From 502d4b45102a0665aa0b769c41ad1c7bdb96478e Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Sat, 25 Apr 2020 14:41:25 +0200 Subject: [PATCH 01/87] New mbedtls_x509_crt_parse_der_ext() routine This routine is functionally equivalent to mbedtls_x509_crt_parse_der(), but it accepts an additional callback function which it calls with every unsupported certificate extension. Proposed solution to https://github.com/ARMmbed/mbedtls/issues/3241 Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 56 ++++++++++++++++++++++++++++++++++++++ library/x509_crt.c | 30 +++++++++++++++----- 2 files changed, 79 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index e4fb13543..19de1e968 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -303,6 +303,62 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ); +/** + * \brief The type of certificate extension callbacks. + * + * Callbacks of this type are passed to and used by the + * mbedtls_x509_crt_parse_der_ext() routine when it encounters + * an unsupported extension. + * + * \param crt Pointer to the certificate being parsed + * \param oid Extension's OID + * \param critical If the extension is critical (per the RFC's definition) + * \param p On entry \c *p points to the start of the extension ASN.1 + * data. On successful completion \c *p must point to the + * first byte after it. + * On error, the value of \c *p is undefined. + * \param end End of extension data. + * + * \note The callback must fail and return a negative error code if + * it can not parse or does not support the extension. + * + * \return \c 0 on success. + * \return A negative error code on failure. + */ +typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, + mbedtls_x509_buf const *oid, + int critical, + unsigned char **p, + const unsigned char *end ); + +/** + * \brief Parse a single DER formatted certificate and add it + * to the end of the provided chained list. + * + * \param chain The pointer to the start of the CRT chain to attach to. + * When parsing the first CRT in a chain, this should point + * to an instance of ::mbedtls_x509_crt initialized through + * mbedtls_x509_crt_init(). + * \param buf The buffer holding the DER encoded certificate. + * \param buflen The size in Bytes of \p buf. + * \param cb A callback invoked for every unsupported certificate + * extension. + * + * \note This call is functionally equivalent to + * mbedtls_x509_crt_parse_der(), but it calls the callback + * with every unsupported certificate extension. + * The callback must return a negative error code if it + * does not know how to handle such an extension. + * + * \return \c 0 if successful. + * \return A negative error code on failure. + */ +int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb + ); + /** * \brief Parse a single DER formatted certificate and add it * to the end of the provided chained list. This is a diff --git a/library/x509_crt.c b/library/x509_crt.c index 1e62ed5b0..9076b321b 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -892,7 +892,8 @@ static int x509_get_certificate_policies( unsigned char **p, */ static int x509_get_crt_ext( unsigned char **p, const unsigned char *end, - mbedtls_x509_crt *crt ) + mbedtls_x509_crt *crt, + mbedtls_x509_crt_ext_cb_t cb ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -955,6 +956,10 @@ static int x509_get_crt_ext( unsigned char **p, if( ret != 0 ) { + /* Give the callback (if any) a chance to handle the extension */ + if (cb && cb(crt, &extn_oid, is_critical, p, end_ext_octet) == 0) + continue; + /* No parser found, skip extension */ *p = end_ext_octet; @@ -1061,7 +1066,8 @@ static int x509_get_crt_ext( unsigned char **p, static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf, size_t buflen, - int make_copy ) + int make_copy, + mbedtls_x509_crt_ext_cb_t cb ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -1260,7 +1266,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, if( crt->version == 3 ) #endif { - ret = x509_get_crt_ext( &p, end, crt ); + ret = x509_get_crt_ext( &p, end, crt, cb ); if( ret != 0 ) { mbedtls_x509_crt_free( crt ); @@ -1323,7 +1329,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, - int make_copy ) + int make_copy, + mbedtls_x509_crt_ext_cb_t cb ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *crt = chain, *prev = NULL; @@ -1355,7 +1362,8 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, crt = crt->next; } - if( ( ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy ) ) != 0 ) + ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb ); + if( ret != 0 ) { if( prev ) prev->next = NULL; @@ -1373,14 +1381,22 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0 ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL ) ); +} + +int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb ) +{ + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, cb ) ); } int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1 ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL ) ); } /* From b2fff6d7ed40d040e867b27167543f0d925060f0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 8 May 2017 11:06:19 +0100 Subject: [PATCH 02/87] Shorten lines in library/ssl_cli.c to at most 80 characters Signed-off-by: Ronald Cron --- library/ssl_cli.c | 525 +++++++++++++++++++++++++++++----------------- 1 file changed, 335 insertions(+), 190 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 553e2b6a3..80c8ee8e3 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -108,8 +108,9 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, if( ssl->hostname == NULL ) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s", - ssl->hostname ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding server name extension: %s", + ssl->hostname ) ); hostname_len = strlen( ssl->hostname ); @@ -180,7 +181,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding renegotiation extension" ) ); if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len ) { @@ -191,8 +193,10 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, /* * Secure renegotiation */ - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_RENEGOTIATION_INFO ) + & 0xFF ); *p++ = 0x00; *p++ = ( ssl->verify_data_len + 1 ) & 0xFF; @@ -226,7 +230,8 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding signature_algorithms extension" ) ); for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) { @@ -311,12 +316,17 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding supported_elliptic_curves extension" ) ); #if defined(MBEDTLS_ECP_C) - for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) + for( grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++ ) #else - for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) + for( info = mbedtls_ecp_curve_list(); + info->grp_id != MBEDTLS_ECP_DP_NONE; + info++ ) #endif { #if defined(MBEDTLS_ECP_C) @@ -324,7 +334,8 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, #endif if( info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "invalid curve in ssl configuration" ) ); return; } @@ -340,9 +351,13 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, elliptic_curve_len = 0; #if defined(MBEDTLS_ECP_C) - for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) + for( grp_id = ssl->conf->curve_list; + *grp_id != MBEDTLS_ECP_DP_NONE; + grp_id++ ) #else - for( info = mbedtls_ecp_curve_list(); info->grp_id != MBEDTLS_ECP_DP_NONE; info++ ) + for( info = mbedtls_ecp_curve_list(); + info->grp_id != MBEDTLS_ECP_DP_NONE; + info++ ) #endif { #if defined(MBEDTLS_ECP_C) @@ -355,8 +370,10 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, if( elliptic_curve_len == 0 ) return; - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) + & 0xFF ); *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ( elliptic_curve_len + 2 ) ) & 0xFF ); @@ -376,7 +393,8 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *olen = 0; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding supported_point_formats extension" ) ); if( end < p || (size_t)( end - p ) < 6 ) { @@ -384,8 +402,10 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS ) + & 0xFF ); *p++ = 0x00; *p++ = 2; @@ -414,7 +434,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) return; - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding ecjpake_kkpp extension" ) ); if( end - p < 4 ) { @@ -440,7 +461,8 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); + MBEDTLS_SSL_DEBUG_RET( 1 , + "mbedtls_ecjpake_write_round_one", ret ); return; } @@ -538,7 +560,8 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding max_fragment_length extension" ) ); if( end < p || (size_t)( end - p ) < 5 ) { @@ -546,8 +569,10 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH ) + & 0xFF ); *p++ = 0x00; *p++ = 1; @@ -572,7 +597,8 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding truncated_hmac extension" ) ); if( end < p || (size_t)( end - p ) < 4 ) { @@ -605,8 +631,8 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac " - "extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding encrypt_then_mac extension" ) ); if( end < p || (size_t)( end - p ) < 4 ) { @@ -639,8 +665,8 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret " - "extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding extended_master_secret extension" ) ); if( end < p || (size_t)( end - p ) < 4 ) { @@ -648,8 +674,10 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, return; } - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) + & 0xFF ); + *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET ) + & 0xFF ); *p++ = 0x00; *p++ = 0x00; @@ -673,7 +701,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, adding session ticket extension" ) ); if( end < p || (size_t)( end - p ) < 4 + tlen ) { @@ -694,7 +723,8 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, return; } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "sending session ticket of length %d", tlen ) ); memcpy( p, ssl->session_negotiate->ticket, tlen ); @@ -815,9 +845,10 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) * * \return 0 if valid, else 1 */ -static int ssl_validate_ciphersuite( const mbedtls_ssl_ciphersuite_t * suite_info, - const mbedtls_ssl_context * ssl, - int min_minor_ver, int max_minor_ver ) +static int ssl_validate_ciphersuite( + const mbedtls_ssl_ciphersuite_t * suite_info, + const mbedtls_ssl_context * ssl, + int min_minor_ver, int max_minor_ver ) { (void) ssl; if( suite_info == NULL ) @@ -889,8 +920,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->max_major_ver == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "configured max major version is invalid, " - "consider using mbedtls_ssl_config_defaults()" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "configured max major version is invalid, consider using mbedtls_ssl_config_defaults()" ) ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } @@ -904,8 +935,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) buf = ssl->out_msg; p = buf + 4; - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version( ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p ); p += 2; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, max version: [%d:%d]", @@ -956,7 +988,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->session_negotiate->ticket != NULL && ssl->session_negotiate->ticket_len != 0 ) { - ret = ssl->conf->f_rng( ssl->conf->p_rng, ssl->session_negotiate->id, 32 ); + ret = ssl->conf->f_rng( ssl->conf->p_rng, + ssl->session_negotiate->id, 32 ); if( ret != 0 ) return( ret ); @@ -1031,7 +1064,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) *p++ = (unsigned char)( ciphersuites[i] ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "client hello, got %d ciphersuites (excluding SCSVs)", n ) ); /* * Add TLS_EMPTY_RENEGOTIATION_INFO_SCSV @@ -1081,7 +1115,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress len.: %d", 2 ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d %d", - MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) ); + MBEDTLS_SSL_COMPRESS_DEFLATE, + MBEDTLS_SSL_COMPRESS_NULL ) ); *p++ = 2; *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE; @@ -1229,8 +1264,10 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, ssl->peer_verify_data, ssl->verify_data_len ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } } @@ -1239,9 +1276,12 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, { if( len != 1 || buf[0] != 0x00 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-zero length renegotiation info" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( + 1, ( "non-zero length renegotiation info" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1264,9 +1304,12 @@ static int ssl_parse_max_fragment_length_ext( mbedtls_ssl_context *ssl, len != 1 || buf[0] != ssl->conf->mfl_code ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching max fragment length extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching max fragment length extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1282,9 +1325,12 @@ static int ssl_parse_truncated_hmac_ext( mbedtls_ssl_context *ssl, if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching truncated HMAC extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching truncated HMAC extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1361,9 +1407,12 @@ static int ssl_parse_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching encrypt-then-MAC extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching encrypt-then-MAC extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1384,9 +1433,12 @@ static int ssl_parse_extended_ms_ext( mbedtls_ssl_context *ssl, ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching extended master secret extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching extended master secret extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1406,9 +1458,12 @@ static int ssl_parse_session_ticket_ext( mbedtls_ssl_context *ssl, if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED || len != