teardown
@@ -27,8 +27,6 @@
#define PSA_DONE( ) ( (void) 0 )
#endif
-static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
-
#define RSA_KEY_SIZE 512
#define RSA_KEY_LEN 64
@@ -51,7 +49,7 @@
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA )
return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ),
- rnd_std_rand, NULL,
+ mbedtls_test_rnd_std_rand, NULL,
parameter, 3 );
#endif
#if defined(MBEDTLS_ECP_C)
@@ -64,8 +62,10 @@
parameter ) ) != 0 )
return( ret );
- return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d,
- &mbedtls_pk_ec( *pk )->Q, rnd_std_rand, NULL );
+ return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp,
+ &mbedtls_pk_ec( *pk )->d,
+ &mbedtls_pk_ec( *pk )->Q,
+ mbedtls_test_rnd_std_rand, NULL );
}
#endif
return( -1 );
@@ -77,8 +77,8 @@
size_t output_max_len )
{
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx,
- rnd_std_rand, NULL, mode, olen,
- input, output, output_max_len ) );
+ mbedtls_test_rnd_std_rand, NULL, mode,
+ olen, input, output, output_max_len ) );
}
int mbedtls_rsa_sign_func( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
@@ -87,8 +87,9 @@
{
((void) f_rng);
((void) p_rng);
- return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode,
- md_alg, hashlen, hash, sig ) );
+ return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx,
+ mbedtls_test_rnd_std_rand, NULL, mode,
+ md_alg, hashlen, hash, sig ) );
}
size_t mbedtls_rsa_key_len_func( void *ctx )
{
@@ -237,7 +238,7 @@
MBEDTLS_MD_NONE,
NULL, 0,
buf, &len,
- rnd_std_rand, NULL,
+ mbedtls_test_rnd_std_rand, NULL,
NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -245,7 +246,7 @@
MBEDTLS_MD_NONE,
NULL, 0,
buf, &len,
- rnd_std_rand, NULL,
+ mbedtls_test_rnd_std_rand, NULL,
NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -253,7 +254,7 @@
MBEDTLS_MD_NONE,
NULL, 0,
buf, &len,
- rnd_std_rand, NULL ) ==
+ mbedtls_test_rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_verify_restartable( &pk,
@@ -279,13 +280,13 @@
TEST_ASSERT( mbedtls_pk_encrypt( &pk,
NULL, 0,
NULL, &len, 0,
- rnd_std_rand, NULL ) ==
+ mbedtls_test_rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_pk_decrypt( &pk,
NULL, 0,
NULL, &len, 0,
- rnd_std_rand, NULL ) ==
+ mbedtls_test_rnd_std_rand, NULL ) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#if defined(MBEDTLS_PK_PARSE_C)
@@ -433,100 +434,71 @@
NULL, sizeof( buf ) ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, &len,
- rnd_std_rand, NULL,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, &len,
- rnd_std_rand, NULL,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk,
- valid_md,
- NULL, 0,
- buf, &len,
- rnd_std_rand, NULL,
- NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign_restartable( &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, &len,
- rnd_std_rand, NULL,
- NULL ) );
+ mbedtls_pk_sign_restartable( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ),
+ buf, &len, mbedtls_test_rnd_std_rand,
+ NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( NULL,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- buf, &len,
- rnd_std_rand, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk,
- MBEDTLS_MD_NONE,
- NULL, sizeof( buf ),
- buf, &len,
- rnd_std_rand, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk,
- valid_md,
- NULL, 0,
- buf, &len,
- rnd_std_rand, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_sign( &pk,
- MBEDTLS_MD_NONE,
- buf, sizeof( buf ),
- NULL, &len,
- rnd_std_rand, NULL ) );
+ mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ),
+ buf, &len, mbedtls_test_rnd_std_rand,
+ NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( NULL,
- buf, sizeof( buf ),
- buf, &len, sizeof( buf ),
- rnd_std_rand, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk,
- NULL, sizeof( buf ),
- buf, &len, sizeof( buf ),
- rnd_std_rand, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk,
- buf, sizeof( buf ),
- NULL, &len, sizeof( buf ),
- rnd_std_rand, NULL ) );
- TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_decrypt( &pk,
- buf, sizeof( buf ),
- buf, NULL, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len,
+ mbedtls_test_rnd_std_rand, NULL, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( NULL,
- buf, sizeof( buf ),
- buf, &len, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ),
+ NULL, &len, mbedtls_test_rnd_std_rand,
+ NULL, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk,
- NULL, sizeof( buf ),
- buf, &len, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_pk_sign( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ),