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching session ticket extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-matching session ticket extension" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1489,8 +1544,10 @@ static int ssl_parse_ecjpake_kkpp( mbedtls_ssl_context *ssl, buf, len ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_one", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( ret ); } @@ -1509,8 +1566,10 @@ static int ssl_parse_alpn_ext( mbedtls_ssl_context *ssl, if( ssl->conf->alpn_list == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-matching ALPN extension" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1690,12 +1749,13 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->renego_max_records >= 0 && ssl->renego_records_seen > ssl->conf->renego_max_records ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation requested, " - "but not honored by server" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "renegotiation requested, but not honored by server" ) ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "non-handshake message during renego" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-handshake message during renegotiation" ) ); ssl->keep_current_message = 1; return( MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO ); @@ -1703,8 +1763,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_RENEGOTIATION */ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -1758,11 +1820,13 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->major_ver > ssl->conf->max_major_ver || ssl->minor_ver > ssl->conf->max_minor_ver ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server version out of bounds - " - " min: [%d:%d], server: [%d:%d], max: [%d:%d]", - ssl->conf->min_major_ver, ssl->conf->min_minor_ver, - ssl->major_ver, ssl->minor_ver, - ssl->conf->max_major_ver, ssl->conf->max_minor_ver ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server version out of bounds - min: [%d:%d], server: [%d:%d], max: [%d:%d]", + ssl->conf->min_major_ver, + ssl->conf->min_minor_ver, + ssl->major_ver, ssl->minor_ver, + ssl->conf->max_major_ver, + ssl->conf->max_minor_ver ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION ); @@ -1799,8 +1863,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->in_hslen != mbedtls_ssl_hs_hdr_len( ssl ) + 40 + n + ext_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } } @@ -1839,9 +1905,12 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( comp != MBEDTLS_SSL_COMPRESS_NULL ) #endif/* MBEDTLS_ZLIB_SUPPORT */ { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server hello, bad compression: %d", comp ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server hello, bad compression: %d", comp ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE ); } @@ -1851,7 +1920,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->handshake->ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( i ); if( ssl->handshake->ciphersuite_info == NULL ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "ciphersuite info for %04x not found", i ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "ciphersuite info for %04x not found", i ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); @@ -1891,8 +1961,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ( ret = mbedtls_ssl_derive_keys( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_derive_keys", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR ); return( ret ); } } @@ -1901,7 +1973,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->handshake->resume ? "a" : "no" ) ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %04x", i ) ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", buf[37 + n] ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, compress alg.: %d", + buf[37 + n] ) ); /* * Perform cipher suite validation in same way as in ssl_write_client_hello. @@ -1912,8 +1985,10 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->ciphersuite_list[ssl->minor_ver][i] == 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1924,16 +1999,21 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) } } - suite_info = mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ); - if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, ssl->minor_ver ) != 0 ) + suite_info = mbedtls_ssl_ciphersuite_from_id( + ssl->session_negotiate->ciphersuite ); + if( ssl_validate_ciphersuite( suite_info, ssl, ssl->minor_ver, + ssl->minor_ver ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "server hello, chosen ciphersuite: %s", suite_info->name ) ); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( suite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA && @@ -1950,15 +2030,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } ssl->session_negotiate->compression = comp; ext = buf + 40 + n; - MBEDTLS_SSL_DEBUG_MSG( 2, ( "server hello, total extension length: %d", ext_len ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, + ( "server hello, total extension length: %d", ext_len ) ); while( ext_len ) { @@ -1970,8 +2053,9 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) if( ext_size + 4 > ext_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server hello message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -1991,7 +2075,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) case MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found max_fragment_length extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found max_fragment_length extension" ) ); if( ( ret = ssl_parse_max_fragment_length_ext( ssl, ext + 4, ext_size ) ) != 0 ) @@ -2044,7 +2129,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) case MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found extended_master_secret extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found extended_master_secret extension" ) ); if( ( ret = ssl_parse_extended_ms_ext( ssl, ext + 4, ext_size ) ) != 0 ) @@ -2071,7 +2157,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) case MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found supported_point_formats extension" ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "found supported_point_formats extension" ) ); if( ( ret = ssl_parse_supported_point_formats_ext( ssl, ext + 4, ext_size ) ) != 0 ) @@ -2107,8 +2194,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif /* MBEDTLS_SSL_ALPN */ default: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "unknown extension found: %d (ignoring)", - ext_id ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "unknown extension found: %d (ignoring)", ext_id ) ); } ext_len -= 4 + ext_size; @@ -2125,9 +2212,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) * Renegotiation security checks */ if( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation, breaking off handshake" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "legacy renegotiation, breaking off handshake" ) ); handshake_failure = 1; } #if defined(MBEDTLS_SSL_RENEGOTIATION) @@ -2135,12 +2224,14 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->secure_renegotiation == MBEDTLS_SSL_SECURE_RENEGOTIATION && renegotiation_info_seen == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension missing (secure)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "renegotiation_info extension missing (secure)" ) ); handshake_failure = 1; } else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS && ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "legacy renegotiation not allowed" ) ); handshake_failure = 1; @@ -2149,15 +2240,18 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && renegotiation_info_seen == 1 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "renegotiation_info extension present (legacy)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "renegotiation_info extension present (legacy)" ) ); handshake_failure = 1; } #endif /* MBEDTLS_SSL_RENEGOTIATION */ if( handshake_failure == 1 ) { - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO ); } @@ -2168,7 +2262,8 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) -static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char **p, +static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, + unsigned char **p, unsigned char *end ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; @@ -2182,7 +2277,8 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char * * opaque dh_Ys<1..2^16-1>; * } ServerDHParams; */ - if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, p, end ) ) != 0 ) + if( ( ret = mbedtls_dhm_read_params( &ssl->handshake->dhm_ctx, + p, end ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 2, ( "mbedtls_dhm_read_params" ), ret ); return( ret ); @@ -2340,7 +2436,8 @@ static int ssl_parse_server_ecdh_params( mbedtls_ssl_context *ssl, if( ssl_check_server_ecdh_params( ssl ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (ECDHE curve)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message (ECDHE curve)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2366,8 +2463,8 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, */ if( end - (*p) < 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " - "(psk_identity_hint length)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message (psk_identity_hint length)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } len = (*p)[0] << 8 | (*p)[1]; @@ -2375,8 +2472,8 @@ static int ssl_parse_server_psk_hint( mbedtls_ssl_context *ssl, if( end - (*p) < len ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message " - "(psk_identity_hint length)" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message (psk_identity_hint length)" ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2419,8 +2516,9 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl, * opaque random[46]; * } PreMasterSecret; */ - mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, - ssl->conf->transport, p ); + mbedtls_ssl_write_version( ssl->conf->max_major_ver, + ssl->conf->max_minor_ver, + ssl->conf->transport, p ); if( ( ret = ssl->conf->f_rng( ssl->conf->p_rng, p + 2, 46 ) ) != 0 ) { @@ -2506,20 +2604,22 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, /* * Get hash algorithm */ - if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) == MBEDTLS_MD_NONE ) + if( ( *md_alg = mbedtls_ssl_md_alg_from_hash( (*p)[0] ) ) + == MBEDTLS_MD_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "Server used unsupported " - "HashAlgorithm %d", *(p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "Server used unsupported HashAlgorithm %d", *(p)[0] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } /* * Get signature algorithm */ - if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) == MBEDTLS_PK_NONE ) + if( ( *pk_alg = mbedtls_ssl_pk_alg_from_sig( (*p)[1] ) ) + == MBEDTLS_PK_NONE ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used unsupported " - "SignatureAlgorithm %d", (*p)[1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server used unsupported SignatureAlgorithm %d", (*p)[1] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2528,13 +2628,15 @@ static int ssl_parse_signature_algorithm( mbedtls_ssl_context *ssl, */ if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered", - *(p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server used HashAlgorithm %d that was not offered", *(p)[0] ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", (*p)[1] ) ); - MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", (*p)[0] ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used SignatureAlgorithm %d", + (*p)[1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 2, ( "Server used HashAlgorithm %d", + (*p)[0] ) ); *p += 2; return( 0 ); @@ -2625,8 +2727,10 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) if( ( ret = ssl_get_ecdh_params_from_cert( ssl ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "ssl_get_ecdh_params_from_cert", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( ret ); } @@ -2656,8 +2760,10 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -2676,10 +2782,12 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) goto exit; } - MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key exchange message must " - "not be skipped" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "server key exchange message must not be skipped" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -2703,8 +2811,10 @@ start_processing: if( ssl_parse_server_psk_hint( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } /* FALLTROUGH */ @@ -2726,8 +2836,10 @@ start_processing: if( ssl_parse_server_dh_params( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2743,8 +2855,10 @@ start_processing: if( ssl_parse_server_ecdh_params_psa( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2762,8 +2876,10 @@ start_processing: if( ssl_parse_server_ecdh_params( ssl, &p, end ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2779,8 +2895,10 @@ start_processing: if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_read_round_two", ret ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2813,17 +2931,24 @@ start_processing: if( ssl_parse_signature_algorithm( ssl, &p, end, &md_alg, &pk_alg ) != 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } - if( pk_alg != mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) + if( pk_alg != + mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info ) ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "bad server key exchange message" ) ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } } @@ -2853,8 +2978,10 @@ start_processing: if( p > end - 2 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } sig_len = ( p[0] << 8 ) | p[1]; @@ -2863,8 +2990,10 @@ start_processing: if( p != end - sig_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } @@ -2924,8 +3053,10 @@ start_processing: if( !mbedtls_pk_can_do( peer_pk, pk_alg ) ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE ); return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); } @@ -2940,8 +3071,10 @@ start_processing: #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ret != MBEDTLS_ERR_ECP_IN_PROGRESS ) #endif - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR ); MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_verify", ret ); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) if( ret == MBEDTLS_ERR_ECP_IN_PROGRESS ) @@ -3013,8 +3146,10 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } @@ -3090,8 +3225,9 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) #if defined(MBEDTLS_SSL_PROTO_TLS1_2) if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 ) { - size_t sig_alg_len = ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) - | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); + size_t sig_alg_len = + ( ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 1 + n] << 8 ) + | ( buf[mbedtls_ssl_hs_hdr_len( ssl ) + 2 + n] ) ); #if defined(MBEDTLS_DEBUG_C) unsigned char* sig_alg; size_t i; @@ -3109,11 +3245,14 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) * buf[...hdr_len + 3 + n + sig_alg_len], * which is one less than we need the buf to be. */ - if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n + sig_alg_len ) + if( ssl->in_hslen <= mbedtls_ssl_hs_hdr_len( ssl ) + + 3 + n + sig_alg_len ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad certificate request message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR ); return( MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST ); } @@ -3121,8 +3260,9 @@ static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl ) sig_alg = buf + mbedtls_ssl_hs_hdr_len( ssl ) + 3 + n; for( i = 0; i < sig_alg_len; i += 2 ) { - MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d" - ",%d", sig_alg[i], sig_alg[i + 1] ) ); + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "Supported Signature Algorithm found: %d,%d", + sig_alg[i], sig_alg[i + 1] ) ); } #endif @@ -3213,9 +3353,9 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) header_len = 6; ret = mbedtls_dhm_make_public( &ssl->handshake->dhm_ctx, - (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), - &ssl->out_msg[header_len], content_len, - ssl->conf->f_rng, ssl->conf->p_rng ); + (int) mbedtls_mpi_size( &ssl->handshake->dhm_ctx.P ), + &ssl->out_msg[header_len], content_len, + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_make_public", ret ); @@ -3226,10 +3366,10 @@ static int ssl_write_client_key_exchange( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX ); if( ( ret = mbedtls_dhm_calc_secret( &ssl->handshake->dhm_ctx, - ssl->handshake->premaster, - MBEDTLS_PREMASTER_SIZE, - &ssl->handshake->pmslen, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + ssl->handshake->premaster, + MBEDTLS_PREMASTER_SIZE, + &ssl->handshake->pmslen, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_dhm_calc_secret", ret ); return( ret ); @@ -3379,10 +3519,10 @@ ecdh_calc_secret: content_len = ssl->handshake->ecrs_n; #endif if( ( ret = mbedtls_ecdh_calc_secret( &ssl->handshake->ecdh_ctx, - &ssl->handshake->pmslen, - ssl->handshake->premaster, - MBEDTLS_MPI_MAX_SIZE, - ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) + &ssl->handshake->pmslen, + ssl->handshake->premaster, + MBEDTLS_MPI_MAX_SIZE, + ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecdh_calc_secret", ret ); #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED) @@ -3419,8 +3559,8 @@ ecdh_calc_secret: if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity too long or " - "SSL buffer too short" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "psk identity too long or SSL buffer too short" ) ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } @@ -3471,8 +3611,8 @@ ecdh_calc_secret: if( header_len + 2 + content_len > MBEDTLS_SSL_OUT_CONTENT_LEN ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "psk identity or DHM size too long" - " or SSL buffer too short" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "psk identity or DHM size too long or SSL buffer too short" ) ); return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); } @@ -3530,7 +3670,8 @@ ecdh_calc_secret: ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "skip PMS generation for opaque PSK" ) ); + MBEDTLS_SSL_DEBUG_MSG( + 1, ( "skip PMS generation for opaque PSK" ) ); } else #endif /* MBEDTLS_USE_PSA_CRYPTO && @@ -3538,7 +3679,8 @@ ecdh_calc_secret: if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, ciphersuite_info->key_exchange ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_psk_derive_premaster", ret ); + MBEDTLS_SSL_DEBUG_RET( + 1, "mbedtls_ssl_psk_derive_premaster", ret ); return( ret ); } } @@ -3736,8 +3878,9 @@ sign: * Until we encounter a server that does not, we will take this * shortcut. * - * Reason: Otherwise we should have running hashes for SHA512 and SHA224 - * in order to satisfy 'weird' needs from the server side. + * Reason: Otherwise we should have running hashes for SHA512 and + * SHA224 in order to satisfy 'weird' needs from the server + * side. */ if( ssl->handshake->ciphersuite_info->mac == MBEDTLS_MD_SHA384 ) { @@ -3821,8 +3964,10 @@ static int ssl_parse_new_session_ticket( mbedtls_ssl_context *ssl ) if( ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad new session ticket message" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + mbedtls_ssl_send_alert_message( + ssl, + MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE ); } From 4c7bbe289a2ad70183158563ab56d416150c3449 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 7 May 2020 10:54:43 +0200 Subject: [PATCH 03/87] Remove unnecessary MBEDTLS_ECP_C preprocessor condition The ssl_cli.c:ssl_write_supported_elliptic_curves_ext() function is compiled only if MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C or MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED is defined which implies that MBEDTLS_ECP_C is defined. Thus remove the precompiler conditions on MBEDTLS_ECP_C in its code. Signed-off-by: Ronald Cron --- library/ssl_cli.c | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 80c8ee8e3..13acf5a8b 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -308,30 +308,18 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const mbedtls_ecp_curve_info *info; -#if defined(MBEDTLS_ECP_C) const mbedtls_ecp_group_id *grp_id; -#else - ((void) ssl); -#endif *olen = 0; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); -#if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) -#else - for( info = mbedtls_ecp_curve_list(); - info->grp_id != MBEDTLS_ECP_DP_NONE; - info++ ) -#endif { -#if defined(MBEDTLS_ECP_C) info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); -#endif if( info == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, @@ -350,19 +338,11 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, elliptic_curve_len = 0; -#if defined(MBEDTLS_ECP_C) for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) -#else - for( info = mbedtls_ecp_curve_list(); - info->grp_id != MBEDTLS_ECP_DP_NONE; - info++ ) -#endif { -#if defined(MBEDTLS_ECP_C) info = mbedtls_ecp_curve_info_from_grp_id( *grp_id ); -#endif elliptic_curve_list[elliptic_curve_len++] = info->tls_id >> 8; elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } From 51018aab56d6878e65b141dbdfb87af887a20aa1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Apr 2017 14:54:42 +0100 Subject: [PATCH 04/87] Add macro for bounds checking This commit adds a macro for buffer bounds checks in the SSL module. It takes the buffer's current and end position as the first argument(s), followed by the needed space; if the available space is too small, it returns an SSL_BUFFER_TOO_SMALL error. Signed-off-by: Ronald Cron --- include/mbedtls/ssl_internal.h | 35 ++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index e92381c33..d655813ab 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -299,6 +299,41 @@ static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context * #define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS_PRESENT (1 << 0) #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP_OK (1 << 1) +/** + * \brief This function checks if the remaining size in a buffer is + * greater or equal than a needed space. + * + * \param cur Pointer to the current position in the buffer. + * \param end Pointer to one past the end of the buffer. + * \param need Needed space in bytes. + * + * \return Non-zero if the needed space is available in the buffer, 0 + * otherwise. + */ +static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, + const uint8_t *end, size_t need ) +{ + return( cur <= end && need <= (size_t)( end - cur ) ); +} + +/** + * \brief This macro checks if the remaining size in a buffer is + * greater or equal than a needed space. If it is not the case, + * it returns an SSL_BUFFER_TOO_SMALL error. + * + * \param cur Pointer to the current position in the buffer. + * \param end Pointer to one past the end of the buffer. + * \param need Needed space in bytes. + * + */ +#define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \ + do { \ + if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) == 0 ) \ + { \ + return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \ + } \ + } while( 0 ) + #ifdef __cplusplus extern "C" { #endif From fcdea0ff69cab3fc1332ea0045f576f3f8d21cd6 Mon Sep 17 00:00:00 2001 From: irwir Date: Tue, 19 May 2020 19:48:27 +0300 Subject: [PATCH 05/87] Remove definitions and settings that are never used or duplicate MSVC defaults. Fixes #3297. Signed-off-by: irwir --- scripts/data_files/vs2010-app-template.vcxproj | 18 ++++-------------- .../data_files/vs2010-main-template.vcxproj | 14 +++----------- visualc/VS2010/aescrypt2.vcxproj | 18 ++++-------------- visualc/VS2010/benchmark.vcxproj | 18 ++++-------------- visualc/VS2010/cert_app.vcxproj | 18 ++++-------------- visualc/VS2010/cert_req.vcxproj | 18 ++++-------------- visualc/VS2010/cert_write.vcxproj | 18 ++++-------------- visualc/VS2010/crl_app.vcxproj | 18 ++++-------------- visualc/VS2010/crypt_and_hash.vcxproj | 18 ++++-------------- visualc/VS2010/crypto_examples.vcxproj | 18 ++++-------------- visualc/VS2010/dh_client.vcxproj | 18 ++++-------------- visualc/VS2010/dh_genprime.vcxproj | 18 ++++-------------- visualc/VS2010/dh_server.vcxproj | 18 ++++-------------- visualc/VS2010/dtls_client.vcxproj | 18 ++++-------------- visualc/VS2010/dtls_server.vcxproj | 18 ++++-------------- visualc/VS2010/ecdh_curve25519.vcxproj | 18 ++++-------------- visualc/VS2010/ecdsa.vcxproj | 18 ++++-------------- visualc/VS2010/gen_entropy.vcxproj | 18 ++++-------------- visualc/VS2010/gen_key.vcxproj | 18 ++++-------------- visualc/VS2010/gen_random_ctr_drbg.vcxproj | 18 ++++-------------- visualc/VS2010/gen_random_havege.vcxproj | 18 ++++-------------- visualc/VS2010/generic_sum.vcxproj | 18 ++++-------------- visualc/VS2010/hello.vcxproj | 18 ++++-------------- visualc/VS2010/key_app.vcxproj | 18 ++++-------------- visualc/VS2010/key_app_writer.vcxproj | 18 ++++-------------- visualc/VS2010/key_ladder_demo.vcxproj | 18 ++++-------------- visualc/VS2010/mbedTLS.vcxproj | 14 +++----------- visualc/VS2010/mini_client.vcxproj | 18 ++++-------------- visualc/VS2010/mpi_demo.vcxproj | 18 ++++-------------- visualc/VS2010/pem2der.vcxproj | 18 ++++-------------- visualc/VS2010/pk_decrypt.vcxproj | 18 ++++-------------- visualc/VS2010/pk_encrypt.vcxproj | 18 ++++-------------- visualc/VS2010/pk_sign.vcxproj | 18 ++++-------------- visualc/VS2010/pk_verify.vcxproj | 18 ++++-------------- visualc/VS2010/psa_constant_names.vcxproj | 18 ++++-------------- .../VS2010/query_compile_time_config.vcxproj | 18 ++++-------------- visualc/VS2010/req_app.