+ buf, &len, mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk,
- buf, sizeof( buf ),
- NULL, &len, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ),
+ buf, &len, mbedtls_test_rnd_std_rand, NULL ) );
+
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
- mbedtls_pk_encrypt( &pk,
- buf, sizeof( buf ),
- buf, NULL, sizeof( buf ),
- rnd_std_rand, NULL ) );
+ mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len,
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ),
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ),
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ),
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ),
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ),
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ),
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ),
+ mbedtls_test_rnd_std_rand, NULL ) );
+
+ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
+ mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ),
+ mbedtls_test_rnd_std_rand, NULL ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA,
mbedtls_pk_check_pair( NULL, &pk ) );
@@ -843,7 +815,7 @@
TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 );
- slen_check = unhexify( sig_check, sig_str );
+ slen_check = mbedtls_test_unhexify( sig_check, sig_str );
md_info = mbedtls_md_info_from_type( md_alg );
TEST_ASSERT( md_info != NULL );
@@ -947,7 +919,7 @@
TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256,
hash, sizeof hash, sig, &sig_len,
- rnd_std_rand, NULL, rs_ctx ) == sign_ret );
+ mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret );
if( sign_ret == 0 )
TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
else
@@ -970,7 +942,9 @@
}
TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash,
- sig, &sig_len, rnd_std_rand, NULL ) == sign_ret );
+ sig, &sig_len,
+ mbedtls_test_rnd_std_rand,
+ NULL ) == sign_ret );
if( sign_ret == 0 )
TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE );
else
@@ -1007,12 +981,12 @@
data_t * result, int ret )
{
unsigned char output[300];
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_rsa_context *rsa;
mbedtls_pk_context pk;
size_t olen;
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( output, 0, sizeof( output ) );
@@ -1025,8 +999,8 @@
TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 );
TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len,
- output, &olen, sizeof( output ),
- rnd_pseudo_rand, &rnd_info ) == ret );
+ output, &olen, sizeof( output ),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
TEST_ASSERT( olen == result->len );
TEST_ASSERT( memcmp( output, result->x, olen ) == 0 );
@@ -1042,7 +1016,7 @@
char * input_E, data_t * clear, int ret )
{
unsigned char output[256];
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi N, P, Q, E;
mbedtls_rsa_context *rsa;
mbedtls_pk_context pk;
@@ -1052,7 +1026,7 @@
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
/* init pk-rsa context */
@@ -1074,8 +1048,8 @@
memset( output, 0, sizeof( output ) );
olen = 0;
TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len,
- output, &olen, sizeof( output ),
- rnd_pseudo_rand, &rnd_info ) == ret );
+ output, &olen, sizeof( output ),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
if( ret == 0 )
{
TEST_ASSERT( olen == clear->len );
@@ -1095,25 +1069,25 @@
mbedtls_pk_context pk;
unsigned char output[100];
unsigned char input[100];
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
size_t olen = 0;
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
mbedtls_pk_init( &pk );
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
memset( output, 0, sizeof( output ) );
memset( input, 0, sizeof( input ) );
TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 );
TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ),
- output, &olen, sizeof( output ),
- rnd_pseudo_rand, &rnd_info ) == ret );
+ output, &olen, sizeof( output ),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ),
- output, &olen, sizeof( output ),
- rnd_pseudo_rand, &rnd_info ) == ret );
+ output, &olen, sizeof( output ),
+ mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret );
exit:
mbedtls_pk_free( &pk );
@@ -1147,8 +1121,9 @@
TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len,
sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
- TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len,
- rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig,
+ &sig_len, mbedtls_test_rnd_std_rand, NULL )
+ == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
exit:
mbedtls_pk_free( &pk );