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_decrypt.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_encrypt.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_genkey.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_sign.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_sign_pss.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_verify.vcxproj | 18 ++++-------------- visualc/VS2010/rsa_verify_pss.vcxproj | 18 ++++-------------- visualc/VS2010/selftest.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_client1.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_client2.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_context_info.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_fork_server.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_mail_client.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_server.vcxproj | 18 ++++-------------- visualc/VS2010/ssl_server2.vcxproj | 18 ++++-------------- visualc/VS2010/strerror.vcxproj | 18 ++++-------------- visualc/VS2010/udp_proxy.vcxproj | 18 ++++-------------- visualc/VS2010/zeroize.vcxproj | 18 ++++-------------- 55 files changed, 218 insertions(+), 764 deletions(-) diff --git a/scripts/data_files/vs2010-app-template.vcxproj b/scripts/data_files/vs2010-app-template.vcxproj index aae07b54e..039fd09a2 100644 --- a/scripts/data_files/vs2010-app-template.vcxproj +++ b/scripts/data_files/vs2010-app-template.vcxproj @@ -89,11 +89,9 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -101,7 +99,6 @@ INCLUDE_DIRECTORIES Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -111,11 +108,9 @@ INCLUDE_DIRECTORIES - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -123,7 +118,6 @@ INCLUDE_DIRECTORIES Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -134,12 +128,10 @@ INCLUDE_DIRECTORIES Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -156,12 +148,10 @@ INCLUDE_DIRECTORIES Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES diff --git a/scripts/data_files/vs2010-main-template.vcxproj b/scripts/data_files/vs2010-main-template.vcxproj index c8f13c3cf..c0f3a3c1f 100644 --- a/scripts/data_files/vs2010-main-template.vcxproj +++ b/scripts/data_files/vs2010-main-template.vcxproj @@ -80,11 +80,9 @@ - - Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -97,11 +95,9 @@ INCLUDE_DIRECTORIES - - Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -115,12 +111,10 @@ INCLUDE_DIRECTORIES Level3 - - MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) INCLUDE_DIRECTORIES @@ -135,8 +129,6 @@ INCLUDE_DIRECTORIES Level3 - - MaxSpeed true true diff --git a/visualc/VS2010/aescrypt2.vcxproj b/visualc/VS2010/aescrypt2.vcxproj index 0fdd2997d..3ae59dcc3 100644 --- a/visualc/VS2010/aescrypt2.vcxproj +++ b/visualc/VS2010/aescrypt2.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/benchmark.vcxproj b/visualc/VS2010/benchmark.vcxproj index 4bf7f6f54..2836f1477 100644 --- a/visualc/VS2010/benchmark.vcxproj +++ b/visualc/VS2010/benchmark.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/cert_app.vcxproj b/visualc/VS2010/cert_app.vcxproj index 223353f74..84ec4b7a8 100644 --- a/visualc/VS2010/cert_app.vcxproj +++ b/visualc/VS2010/cert_app.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/cert_req.vcxproj b/visualc/VS2010/cert_req.vcxproj index 396b6467b..c45125cb6 100644 --- a/visualc/VS2010/cert_req.vcxproj +++ b/visualc/VS2010/cert_req.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/cert_write.vcxproj b/visualc/VS2010/cert_write.vcxproj index f5d171c1b..982e4121b 100644 --- a/visualc/VS2010/cert_write.vcxproj +++ b/visualc/VS2010/cert_write.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/crl_app.vcxproj b/visualc/VS2010/crl_app.vcxproj index 082c1f13a..5a7c854dc 100644 --- a/visualc/VS2010/crl_app.vcxproj +++ b/visualc/VS2010/crl_app.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/crypt_and_hash.vcxproj b/visualc/VS2010/crypt_and_hash.vcxproj index bec06ad14..0c955873f 100644 --- a/visualc/VS2010/crypt_and_hash.vcxproj +++ b/visualc/VS2010/crypt_and_hash.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/crypto_examples.vcxproj b/visualc/VS2010/crypto_examples.vcxproj index 0581d02d9..65826bd29 100644 --- a/visualc/VS2010/crypto_examples.vcxproj +++ b/visualc/VS2010/crypto_examples.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dh_client.vcxproj b/visualc/VS2010/dh_client.vcxproj index 14186b298..c778e8ada 100644 --- a/visualc/VS2010/dh_client.vcxproj +++ b/visualc/VS2010/dh_client.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dh_genprime.vcxproj b/visualc/VS2010/dh_genprime.vcxproj index ff1e85c2f..3b4fead52 100644 --- a/visualc/VS2010/dh_genprime.vcxproj +++ b/visualc/VS2010/dh_genprime.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dh_server.vcxproj b/visualc/VS2010/dh_server.vcxproj index bc256c1d4..bf930def6 100644 --- a/visualc/VS2010/dh_server.vcxproj +++ b/visualc/VS2010/dh_server.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dtls_client.vcxproj b/visualc/VS2010/dtls_client.vcxproj index 05c967089..5bd7a8a94 100644 --- a/visualc/VS2010/dtls_client.vcxproj +++ b/visualc/VS2010/dtls_client.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/dtls_server.vcxproj b/visualc/VS2010/dtls_server.vcxproj index 9f17eedd5..ce0c6da18 100644 --- a/visualc/VS2010/dtls_server.vcxproj +++ b/visualc/VS2010/dtls_server.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ecdh_curve25519.vcxproj b/visualc/VS2010/ecdh_curve25519.vcxproj index 7a1e86245..32eda340e 100644 --- a/visualc/VS2010/ecdh_curve25519.vcxproj +++ b/visualc/VS2010/ecdh_curve25519.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ecdsa.vcxproj b/visualc/VS2010/ecdsa.vcxproj index 84dc88386..49d54c6d8 100644 --- a/visualc/VS2010/ecdsa.vcxproj +++ b/visualc/VS2010/ecdsa.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/gen_entropy.vcxproj b/visualc/VS2010/gen_entropy.vcxproj index 6b85f62ec..61942c995 100644 --- a/visualc/VS2010/gen_entropy.vcxproj +++ b/visualc/VS2010/gen_entropy.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/gen_key.vcxproj b/visualc/VS2010/gen_key.vcxproj index e7b586a24..e6ce33ee8 100644 --- a/visualc/VS2010/gen_key.vcxproj +++ b/visualc/VS2010/gen_key.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/gen_random_ctr_drbg.vcxproj b/visualc/VS2010/gen_random_ctr_drbg.vcxproj index 2cfdfaaf5..b7a7823db 100644 --- a/visualc/VS2010/gen_random_ctr_drbg.vcxproj +++ b/visualc/VS2010/gen_random_ctr_drbg.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/gen_random_havege.vcxproj b/visualc/VS2010/gen_random_havege.vcxproj index 48519d6f3..3c5eb67b5 100644 --- a/visualc/VS2010/gen_random_havege.vcxproj +++ b/visualc/VS2010/gen_random_havege.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/generic_sum.vcxproj b/visualc/VS2010/generic_sum.vcxproj index 861486592..b04991643 100644 --- a/visualc/VS2010/generic_sum.vcxproj +++ b/visualc/VS2010/generic_sum.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/hello.vcxproj b/visualc/VS2010/hello.vcxproj index 88112f519..ecdabf1e9 100644 --- a/visualc/VS2010/hello.vcxproj +++ b/visualc/VS2010/hello.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/key_app.vcxproj b/visualc/VS2010/key_app.vcxproj index e90d9da01..aca1a0307 100644 --- a/visualc/VS2010/key_app.vcxproj +++ b/visualc/VS2010/key_app.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/key_app_writer.vcxproj b/visualc/VS2010/key_app_writer.vcxproj index 002f9e87b..64f2e27a0 100644 --- a/visualc/VS2010/key_app_writer.vcxproj +++ b/visualc/VS2010/key_app_writer.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/key_ladder_demo.vcxproj b/visualc/VS2010/key_ladder_demo.vcxproj index f157da7f4..a3b6b4a7a 100644 --- a/visualc/VS2010/key_ladder_demo.vcxproj +++ b/visualc/VS2010/key_ladder_demo.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 07e046a52..d14ef76d5 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -80,11 +80,9 @@ - - Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -96,11 +94,9 @@ - - Level3 Disabled - WIN32;_DEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + _USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib CompileAsC @@ -113,12 +109,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_WINDOWS;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) + NDEBUG;_USRDLL;MBEDTLS_EXPORTS;KRML_VERIFIED_UINT128;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -132,8 +126,6 @@ Level3 - - MaxSpeed true true diff --git a/visualc/VS2010/mini_client.vcxproj b/visualc/VS2010/mini_client.vcxproj index 9f1751986..50f4b22b4 100644 --- a/visualc/VS2010/mini_client.vcxproj +++ b/visualc/VS2010/mini_client.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/mpi_demo.vcxproj b/visualc/VS2010/mpi_demo.vcxproj index 42d526287..2fe56c5f1 100644 --- a/visualc/VS2010/mpi_demo.vcxproj +++ b/visualc/VS2010/mpi_demo.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pem2der.vcxproj b/visualc/VS2010/pem2der.vcxproj index e56adff45..4c854a655 100644 --- a/visualc/VS2010/pem2der.vcxproj +++ b/visualc/VS2010/pem2der.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pk_decrypt.vcxproj b/visualc/VS2010/pk_decrypt.vcxproj index 17cce620f..360f2c361 100644 --- a/visualc/VS2010/pk_decrypt.vcxproj +++ b/visualc/VS2010/pk_decrypt.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pk_encrypt.vcxproj b/visualc/VS2010/pk_encrypt.vcxproj index 7c215b236..20d663a53 100644 --- a/visualc/VS2010/pk_encrypt.vcxproj +++ b/visualc/VS2010/pk_encrypt.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pk_sign.vcxproj b/visualc/VS2010/pk_sign.vcxproj index ca1b1c4ee..ad33afa1e 100644 --- a/visualc/VS2010/pk_sign.vcxproj +++ b/visualc/VS2010/pk_sign.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/pk_verify.vcxproj b/visualc/VS2010/pk_verify.vcxproj index b32782a84..8856dc210 100644 --- a/visualc/VS2010/pk_verify.vcxproj +++ b/visualc/VS2010/pk_verify.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/psa_constant_names.vcxproj b/visualc/VS2010/psa_constant_names.vcxproj index 4f484d8b5..418c8fb33 100644 --- a/visualc/VS2010/psa_constant_names.vcxproj +++ b/visualc/VS2010/psa_constant_names.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/query_compile_time_config.vcxproj b/visualc/VS2010/query_compile_time_config.vcxproj index 0cc8a2820..de793db2c 100644 --- a/visualc/VS2010/query_compile_time_config.vcxproj +++ b/visualc/VS2010/query_compile_time_config.vcxproj @@ -90,18 +90,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -111,18 +108,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -133,12 +127,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -154,12 +146,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/req_app.vcxproj b/visualc/VS2010/req_app.vcxproj index 99e98017c..925987195 100644 --- a/visualc/VS2010/req_app.vcxproj +++ b/visualc/VS2010/req_app.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_decrypt.vcxproj b/visualc/VS2010/rsa_decrypt.vcxproj index 137d2bc2b..e7fe01b0f 100644 --- a/visualc/VS2010/rsa_decrypt.vcxproj +++ b/visualc/VS2010/rsa_decrypt.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_encrypt.vcxproj b/visualc/VS2010/rsa_encrypt.vcxproj index 1081579eb..6e1b96b10 100644 --- a/visualc/VS2010/rsa_encrypt.vcxproj +++ b/visualc/VS2010/rsa_encrypt.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_genkey.vcxproj b/visualc/VS2010/rsa_genkey.vcxproj index d460a7fd1..1038db5da 100644 --- a/visualc/VS2010/rsa_genkey.vcxproj +++ b/visualc/VS2010/rsa_genkey.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_sign.vcxproj b/visualc/VS2010/rsa_sign.vcxproj index 356df9fa5..b1bd170ac 100644 --- a/visualc/VS2010/rsa_sign.vcxproj +++ b/visualc/VS2010/rsa_sign.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_sign_pss.vcxproj b/visualc/VS2010/rsa_sign_pss.vcxproj index b8a09eebc..500788199 100644 --- a/visualc/VS2010/rsa_sign_pss.vcxproj +++ b/visualc/VS2010/rsa_sign_pss.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_verify.vcxproj b/visualc/VS2010/rsa_verify.vcxproj index 5ce841057..34097535c 100644 --- a/visualc/VS2010/rsa_verify.vcxproj +++ b/visualc/VS2010/rsa_verify.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/rsa_verify_pss.vcxproj b/visualc/VS2010/rsa_verify_pss.vcxproj index 2cc576b88..47699586f 100644 --- a/visualc/VS2010/rsa_verify_pss.vcxproj +++ b/visualc/VS2010/rsa_verify_pss.