@@ -1201,12 +1176,13 @@
/* Test signature */
#if SIZE_MAX > UINT_MAX
- TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX,
- sig, &sig_len, rnd_std_rand, NULL ) ==
- MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+ TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, sig,
+ &sig_len, mbedtls_test_rnd_std_rand, NULL )
+ == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
#endif /* SIZE_MAX > UINT_MAX */
- TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash,
- sig, &sig_len, rnd_std_rand, NULL ) == 0 );
+ TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig,
+ &sig_len, mbedtls_test_rnd_std_rand, NULL )
+ == 0 );
TEST_ASSERT( sig_len == RSA_KEY_LEN );
TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE,
hash, sizeof hash, sig, sig_len ) == 0 );
@@ -1214,17 +1190,17 @@
/* Test decrypt */
TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg,
ciph, &ciph_len, sizeof ciph,
- rnd_std_rand, NULL ) == 0 );
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len,
test, &test_len, sizeof test,
- rnd_std_rand, NULL ) == 0 );
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
TEST_ASSERT( test_len == sizeof msg );
TEST_ASSERT( memcmp( test, msg, test_len ) == 0 );
/* Test forbidden operations */
TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg,
ciph, &ciph_len, sizeof ciph,
- rnd_std_rand, NULL ) == ret );
+ mbedtls_test_rnd_std_rand, NULL ) == ret );
TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE,
hash, sizeof hash, sig, sig_len ) == ret );
TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret );
@@ -1269,7 +1245,7 @@
mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 );
TEST_ASSERT( mbedtls_ecp_gen_key( grpid,
(mbedtls_ecp_keypair*) pk.pk_ctx,
- rnd_std_rand, NULL ) == 0 );
+ mbedtls_test_rnd_std_rand, NULL ) == 0 );
/* Export underlying public key for re-importing in a legacy context. */
ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy,
diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function
index 13fdf58..8a42180 100644
--- a/tests/suites/test_suite_pkcs1_v15.function
+++ b/tests/suites/test_suite_pkcs1_v15.function
@@ -16,7 +16,7 @@
{
unsigned char output[128];
mbedtls_rsa_context ctx;
- rnd_buf_info info;
+ mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, E;
info.buf = rnd_buf->x;
@@ -34,10 +34,16 @@
if( message_str->len == 0 )
message_str->x = NULL;
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
+ &mbedtls_test_rnd_buffer_rand,
+ &info, MBEDTLS_RSA_PUBLIC,
+ message_str->len, message_str->x,
+ output ) == result );
+
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -57,7 +63,7 @@
unsigned char output[128];
mbedtls_rsa_context ctx;
size_t output_len;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi N, P, Q, E;
((void) seed);
@@ -66,7 +72,7 @@
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash );
memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -80,14 +86,25 @@
if( result_hex_str->len == 0 )
{
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info,
+ MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x,
+ NULL, 0 ) == result );
}
else
{
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x,
+ output, 1000 ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ output_len,
+ result_hex_str->len) == 0 );
}
}
@@ -107,7 +124,7 @@
{
size_t expected_plaintext_length = expected_plaintext_length_arg;
size_t output_size = output_size_arg;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi;
mbedtls_rsa_context ctx;
static unsigned char N[128] = {
@@ -173,7 +190,7 @@
unsigned char final[128];
size_t output_length = 0x7EA0;
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi );
mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi );
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
@@ -193,16 +210,15 @@
if( mode == MBEDTLS_RSA_PRIVATE )
TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 );
else
- TEST_ASSERT( mbedtls_rsa_private( &ctx, &rnd_pseudo_rand, &rnd_info,
- original, intermediate ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, original,
+ intermediate ) == 0 );
memcpy( final, default_content, sizeof( final ) );
TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
- &rnd_pseudo_rand, &rnd_info,
- mode,
- &output_length,
- intermediate,
- final,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, mode, &output_length,
+ intermediate, final,
output_size ) == expected_result );
if( expected_result == 0 )
{
@@ -257,7 +273,7 @@
unsigned char output[128];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
- rnd_buf_info info;