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/selftest.vcxproj b/visualc/VS2010/selftest.vcxproj index 42fb32abd..3dcc8c812 100644 --- a/visualc/VS2010/selftest.vcxproj +++ b/visualc/VS2010/selftest.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_client1.vcxproj b/visualc/VS2010/ssl_client1.vcxproj index f0d6af7f4..cdf9ec86b 100644 --- a/visualc/VS2010/ssl_client1.vcxproj +++ b/visualc/VS2010/ssl_client1.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_client2.vcxproj b/visualc/VS2010/ssl_client2.vcxproj index 7db1a52ac..e9505509a 100644 --- a/visualc/VS2010/ssl_client2.vcxproj +++ b/visualc/VS2010/ssl_client2.vcxproj @@ -90,18 +90,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -111,18 +108,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -133,12 +127,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -154,12 +146,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_context_info.vcxproj b/visualc/VS2010/ssl_context_info.vcxproj index 1ab9e862c..ff1ba985e 100644 --- a/visualc/VS2010/ssl_context_info.vcxproj +++ b/visualc/VS2010/ssl_context_info.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_fork_server.vcxproj b/visualc/VS2010/ssl_fork_server.vcxproj index f67b1bef2..7a18c9903 100644 --- a/visualc/VS2010/ssl_fork_server.vcxproj +++ b/visualc/VS2010/ssl_fork_server.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_mail_client.vcxproj b/visualc/VS2010/ssl_mail_client.vcxproj index 64629c6af..37dad2197 100644 --- a/visualc/VS2010/ssl_mail_client.vcxproj +++ b/visualc/VS2010/ssl_mail_client.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_server.vcxproj b/visualc/VS2010/ssl_server.vcxproj index 9c6e2f561..f0038d7c1 100644 --- a/visualc/VS2010/ssl_server.vcxproj +++ b/visualc/VS2010/ssl_server.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/ssl_server2.vcxproj b/visualc/VS2010/ssl_server2.vcxproj index 94ba22e18..b8788ef01 100644 --- a/visualc/VS2010/ssl_server2.vcxproj +++ b/visualc/VS2010/ssl_server2.vcxproj @@ -90,18 +90,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -111,18 +108,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -133,12 +127,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -154,12 +146,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/strerror.vcxproj b/visualc/VS2010/strerror.vcxproj index 497a4e25a..31e19bb9b 100644 --- a/visualc/VS2010/strerror.vcxproj +++ b/visualc/VS2010/strerror.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/udp_proxy.vcxproj b/visualc/VS2010/udp_proxy.vcxproj index 49f92403a..6b2ed3677 100644 --- a/visualc/VS2010/udp_proxy.vcxproj +++ b/visualc/VS2010/udp_proxy.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib diff --git a/visualc/VS2010/zeroize.vcxproj b/visualc/VS2010/zeroize.vcxproj index 932c802ba..4fa6bacc0 100644 --- a/visualc/VS2010/zeroize.vcxproj +++ b/visualc/VS2010/zeroize.vcxproj @@ -89,18 +89,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -110,18 +107,15 @@ - - Level3 Disabled - WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) + %(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib Console true - NotSet kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies) Debug @@ -132,12 +126,10 @@ Level3 - - MaxSpeed true true - WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib @@ -153,12 +145,10 @@ Level3 - - MaxSpeed true true - WIN64;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) + NDEBUG;%(PreprocessorDefinitions) ../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib From 6e24980cc6c3bc024ddc114921e593495165a9c4 Mon Sep 17 00:00:00 2001 From: ndilieto <49833066+ndilieto@users.noreply.github.com> Date: Thu, 28 May 2020 06:17:38 +0000 Subject: [PATCH 06/87] Minor style and documentation improvements Co-authored-by: Gilles Peskine Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 32 ++++++++++++++++---------------- library/x509_crt.c | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 19de1e968..13687b5f0 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -310,14 +310,15 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * mbedtls_x509_crt_parse_der_ext() routine when it encounters * an unsupported extension. * - * \param crt Pointer to the certificate being parsed - * \param oid Extension's OID - * \param critical If the extension is critical (per the RFC's definition) - * \param p On entry \c *p points to the start of the extension ASN.1 - * data. On successful completion \c *p must point to the - * first byte after it. - * On error, the value of \c *p is undefined. - * \param end End of extension data. + * \param crt The certificate being parsed. + * \param oid The OID of the extension. + * \param critical Whether the extension is critical. + * \param p On entry, \c *p points to the start of the extension value + * (the content of the OCTET STRING). + * On successful completion, \c *p must point to the + * first byte after the extension value. + * On error, the value of \c *p is not undefined. + * \param end End of extension value. * * \note The callback must fail and return a negative error code if * it can not parse or does not support the extension. @@ -326,10 +327,10 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \return A negative error code on failure. */ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, - mbedtls_x509_buf const *oid, - int critical, - unsigned char **p, - const unsigned char *end ); + mbedtls_x509_buf const *oid, + int critical, + unsigned char **p, + const unsigned char *end ); /** * \brief Parse a single DER formatted certificate and add it @@ -354,10 +355,9 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, * \return A negative error code on failure. */ int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - mbedtls_x509_crt_ext_cb_t cb - ); + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb ); /** * \brief Parse a single DER formatted certificate and add it diff --git a/library/x509_crt.c b/library/x509_crt.c index 9076b321b..a0d35ae3a 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -957,7 +957,7 @@ static int x509_get_crt_ext( unsigned char **p, if( ret != 0 ) { /* Give the callback (if any) a chance to handle the extension */ - if (cb && cb(crt, &extn_oid, is_critical, p, end_ext_octet) == 0) + if( cb != NULL && cb( crt, &extn_oid, is_critical, p, end_ext_octet ) == 0 ) continue; /* No parser found, skip extension */ From fde98f7773b15175d8f88fe28ac5b3e42f386077 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 08:34:33 +0200 Subject: [PATCH 07/87] Rename mbedtls_x509_crt_parse_der_ext new name: mbedtls_x509_crt_parse_der_with_ext_cb Co-authored-by: Gilles Peskine Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 12 ++++++------ library/x509_crt.c | 8 ++++---- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 13687b5f0..96129be36 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -307,8 +307,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \brief The type of certificate extension callbacks. * * Callbacks of this type are passed to and used by the - * mbedtls_x509_crt_parse_der_ext() routine when it encounters - * an unsupported extension. + * mbedtls_x509_crt_parse_der_with_ext_cb() routine when + * it encounters an unsupported extension. * * \param crt The certificate being parsed. * \param oid The OID of the extension. @@ -354,10 +354,10 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, * \return \c 0 if successful. * \return A negative error code on failure. */ -int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - mbedtls_x509_crt_ext_cb_t cb ); +int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb ); /** * \brief Parse a single DER formatted certificate and add it diff --git a/library/x509_crt.c b/library/x509_crt.c index a0d35ae3a..bf06872d4 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1384,10 +1384,10 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL ) ); } -int mbedtls_x509_crt_parse_der_ext( mbedtls_x509_crt *chain, - const unsigned char *buf, - size_t buflen, - mbedtls_x509_crt_ext_cb_t cb ) +int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, + const unsigned char *buf, + size_t buflen, + mbedtls_x509_crt_ext_cb_t cb ) { return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, cb ) ); } From fae25a13d931fa6c5c6afac59787ce4ba39b71d9 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 08:55:08 +0200 Subject: [PATCH 08/87] mbedtls_x509_crt_ext_cb_t definition changed As suggested in https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431238005 Co-authored-by: Gilles Peskine Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 7 ++----- library/x509_crt.c | 7 ++++++- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 96129be36..28dfa515c 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -313,11 +313,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \param crt The certificate being parsed. * \param oid The OID of the extension. * \param critical Whether the extension is critical. - * \param p On entry, \c *p points to the start of the extension value + * \param p Pointer to the start of the extension value * (the content of the OCTET STRING). - * On successful completion, \c *p must point to the - * first byte after the extension value. - * On error, the value of \c *p is not undefined. * \param end End of extension value. * * \note The callback must fail and return a negative error code if @@ -329,7 +326,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, - unsigned char **p, + const unsigned char *p, const unsigned char *end ); /** diff --git a/library/x509_crt.c b/library/x509_crt.c index bf06872d4..6fdee955b 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -957,8 +957,13 @@ static int x509_get_crt_ext( unsigned char **p, if( ret != 0 ) { /* Give the callback (if any) a chance to handle the extension */ - if( cb != NULL && cb( crt, &extn_oid, is_critical, p, end_ext_octet ) == 0 ) + if( cb != NULL ) { + ret = cb( crt, &extn_oid, is_critical, *p, end_ext_octet ); + if ( ret != 0 ) + return ( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + *p = end_ext_octet; continue; + } /* No parser found, skip extension */ *p = end_ext_octet; From 4dbe5676af58ce7203b75a6d471d6c01fc5b3061 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 09:18:42 +0200 Subject: [PATCH 09/87] mbedtls_x509_crt_parse_der_with_ext_cb enhancement added make_copy parameter as suggested in https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431233555 Co-authored-by: Gilles Peskine Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 43 +++++++++++++++++++++++--------------- library/x509_crt.c | 3 ++- 2 files changed, 28 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 28dfa515c..fb91af289 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -330,30 +330,39 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, const unsigned char *end ); /** - * \brief Parse a single DER formatted certificate and add it - * to the end of the provided chained list. + * \brief Parse a single DER formatted certificate and add it + * to the end of the provided chained list. * - * \param chain The pointer to the start of the CRT chain to attach to. - * When parsing the first CRT in a chain, this should point - * to an instance of ::mbedtls_x509_crt initialized through - * mbedtls_x509_crt_init(). - * \param buf The buffer holding the DER encoded certificate. - * \param buflen The size in Bytes of \p buf. - * \param cb A callback invoked for every unsupported certificate - * extension. + * \param chain The pointer to the start of the CRT chain to attach to. + * When parsing the first CRT in a chain, this should point + * to an instance of ::mbedtls_x509_crt initialized through + * mbedtls_x509_crt_init(). + * \param buf The buffer holding the DER encoded certificate. + * \param buflen The size in Bytes of \p buf. + * \param make_copy When not zero this function makes an internal copy of the + * CRT buffer \p buf. In particular, \p buf may be destroyed + * or reused after this call returns. + * When zero this function avoids duplicating the CRT buffer + * by taking temporary ownership thereof until the CRT + * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) + * \param cb A callback invoked for every unsupported certificate + * extension. * - * \note This call is functionally equivalent to - * mbedtls_x509_crt_parse_der(), but it calls the callback - * with every unsupported certificate extension. - * The callback must return a negative error code if it - * does not know how to handle such an extension. + * \note This call is functionally equivalent to + * mbedtls_x509_crt_parse_der(), and/or + * mbedtls_x509_crt_parse_der_nocopy() + * but it calls the callback with every unsupported + * certificate extension. + * The callback must return a negative error code if it + * does not know how to handle such an extension. * - * \return \c 0 if successful. - * \return A negative error code on failure. + * \return \c 0 if successful. + * \return A negative error code on failure. */ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, + int no_copy, mbedtls_x509_crt_ext_cb_t cb ); /** diff --git a/library/x509_crt.c b/library/x509_crt.c index 6fdee955b..2e2fb24d5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1392,9 +1392,10 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, + int make_copy, mbedtls_x509_crt_ext_cb_t cb ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, cb ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb ) ); } int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, From a8b26c2ae46c1651214baf1f3894ed901eed4d13 Mon Sep 17 00:00:00 2001 From: Dan Handley Date: Thu, 28 May 2020 16:20:31 +0100 Subject: [PATCH 10/87] Enable branch coverage in basic_build_test.sh Enable branch coverage output in basic_build_test.sh. This includes enabling branch coverage output to the lcov make target, which is disabled by default. Signed-off-by: Dan Handley --- Makefile | 8 ++++---- tests/scripts/basic-build-test.sh | 15 ++++++++++----- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index e0eb7a58c..5ac5a53f6 100644 --- a/Makefile +++ b/Makefile @@ -107,11 +107,11 @@ covtest: lcov: rm -rf Coverage lcov --capture --initial --directory library -o files.info - lcov --capture --directory library -o tests.info - lcov --add-tracefile files.info --add-tracefile tests.info -o all.info - lcov --remove all.info -o final.info '*.h' + lcov --rc lcov_branch_coverage=1 --capture --directory library -o tests.info + lcov --rc lcov_branch_coverage=1 --add-tracefile files.info --add-tracefile tests.info -o all.info + lcov --rc lcov_branch_coverage=1 --remove all.info -o final.info '*.h' gendesc tests/Descriptions.txt -o descriptions - genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info + genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --branch-coverage -o Coverage final.info rm -f files.info tests.info all.info final.info descriptions apidoc: diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 08c141052..0be870587 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -218,10 +218,12 @@ echo # Step 4e - Coverage echo "Coverage" -LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') -LINES_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p') -FUNCS_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') -FUNCS_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p') +LINES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p') +LINES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p') +FUNCS_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p') +FUNCS_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p') +BRANCHES_TESTED=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* branches)$/\1/p') +BRANCHES_TOTAL=$(tail -n4 cov-$TEST_OUTPUT|sed -n -e 's/ branches...: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) branches)$/\1/p') LINES_PERCENT=$((1000*$LINES_TESTED/$LINES_TOTAL)) LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))" @@ -229,11 +231,14 @@ LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10)) FUNCS_PERCENT=$((1000*$FUNCS_TESTED/$FUNCS_TOTAL)) FUNCS_PERCENT="$(($FUNCS_PERCENT/10)).$(($FUNCS_PERCENT-($FUNCS_PERCENT/10)*10))" +BRANCHES_PERCENT=$((1000*$BRANCHES_TESTED/$BRANCHES_TOTAL)) +BRANCHES_PERCENT="$(($BRANCHES_PERCENT/10)).$(($BRANCHES_PERCENT-($BRANCHES_PERCENT/10)*10))" + echo "Lines Tested : $LINES_TESTED of $LINES_TOTAL $LINES_PERCENT%" echo "Functions Tested : $FUNCS_TESTED of $FUNCS_TOTAL $FUNCS_PERCENT%" +echo "Branches Tested : $BRANCHES_TESTED of $BRANCHES_TOTAL $BRANCHES_PERCENT%" echo - rm unit-test-$TEST_OUTPUT rm sys-test-$TEST_OUTPUT rm compat-test-$TEST_OUTPUT From 2c3a91739365305299f49da201552d35095a860f Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 17:20:42 +0200 Subject: [PATCH 11/87] Minor style improvement Co-authored-by: Hanno Becker Signed-off-by: Nicola Di Lieto --- library/x509_crt.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 2e2fb24d5..554352291 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -957,10 +957,11 @@ static int x509_get_crt_ext( unsigned char **p, if( ret != 0 ) { /* Give the callback (if any) a chance to handle the extension */ - if( cb != NULL ) { + if( cb != NULL ) + { ret = cb( crt, &extn_oid, is_critical, *p, end_ext_octet ); - if ( ret != 0 ) - return ( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if( ret != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); *p = end_ext_octet; continue; } From 5f6ebdebdbc2b86272e5a79ad485cfae00a7fc71 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 19:00:47 +0200 Subject: [PATCH 12/87] Fix wrong parameter name in comment Detected by Travis https://travis-ci.org/github/ARMmbed/mbedtls/jobs/692213150 /home/travis/build/ARMmbed/mbedtls/include/mbedtls/x509_crt.h:333: warning: argument 'make_copy' of command @param is not found in the argument list of mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int no_copy, mbedtls_x509_crt_ext_cb_t cb) Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index fb91af289..cdcc65157 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -362,7 +362,7 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, - int no_copy, + int make_copy, mbedtls_x509_crt_ext_cb_t cb ); /** From 17bb60c0f1e5647c9fca8663e0f0a260f04d2164 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 23:04:15 +0200 Subject: [PATCH 13/87] Tests for mbedtls_x509_crt_parse_der_with_ext_cb Signed-off-by: Nicola Di Lieto --- tests/suites/test_suite_x509parse.data | 8 +++ tests/suites/test_suite_x509parse.function | 82 ++++++++++++++++++++++ 2 files changed, 90 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 7012e8e36..f5345e293 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1988,6 +1988,14 @@ X509 CRT ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +X509 CRT ASN1 (Unsupported critical extension) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION +x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRT ASN1 (Unsupported critical extension with callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index f3e83d69e..c52af76f5 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -301,6 +301,17 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, return( 0 ); } + +int parse_crt_ext_cb( mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, + const unsigned char *p, const unsigned char *end ) +{ + ( void ) crt; + ( void ) p; + ( void ) end; + if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKIX "\x01\x1F", oid ) != 0 && critical != 0 ) + return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( 0 ); +} #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* END_HEADER */ @@ -771,6 +782,77 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } + mbedtls_x509_crt_free( &crt ); + mbedtls_x509_crt_init( &crt ); + memset( output, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL ) == ( result ) ); + if( ( result ) == 0 ) + { + res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); + + TEST_ASSERT( res != -1 ); + TEST_ASSERT( res != -2 ); + + TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + } + + mbedtls_x509_crt_free( &crt ); + mbedtls_x509_crt_init( &crt ); + memset( output, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL ) == ( result ) ); + if( ( result ) == 0 ) + { + res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); + + TEST_ASSERT( res != -1 ); + TEST_ASSERT( res != -2 ); + + TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + } + +exit: + mbedtls_x509_crt_free( &crt ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ +void x509parse_crt_cb( data_t * buf, char * result_str, int result ) +{ + mbedtls_x509_crt crt; + unsigned char output[2000]; + int res; + + mbedtls_x509_crt_init( &crt ); + memset( output, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb ) == ( result ) ); + if( ( result ) == 0 ) + { + res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); + + TEST_ASSERT( res != -1 ); + TEST_ASSERT( res != -2 ); + + TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + } + + mbedtls_x509_crt_free( &crt ); + mbedtls_x509_crt_init( &crt ); + memset( output, 0, 2000 ); + + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb ) == ( result ) ); + if( ( result ) == 0 ) + { + res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); + + TEST_ASSERT( res != -1 ); + TEST_ASSERT( res != -2 ); + + TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); + } + exit: mbedtls_x509_crt_free( &crt ); } From 5659e7e8896186fcae67af773708059894e60772 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Thu, 28 May 2020 23:41:38 +0200 Subject: [PATCH 14/87] Add opaque context to mbedtls_x509_crt_ext_cb_t Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 8 ++++++-- library/x509_crt.c | 24 +++++++++++++--------- tests/suites/test_suite_x509parse.function | 13 ++++++------ 3 files changed, 27 insertions(+), 18 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index cdcc65157..296b472a7 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -310,6 +310,7 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * mbedtls_x509_crt_parse_der_with_ext_cb() routine when * it encounters an unsupported extension. * + * \param p_ctx An opaque context passed to the callback. * \param crt The certificate being parsed. * \param oid The OID of the extension. * \param critical Whether the extension is critical. @@ -323,7 +324,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \return \c 0 on success. * \return A negative error code on failure. */ -typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, +typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, + mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, @@ -347,6 +349,7 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( mbedtls_x509_crt const *crt, * is destroyed (like mbedtls_x509_crt_parse_der_nocopy()) * \param cb A callback invoked for every unsupported certificate * extension. + * \param p_ctx An opaque context passed to the callback. * * \note This call is functionally equivalent to * mbedtls_x509_crt_parse_der(), and/or @@ -363,7 +366,8 @@ int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, - mbedtls_x509_crt_ext_cb_t cb ); + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ); /** * \brief Parse a single DER formatted certificate and add it diff --git a/library/x509_crt.c b/library/x509_crt.c index 554352291..99d3be200 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -893,7 +893,8 @@ static int x509_get_certificate_policies( unsigned char **p, static int x509_get_crt_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_crt *crt, - mbedtls_x509_crt_ext_cb_t cb ) + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -959,7 +960,7 @@ static int x509_get_crt_ext( unsigned char **p, /* Give the callback (if any) a chance to handle the extension */ if( cb != NULL ) { - ret = cb( crt, &extn_oid, is_critical, *p, end_ext_octet ); + ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet ); if( ret != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); *p = end_ext_octet; @@ -1073,7 +1074,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *buf, size_t buflen, int make_copy, - mbedtls_x509_crt_ext_cb_t cb ) + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; @@ -1272,7 +1274,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, if( crt->version == 3 ) #endif { - ret = x509_get_crt_ext( &p, end, crt, cb ); + ret = x509_get_crt_ext( &p, end, crt, cb, p_ctx ); if( ret != 0 ) { mbedtls_x509_crt_free( crt ); @@ -1336,7 +1338,8 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, - mbedtls_x509_crt_ext_cb_t cb ) + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; mbedtls_x509_crt *crt = chain, *prev = NULL; @@ -1368,7 +1371,7 @@ static int mbedtls_x509_crt_parse_der_internal( mbedtls_x509_crt *chain, crt = crt->next; } - ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb ); + ret = x509_crt_parse_der_core( crt, buf, buflen, make_copy, cb, p_ctx ); if( ret != 0 ) { if( prev ) @@ -1387,23 +1390,24 @@ int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 0, NULL, NULL ) ); } int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen, int make_copy, - mbedtls_x509_crt_ext_cb_t cb ) + mbedtls_x509_crt_ext_cb_t cb, + void *p_ctx ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, make_copy, cb, p_ctx ) ); } int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen ) { - return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL ) ); + return( mbedtls_x509_crt_parse_der_internal( chain, buf, buflen, 1, NULL, NULL ) ); } /* diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index c52af76f5..0e2719d8e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -302,9 +302,10 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, return( 0 ); } -int parse_crt_ext_cb( mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, - const unsigned char *p, const unsigned char *end ) +int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, + int critical, const unsigned char *p, const unsigned char *end ) { + ( void ) p_ctx; ( void ) crt; ( void ) p; ( void ) end; @@ -786,7 +787,7 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL, NULL ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -801,7 +802,7 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL, NULL ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -827,7 +828,7 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, NULL ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -842,7 +843,7 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, NULL ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); From 261602cb343ebb77740733663b6bd5ff0722d1ae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Apr 2017 14:54:42 +0100 Subject: [PATCH 15/87] Uniformize bounds checks using new macro This commit uses the previously defined macro to uniformize bounds checks in several places. It also adds bounds checks to the ClientHello writing function that were previously missing. Also, the functions adding extensions to the ClientHello message can now fail if the buffer is too small or a different error condition occurs, and moreover they take an additional buffer end parameter to free them from the assumption that one is writing to the default output buffer. Signed-off-by: Ronald Cron --- ChangeLog.d/uniformize_bounds_checks.txt | 9 + library/ssl_cli.c | 433 ++++++++++++++--------- library/ssl_cookie.c | 6 +- library/ssl_ticket.c | 4 +- 4 files changed, 271 insertions(+), 181 deletions(-) create mode 100644 ChangeLog.d/uniformize_bounds_checks.txt diff --git a/ChangeLog.d/uniformize_bounds_checks.txt b/ChangeLog.d/uniformize_bounds_checks.txt new file mode 100644 index 000000000..210ab1051 --- /dev/null +++ b/ChangeLog.d/uniformize_bounds_checks.txt @@ -0,0 +1,9 @@ +Bugfix + * Add additional bounds checks in ssl_write_client_hello() preventing + output buffer overflow if the configuration declared a buffer that was + too small. +Changes + * Abort the ClientHello writing function as soon as some extension doesn't + fit into the record buffer. Previously, such extensions were silently + dropped. As a consequence, the TLS handshake now fails when the output + buffer is not large enough to hold the ClientHello. diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 13acf5a8b..e12ef00d4 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -95,18 +95,18 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf ) #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) -static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_hostname_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t hostname_len; *olen = 0; if( ssl->hostname == NULL ) - return; + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding server name extension: %s", @@ -114,11 +114,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, hostname_len = strlen( ssl->hostname ); - if( end < p || (size_t)( end - p ) < hostname_len + 9 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, hostname_len + 9 ); /* * Sect. 3, RFC 6066 (TLS Extensions Definitions) @@ -162,16 +158,18 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->hostname, hostname_len ); *olen = hostname_len + 9; + + return( 0 ); } #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */ #if defined(MBEDTLS_SSL_RENEGOTIATION) -static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; @@ -179,16 +177,12 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, * initial ClientHello, in which case also adding the renegotiation * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - return; + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding renegotiation extension" ) ); - if( end < p || (size_t)( end - p ) < 5 + ssl->verify_data_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 + ssl->verify_data_len ); /* * Secure renegotiation @@ -205,6 +199,8 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->own_verify_data, ssl->verify_data_len ); *olen = 5 + ssl->verify_data_len; + + return( 0 ); } #endif /* MBEDTLS_SSL_RENEGOTIATION */ @@ -213,14 +209,15 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, */ #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) -static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t sig_alg_len = 0; const int *md; + #if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_ECDSA_C) unsigned char *sig_alg_list = buf + 6; #endif @@ -228,7 +225,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, *olen = 0; if( ssl->conf->max_minor_ver != MBEDTLS_SSL_MINOR_VERSION_3 ) - return; + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); @@ -243,11 +240,7 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, #endif } - if( end < p || (size_t)( end - p ) < sig_alg_len + 6 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 ); /* * Prepare signature_algorithms extension (TLS 1.2) @@ -293,18 +286,20 @@ static void ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( sig_alg_len ) & 0xFF ); *olen = 6 + sig_alg_len; + + return( 0 ); } #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; unsigned char *elliptic_curve_list = p + 6; size_t elliptic_curve_len = 0; const mbedtls_ecp_curve_info *info; @@ -324,17 +319,15 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); - return; + return( 0 ); } - elliptic_curve_len += 2; } - if( end < p || (size_t)( end - p ) < 6 + elliptic_curve_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + if( elliptic_curve_len == 0 ) + return( 0 ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); elliptic_curve_len = 0; @@ -347,9 +340,6 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, elliptic_curve_list[elliptic_curve_len++] = info->tls_id & 0xFF; } - if( elliptic_curve_len == 0 ) - return; - *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES ) @@ -362,25 +352,23 @@ static void ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( ( elliptic_curve_len ) ) & 0xFF ); *olen = 6 + elliptic_curve_len; + + return( 0 ); } -static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; + (void) ssl; /* ssl used for debugging only */ *olen = 0; MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_point_formats extension" ) ); - - if( end < p || (size_t)( end - p ) < 6 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS >> 8 ) & 0xFF ); @@ -394,34 +382,32 @@ static void ssl_write_supported_point_formats_ext( mbedtls_ssl_context *ssl, *p++ = MBEDTLS_ECP_PF_UNCOMPRESSED; *olen = 6; + + return( 0 ); } #endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C || MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) -static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t kkpp_len; *olen = 0; /* Skip costly extension if we can't use EC J-PAKE anyway */ if( mbedtls_ecjpake_check( &ssl->handshake->ecjpake_ctx ) != 0 ) - return; + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding ecjpake_kkpp extension" ) ); - if( end - p < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ECJPAKE_KKPP ) & 0xFF ); @@ -437,20 +423,20 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "generating new ecjpake parameters" ) ); ret = mbedtls_ecjpake_write_round_one( &ssl->handshake->ecjpake_ctx, - p + 2, end - p - 2, &kkpp_len, - ssl->conf->f_rng, ssl->conf->p_rng ); + p + 2, end - p - 2, &kkpp_len, + ssl->conf->f_rng, ssl->conf->p_rng ); if( ret != 0 ) { MBEDTLS_SSL_DEBUG_RET( 1 , "mbedtls_ecjpake_write_round_one", ret ); - return; + return( ret ); } ssl->handshake->ecjpake_cache = mbedtls_calloc( 1, kkpp_len ); if( ssl->handshake->ecjpake_cache == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "allocation failed" ) ); - return; + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); } memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len ); @@ -461,12 +447,7 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "re-using cached ecjpake parameters" ) ); kkpp_len = ssl->handshake->ecjpake_cache_len; - - if( (size_t)( end - p - 2 ) < kkpp_len ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p + 2, end, kkpp_len ); memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len ); } @@ -475,17 +456,19 @@ static void ssl_write_ecjpake_kkpp_ext( mbedtls_ssl_context *ssl, *p++ = (unsigned char)( ( kkpp_len ) & 0xFF ); *olen = kkpp_len + 4; + + return( 0 ); } #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) -static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_cid_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; size_t ext_len; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; /* * Quoting draft-ietf-tls-dtls-connection-id-05 @@ -500,17 +483,13 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM || ssl->negotiate_cid == MBEDTLS_SSL_CID_DISABLED ) { - return; + return( 0 ); } MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding CID extension" ) ); /* ssl->own_cid_len is at most MBEDTLS_SSL_CID_IN_LEN_MAX * which is at most 255, so the increment cannot overflow. */ - if( end < p || (size_t)( end - p ) < (unsigned)( ssl->own_cid_len + 5 ) ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, (unsigned)( ssl->own_cid_len + 5 ) ); /* Add extension ID + size */ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_CID >> 8 ) & 0xFF ); @@ -523,31 +502,28 @@ static void ssl_write_cid_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->own_cid, ssl->own_cid_len ); *olen = ssl->own_cid_len + 5; + + return( 0 ); } #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) -static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, - size_t *olen ) +static int ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; - if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) { - return; - } + if( ssl->conf->mfl_code == MBEDTLS_SSL_MAX_FRAG_LEN_NONE ) + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding max_fragment_length extension" ) ); - if( end < p || (size_t)( end - p ) < 5 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 5 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH >> 8 ) & 0xFF ); @@ -560,31 +536,28 @@ static void ssl_write_max_fragment_length_ext( mbedtls_ssl_context *ssl, *p++ = ssl->conf->mfl_code; *olen = 5; + + return( 0 ); } #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; if( ssl->conf->trunc_hmac == MBEDTLS_SSL_TRUNC_HMAC_DISABLED ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding truncated_hmac extension" ) ); - if( end < p || (size_t)( end - p ) < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_TRUNCATED_HMAC ) & 0xFF ); @@ -593,32 +566,29 @@ static void ssl_write_truncated_hmac_ext( mbedtls_ssl_context *ssl, *p++ = 0x00; *olen = 4; + + return( 0 ); } #endif /* MBEDTLS_SSL_TRUNCATED_HMAC */ #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; if( ssl->conf->encrypt_then_mac == MBEDTLS_SSL_ETM_DISABLED || ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding encrypt_then_mac extension" ) ); - if( end < p || (size_t)( end - p ) < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC ) & 0xFF ); @@ -627,32 +597,29 @@ static void ssl_write_encrypt_then_mac_ext( mbedtls_ssl_context *ssl, *p++ = 0x00; *olen = 4; + + return( 0 ); } #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */ #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; *olen = 0; if( ssl->conf->extended_ms == MBEDTLS_SSL_EXTENDED_MS_DISABLED || ssl->conf->max_minor_ver == MBEDTLS_SSL_MINOR_VERSION_0 ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding extended_master_secret extension" ) ); - if( end < p || (size_t)( end - p ) < 4 ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET >> 8 ) & 0xFF ); @@ -663,32 +630,30 @@ static void ssl_write_extended_ms_ext( mbedtls_ssl_context *ssl, *p++ = 0x00; *olen = 4; + + return( 0 ); } #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */ #if defined(MBEDTLS_SSL_SESSION_TICKETS) -static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t tlen = ssl->session_negotiate->ticket_len; *olen = 0; if( ssl->conf->session_tickets == MBEDTLS_SSL_SESSION_TICKETS_DISABLED ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding session ticket extension" ) ); - if( end < p || (size_t)( end - p ) < 4 + tlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + /* The addition is safe here since the ticket length is 16 bit. */ + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 4 + tlen ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SESSION_TICKET ) & 0xFF ); @@ -699,9 +664,7 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, *olen = 4; if( ssl->session_negotiate->ticket == NULL || tlen == 0 ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "sending session ticket of length %d", tlen ) ); @@ -709,35 +672,32 @@ static void ssl_write_session_ticket_ext( mbedtls_ssl_context *ssl, memcpy( p, ssl->session_negotiate->ticket, tlen ); *olen += tlen; + + return( 0 ); } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ #if defined(MBEDTLS_SSL_ALPN) -static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, - unsigned char *buf, size_t *olen ) +static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, + unsigned char *buf, + const unsigned char *end, + size_t *olen ) { unsigned char *p = buf; - const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_OUT_CONTENT_LEN; size_t alpnlen = 0; const char **cur; *olen = 0; if( ssl->conf->alpn_list == NULL ) - { - return; - } + return( 0 ); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1; - if( end < p || (size_t)( end - p ) < 6 + alpnlen ) - { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "buffer too small" ) ); - return; - } + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_ALPN ) & 0xFF ); @@ -769,6 +729,8 @@ static void ssl_write_alpn_ext( mbedtls_ssl_context *ssl, /* Extension length = olen - 2 (ext_type) - 2 (ext_len) */ buf[2] = (unsigned char)( ( ( *olen - 4 ) >> 8 ) & 0xFF ); buf[3] = (unsigned char)( ( ( *olen - 4 ) ) & 0xFF ); + + return( 0 ); } #endif /* MBEDTLS_SSL_ALPN */ @@ -872,8 +834,11 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t i, n, olen, ext_len = 0; + unsigned char *buf; unsigned char *p, *q; + const unsigned char *end; + unsigned char offer_compress; const int *ciphersuites; const mbedtls_ssl_ciphersuite_t *ciphersuite_info; @@ -905,16 +870,33 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } + buf = ssl->out_msg; + end = buf + MBEDTLS_SSL_OUT_CONTENT_LEN; + /* - * 0 . 