+ mbedtls_test_rnd_buf_info info;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
@@ -283,11 +299,14 @@
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
+ &info, MBEDTLS_RSA_PRIVATE, digest,
+ 0, hash_result, output ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 7b8087b..c9e91c8 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -16,7 +16,7 @@
{
unsigned char output[256];
mbedtls_rsa_context ctx;
- rnd_buf_info info;
+ mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, E;
info.buf = rnd_buf->x;
@@ -34,10 +34,15 @@
if( message_str->len == 0 )
message_str->x = NULL;
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
+ &mbedtls_test_rnd_buffer_rand,
+ &info, MBEDTLS_RSA_PUBLIC,
+ message_str->len, message_str->x,
+ output ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -57,7 +62,7 @@
unsigned char output[64];
mbedtls_rsa_context ctx;
size_t output_len;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi N, P, Q, E;
((void) seed);
@@ -67,7 +72,7 @@
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash );
memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -81,19 +86,27 @@
if( result_hex_str->len == 0 )
{
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
- MBEDTLS_RSA_PRIVATE, &output_len,
- message_str->x, NULL, 0 ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info,
+ MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x,
+ NULL, 0 ) == result );
}
else
{
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
- MBEDTLS_RSA_PRIVATE, &output_len,
- message_str->x, output,
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info,
+ MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x,
+ output,
sizeof( output ) ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ output_len,
+ result_hex_str->len ) == 0 );
}
}
@@ -114,7 +127,7 @@
unsigned char hash_result[MBEDTLS_MD_MAX_SIZE];
unsigned char output[256];
mbedtls_rsa_context ctx;
- rnd_buf_info info;
+ mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, P, Q, E;
info.buf = rnd_buf->x;
@@ -141,12 +154,14 @@
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE,
- digest, 0, hash_result, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand,
+ &info, MBEDTLS_RSA_PRIVATE, digest, 0,
+ hash_result, output ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function
index 26f1d33..0b0c937 100644
--- a/tests/suites/test_suite_pkcs5.function
+++ b/tests/suites/test_suite_pkcs5.function
@@ -24,7 +24,8 @@
TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len,
it_cnt, key_len, key ) == 0 );
- TEST_ASSERT( hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x,
+ key_len, result_key_string->len ) == 0 );
exit:
mbedtls_md_free( &ctx );
@@ -43,7 +44,7 @@
params.p = params_hex->x;
params.len = params_hex->len;
- my_out = zero_alloc( ref_out->len );
+ my_out = mbedtls_test_zero_alloc( ref_out->len );
my_ret = mbedtls_pkcs5_pbes2( ¶ms, MBEDTLS_PKCS5_DECRYPT,
pw->x, pw->len, data->x, data->len, my_out );
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 066bb39..eadb992 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -23,15 +23,15 @@
memset( key, 0x00, sizeof( key ) );
memset( mac, 0x00, sizeof( mac ) );
- src_len = unhexify( src_str, hex_src_string );
- unhexify( key, hex_key_string );
+ src_len = mbedtls_test_unhexify( src_str, hex_src_string );
+ mbedtls_test_unhexify( key, hex_key_string );
/*
* Test the integrated API
*/
TEST_ASSERT( mbedtls_poly1305_mac( key, src_str, src_len, mac ) == 0 );
- hexify( mac_str, mac, 16 );
+ mbedtls_test_hexify( mac_str, mac, 16 );
TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
/*
@@ -45,7 +45,7 @@
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
- hexify( mac_str, mac, 16 );
+ mbedtls_test_hexify( mac_str, mac, 16 );
TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
/*
@@ -63,7 +63,7 @@
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
- hexify( mac_str, mac, 16 );
+ mbedtls_test_hexify( mac_str, mac, 16 );
TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
}
@@ -80,7 +80,7 @@
TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 );
- hexify( mac_str, mac, 16 );
+ mbedtls_test_hexify( mac_str, mac, 16 );
TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 );
}
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index bc95f6f..ae4045c 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -9,7 +9,7 @@
* uses mbedtls_ctr_drbg internally. */
#include "mbedtls/ctr_drbg.h"
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
/* Tests that require more than 128kB of RAM plus change have this symbol
* as a dependency. Currently we always define this symbol, so the tests
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index 8538d6d..66c241e 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -4,7 +4,7 @@
#include "mbedtls/entropy.h"
#include "mbedtls/entropy_poll.h"
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
#if defined(MBEDTLS_PSA_ITS_FILE_C)
#include <stdio.h>
#else
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index d50ff5a..6c577c0 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -2,7 +2,7 @@
#include <stdint.h>
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
/* END_HEADER */
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
index 3283ac9..fd4ff21 100644
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
#include <stdint.h>
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
/* Some tests in this module configure entropy sources. */
#include "psa_crypto_invasive.h"
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index e2d87ef..49ce964 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -9,7 +9,7 @@
#include <stdint.h>
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
#include "psa_crypto_storage.h"
#include "mbedtls/md.h"
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index f95f7e5..9f44b88 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
#include "psa/crypto_se_driver.h"
#include "psa_crypto_se.h"
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
index f6acb07..ef50a68 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
@@ -1,5 +1,5 @@
/* BEGIN_HEADER */
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
#include "psa/crypto_se_driver.h"
#include "psa_crypto_se.h"
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index 4c824f7..3a14b12 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -1,7 +1,7 @@
/* BEGIN_HEADER */
#include <stdint.h>
-#include "psa_crypto_helpers.h"
+#include "test/psa_crypto_helpers.h"
#include "psa_crypto_storage.h"
typedef enum
@@ -270,7 +270,7 @@
else
{
TEST_EQUAL( psa_export_key( handle,
- reexported, sizeof( reexported ),
+ NULL, 0,
&reexported_length ),
PSA_ERROR_NOT_PERMITTED );
}
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index 04a735a..b6cc488 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -7,7 +7,7 @@
#include "../library/psa_crypto_its.h"
-#include "psa_helpers.h"
+#include "test/psa_helpers.h"
/* Internal definitions of the implementation, copied for the sake of
* some of the tests and of the cleanup code. */
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 9a3b583..90335db 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -67,7 +67,8 @@
invalid_padding, 0 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
- mbedtls_rsa_gen_key( NULL, rnd_std_rand,
+ mbedtls_rsa_gen_key( NULL,
+ mbedtls_test_rnd_std_rand,
NULL, 0, 0 ) );
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA,
mbedtls_rsa_gen_key( &ctx, NULL,
@@ -476,7 +477,7 @@
unsigned char output[256];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
@@ -484,7 +485,7 @@
memset( hash_result, 0x00, sizeof( hash_result ) );
memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -500,13 +501,14 @@
if( mbedtls_md_info_from_type( digest ) != NULL )
TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
- MBEDTLS_RSA_PRIVATE, digest, 0,
- hash_result, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PRIVATE, digest,
+ 0, hash_result, output ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -560,14 +562,14 @@
unsigned char output[256];
mbedtls_rsa_context ctx;
mbedtls_mpi N, P, Q, E;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_rsa_init( &ctx, padding_mode, 0 );
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E );
memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -580,13 +582,14 @@
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info,
- MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE,
- hash_result->len, hash_result->x,
- output ) == 0 );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PRIVATE,
+ MBEDTLS_MD_NONE, hash_result->len,
+ hash_result->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
#if defined(MBEDTLS_PKCS1_V15)
/* For PKCS#1 v1.5, there is an alternative way to generate signatures */
@@ -596,8 +599,9 @@
memset( output, 0x00, sizeof( output) );
res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx,
- &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE,
- hash_result->len, hash_result->x, output );
+ &mbedtls_test_rnd_pseudo_rand, &rnd_info,
+ MBEDTLS_RSA_PRIVATE, hash_result->len,
+ hash_result->x, output );
#if !defined(MBEDTLS_RSA_ALT)
TEST_ASSERT( res == 0 );
@@ -608,7 +612,9 @@
if( res == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len,
+ result_hex_str->len ) == 0 );
}
}
#endif /* MBEDTLS_PKCS1_V15 */
@@ -690,12 +696,12 @@
{
unsigned char output[256];
mbedtls_rsa_context ctx;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi N, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E );
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_rsa_init( &ctx, padding_mode, 0 );
memset( output, 0x00, sizeof( output ) );
@@ -708,13 +714,16 @@
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info,
- MBEDTLS_RSA_PUBLIC, message_str->len,
- message_str->x, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx,
+ &mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PUBLIC,
+ message_str->len, message_str->x,
+ output ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -746,13 +755,15 @@
TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 );
- TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL,
- MBEDTLS_RSA_PUBLIC, message_str->len,
- message_str->x, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand,
+ NULL, MBEDTLS_RSA_PUBLIC,
+ message_str->len, message_str->x,
+ output ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -772,7 +783,7 @@
unsigned char output[32];
mbedtls_rsa_context ctx;
size_t output_len;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi N, P, Q, E;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
@@ -781,7 +792,7 @@
mbedtls_rsa_init( &ctx, padding_mode, 0 );
memset( output, 0x00, sizeof( output ) );
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
@@ -796,11 +807,16 @@
output_len = 0;
- TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result );
+ TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, MBEDTLS_RSA_PRIVATE,
+ &output_len, message_str->x, output,
+ max_output ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ output_len,
+ result_hex_str->len ) == 0 );
}
exit:
@@ -837,7 +853,8 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
}
/* And now with the copy */
@@ -852,7 +869,8 @@
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len, result_hex_str->len ) == 0 );
}
exit:
@@ -872,7 +890,7 @@
unsigned char output[256];
mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */
mbedtls_mpi N, P, Q, E;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
int i;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P );
@@ -880,7 +898,7 @@
mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 );
mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 );
- memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) );
TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 );
@@ -897,12 +915,15 @@
for( i = 0; i < 3; i++ )
{
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info,
- message_str->x, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, message_str->x,
+ output ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx.len,
+ result_hex_str->len ) == 0 );
}
}
@@ -914,12 +935,15 @@
TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 );
memset( output, 0x00, sizeof( output ) );
- TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info,
- message_str->x, output ) == result );
+ TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand,
+ &rnd_info, message_str->x,
+ output ) == result );
if( result == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
+ ctx2.len,
+ result_hex_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function
index e621f49..6428009 100644
--- a/tests/suites/test_suite_shax.function
+++ b/tests/suites/test_suite_shax.function
@@ -61,7 +61,8 @@
TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ 20, hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -131,7 +132,8 @@
TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ 28, hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -145,7 +147,8 @@
TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ 32, hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -215,7 +218,8 @@
TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ 48, hex_hash_string->len ) == 0 );
}
/* END_CASE */
@@ -229,7 +233,8 @@
TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x,
+ 64, hex_hash_string->len ) == 0 );
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 9d16a57..5cf6e8b 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1179,14 +1179,15 @@
size_t keylen, maclen, ivlen;
unsigned char *key0 = NULL, *key1 = NULL;
+ unsigned char *md0 = NULL, *md1 = NULL;
unsigned char iv_enc[16], iv_dec[16];
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
unsigned char cid0[ SSL_CID_LEN_MIN ];
unsigned char cid1[ SSL_CID_LEN_MIN ];
- rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
- rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
+ mbedtls_test_rnd_std_rand( NULL, cid0, sizeof( cid0 ) );
+ mbedtls_test_rnd_std_rand( NULL, cid1, sizeof( cid1 ) );
#else
((void) cid0_len);
((void) cid1_len);
@@ -1245,7 +1246,6 @@
cipher_info->mode == MBEDTLS_MODE_STREAM )
{
mbedtls_md_info_t const *md_info;
- unsigned char *md0, *md1;
/* Pick hash */
md_info = mbedtls_md_info_from_type( hash_id );
@@ -1283,9 +1283,6 @@
memcpy( &t_out->mac_dec, md0, maclen );
}
#endif
-
- mbedtls_free( md0 );
- mbedtls_free( md1 );
}
#else
((void) hash_id);
@@ -1417,6 +1414,9 @@
mbedtls_free( key0 );
mbedtls_free( key1 );
+ mbedtls_free( md0 );
+ mbedtls_free( md1 );
+
return( ret );
}
@@ -3232,7 +3232,7 @@
/* Encrypt record */
ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
- rnd_std_rand, NULL );
+ mbedtls_test_rnd_std_rand, NULL );
TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
if( ret != 0 )
{
@@ -3386,7 +3386,8 @@
rec_backup = rec;
/* Encrypt record */
- ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL );
+ ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec,
+ mbedtls_test_rnd_std_rand, NULL );
if( ( mode == 1 || mode == 2 ) && seen_success )
{
@@ -3471,7 +3472,7 @@
if( exp_ret == 0 )
{
- TEST_ASSERT( hexcmp( output, result_hex_str->x,
+ TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x,
result_hex_str->len, result_hex_str->len ) == 0 );
}
exit:
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 0db2b0e..be9e0ae 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -94,9 +94,9 @@
int der_len = -1;
FILE *f;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
@@ -111,7 +111,7 @@
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
- rnd_pseudo_rand, &rnd_info );
+ mbedtls_test_rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf );
@@ -125,14 +125,15 @@
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
- rnd_pseudo_rand, &rnd_info );
+ mbedtls_test_rnd_pseudo_rand,
+ &rnd_info );
TEST_ASSERT( der_len >= 0 );
if( der_len == 0 )
goto exit;
ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
- rnd_pseudo_rand, &rnd_info );
+ mbedtls_test_rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
exit:
@@ -153,10 +154,10 @@
int ret;
size_t pem_len = 0;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
psa_crypto_init();
- memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
@@ -175,7 +176,8 @@
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1,
- rnd_pseudo_rand, &rnd_info );
+ mbedtls_test_rnd_pseudo_rand, &rnd_info );
+
TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf );
@@ -208,9 +210,9 @@
size_t olen = 0, pem_len = 0;
int der_len = -1;
FILE *f;
- rnd_pseudo_info rnd_info;
+ mbedtls_test_rnd_pseudo_info rnd_info;
- memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
+ memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) );
mbedtls_mpi_init( &serial );
mbedtls_pk_init( &subject_key );
@@ -269,7 +271,7 @@
}
ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),
- rnd_pseudo_rand, &rnd_info );
+ mbedtls_test_rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf );
@@ -284,14 +286,15 @@
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
- rnd_pseudo_rand, &rnd_info );
+ mbedtls_test_rnd_pseudo_rand,
+ &rnd_info );
TEST_ASSERT( der_len >= 0 );
if( der_len == 0 )
goto exit;
ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
- rnd_pseudo_rand, &rnd_info );
+ mbedtls_test_rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
exit:
diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function
index a24a420..f286e67 100644
--- a/tests/suites/test_suite_xtea.function
+++ b/tests/suites/test_suite_xtea.function
@@ -20,7 +20,8 @@
mbedtls_xtea_setup( &ctx, key_str->x );
TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 8, hex_dst_string->len ) == 0 );
}
/* END_CASE */
@@ -37,7 +38,8 @@
mbedtls_xtea_setup( &ctx, key_str->x );
TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ 8, hex_dst_string->len ) == 0 );
}
/* END_CASE */
@@ -55,7 +57,9 @@
TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x,
src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
/* END_CASE */
@@ -73,7 +77,9 @@
TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x,
src_str->x, output ) == 0 );
- TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x,
+ src_str->len,
+ hex_dst_string->len ) == 0 );
}
/* END_CASE */