0 handshake type - * 1 . 3 handshake length + * Check if there's enough space for the first part of the ClientHello + * consisting of the 38 bytes described below, the session identifier (at + * most 32 bytes) and its length (1 byte). + * + * Use static upper bounds instead of the actual values + * to allow the compiler to optimize this away. + */ + MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 ); + + /* + * The 38 first bytes of the ClientHello: + * 0 . 0 handshake type (written later) + * 1 . 3 handshake length (written later) * 4 . 5 highest version supported * 6 . 9 current UNIX time * 10 . 37 random bytes + * + * The current UNIX time (4 bytes) and following 28 random bytes are written + * by ssl_generate_random() into ssl->handshake->randbytes buffer and then + * copied from there into the output buffer. */ - buf = ssl->out_msg; - p = buf + 4; + p = buf + 4; mbedtls_ssl_write_version( ssl->conf->max_major_ver, ssl->conf->max_minor_ver, ssl->conf->transport, p ); @@ -937,7 +919,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) * 38 . 38 session id length * 39 . 39+n session id * 39+n . 39+n DTLS only: cookie length (1 byte) - * 40+n . .. DTSL only: cookie + * 40+n . .. DTLS only: cookie * .. . .. ciphersuitelist length (2 bytes) * .. . .. ciphersuitelist * .. . .. compression methods length (1 byte) @@ -979,6 +961,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) } #endif /* MBEDTLS_SSL_SESSION_TICKETS */ + /* + * The first check of the output buffer size above ( + * MBEDTLS_SSL_CHK_BUF_PTR( buf, end, 38 + 1 + 32 );) + * has checked that there is enough space in the output buffer for the + * session identifier length byte and the session identifier (n <= 32). + */ *p++ = (unsigned char) n; for( i = 0; i < n; i++ ) @@ -987,12 +975,27 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, session id len.: %d", n ) ); MBEDTLS_SSL_DEBUG_BUF( 3, "client hello, session id", buf + 39, n ); + /* + * With 'n' being the length of the session identifier + * + * 39+n . 39+n DTLS only: cookie length (1 byte) + * 40+n . .. DTLS only: cookie + * .. . .. ciphersuitelist length (2 bytes) + * .. . .. ciphersuitelist + * .. . .. compression methods length (1 byte) + * .. . .. compression methods + * .. . .. extensions length (2 bytes) + * .. . .. extensions + */ + /* * DTLS cookie */ #if defined(MBEDTLS_SSL_PROTO_DTLS) if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM ) { + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 1 ); + if( ssl->handshake->verify_cookie == NULL ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "no verify cookie to send" ) ); @@ -1005,6 +1008,9 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ssl->handshake->verify_cookie_len ); *p++ = ssl->handshake->verify_cookie_len; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, + ssl->handshake->verify_cookie_len ); memcpy( p, ssl->handshake->verify_cookie, ssl->handshake->verify_cookie_len ); p += ssl->handshake->verify_cookie_len; @@ -1020,6 +1026,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) /* Skip writing ciphersuite length for now */ n = 0; q = p; + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); p += 2; for( i = 0; ciphersuites[i] != 0; i++ ) @@ -1039,6 +1047,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) uses_ec |= mbedtls_ssl_ciphersuite_uses_ec( ciphersuite_info ); #endif + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + n++; *p++ = (unsigned char)( ciphersuites[i] >> 8 ); *p++ = (unsigned char)( ciphersuites[i] ); @@ -1055,6 +1065,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) #endif { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding EMPTY_RENEGOTIATION_INFO_SCSV" ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO ); n++; @@ -1065,6 +1076,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) if( ssl->conf->fallback == MBEDTLS_SSL_IS_FALLBACK ) { MBEDTLS_SSL_DEBUG_MSG( 3, ( "adding FALLBACK_SCSV" ) ); + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE >> 8 ); *p++ = (unsigned char)( MBEDTLS_SSL_FALLBACK_SCSV_VALUE ); n++; @@ -1098,6 +1111,7 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_COMPRESS_DEFLATE, MBEDTLS_SSL_COMPRESS_NULL ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 3 ); *p++ = 2; *p++ = MBEDTLS_SSL_COMPRESS_DEFLATE; *p++ = MBEDTLS_SSL_COMPRESS_NULL; @@ -1108,27 +1122,45 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, compress alg.: %d", MBEDTLS_SSL_COMPRESS_NULL ) ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); *p++ = 1; *p++ = MBEDTLS_SSL_COMPRESS_NULL; } - // First write extensions, then the total length - // + /* First write extensions, then the total length */ + + MBEDTLS_SSL_CHK_BUF_PTR( p, end, 2 ); + #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) - ssl_write_hostname_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_hostname_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_hostname_ext", ret ); + return( ret ); + } ext_len += olen; #endif /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) - ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_renegotiation_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) - ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_signature_algorithms_ext", ret ); + return( ret ); + } ext_len += olen; #endif @@ -1136,51 +1168,100 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) if( uses_ec ) { - ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_supported_elliptic_curves_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_elliptic_curves_ext", ret ); + return( ret ); + } ext_len += olen; - ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_supported_point_formats_ext", ret ); + return( ret ); + } ext_len += olen; } #endif #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) - ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_ecjpake_kkpp_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_ecjpake_kkpp_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) - ssl_write_cid_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_cid_ext( ssl, p + 2 + ext_len, end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_cid_ext", ret ); + return( ret ); + } ext_len += olen; #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) - ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_max_fragment_length_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_max_fragment_length_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_truncated_hmac_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_truncated_hmac_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_encrypt_then_mac_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_encrypt_then_mac_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_extended_ms_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_extended_ms_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_ALPN) - ssl_write_alpn_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_alpn_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_alpn_ext", ret ); + return( ret ); + } ext_len += olen; #endif #if defined(MBEDTLS_SSL_SESSION_TICKETS) - ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, &olen ); + if( ( ret = ssl_write_session_ticket_ext( ssl, p + 2 + ext_len, + end, &olen ) ) != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_write_session_ticket_ext", ret ); + return( ret ); + } ext_len += olen; #endif @@ -1188,10 +1269,12 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ((void) olen); MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d", - ext_len ) ); + ext_len ) ); if( ext_len > 0 ) { + /* No need to check for space here, because the extension + * writing functions already took care of that. */ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( ext_len ) & 0xFF ); p += ext_len; diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index 4bf9058af..323784c26 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -134,8 +134,7 @@ static int ssl_cookie_hmac( mbedtls_md_context_t *hmac_ctx, { unsigned char hmac_out[COOKIE_MD_OUTLEN]; - if( (size_t)( end - *p ) < COOKIE_HMAC_LEN ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_HMAC_LEN ); if( mbedtls_md_hmac_reset( hmac_ctx ) != 0 || mbedtls_md_hmac_update( hmac_ctx, time, 4 ) != 0 || @@ -165,8 +164,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, if( ctx == NULL || cli_id == NULL ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - if( (size_t)( end - *p ) < COOKIE_LEN ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_CHK_BUF_PTR( *p, end, COOKIE_LEN ); #if defined(MBEDTLS_HAVE_TIME) t = (unsigned long) mbedtls_time( NULL ); diff --git a/library/ssl_ticket.c b/library/ssl_ticket.c index 8a76b42b6..6b50b55ec 100644 --- a/library/ssl_ticket.c +++ b/library/ssl_ticket.c @@ -35,6 +35,7 @@ #define mbedtls_free free #endif +#include "mbedtls/ssl_internal.h" #include "mbedtls/ssl_ticket.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" @@ -224,8 +225,7 @@ int mbedtls_ssl_ticket_write( void *p_ticket, /* We need at least 4 bytes for key_name, 12 for IV, 2 for len 16 for tag, * in addition to session itself, that will be checked when writing it. */ - if( end - start < TICKET_MIN_LEN ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); + MBEDTLS_SSL_CHK_BUF_PTR( start, end, TICKET_MIN_LEN ); #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) From b4c0b7556d4afddcbfe3696d648fac0b7a1b2c1d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Apr 2017 14:54:42 +0100 Subject: [PATCH 16/87] Add error condition for bad user configurations This commit adds an error condition for bad user configurations and updates the number of SSL module errors in error.h. Signed-off-by: Ronald Cron --- include/mbedtls/error.h | 2 +- include/mbedtls/ssl.h | 1 + library/error.c | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 2fb86c7eb..428800188 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -101,7 +101,7 @@ * ECP 4 10 (Started from top) * MD 5 5 * HKDF 5 1 (Started from top) - * SSL 5 1 (Started from 0x5F00) + * SSL 5 2 (Started from 0x5F00) * CIPHER 6 8 (Started from 0x6080) * SSL 6 24 (Started from top, plus 0x6000) * SSL 7 32 diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 7fec65e1d..ce95cec62 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -129,6 +129,7 @@ #define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000 /**< An encrypted DTLS-frame with an unexpected CID was received. */ #define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00 /**< An operation failed due to an unexpected version or configuration. */ #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000 /**< A cryptographic operation is in progress. Try again later. */ +#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80 /**< Invalid value in SSL config */ /* * Various constants diff --git a/library/error.c b/library/error.c index 22c7b165c..7e7f78804 100644 --- a/library/error.c +++ b/library/error.c @@ -522,6 +522,8 @@ const char * mbedtls_high_level_strerr( int error_code ) return( "SSL - An operation failed due to an unexpected version or configuration" ); case -(MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS): return( "SSL - A cryptographic operation is in progress. Try again later" ); + case -(MBEDTLS_ERR_SSL_BAD_CONFIG): + return( "SSL - Invalid value in SSL config" ); #endif /* MBEDTLS_SSL_TLS_C */ #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C) From e131bfec29565946cf1354449cc75b0fbe87378e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Apr 2017 14:54:42 +0100 Subject: [PATCH 17/87] Return error in case of bad user configurations This commits adds returns with the SSL_BAD_CONFIG error code in case of bad user configurations. Signed-off-by: Ronald Cron --- include/mbedtls/ssl_internal.h | 6 ++++++ library/ssl_cli.c | 36 ++++++++++++++++++++++++++++++---- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index d655813ab..1a3102a2c 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -207,6 +207,12 @@ : ( MBEDTLS_SSL_IN_CONTENT_LEN ) \ ) +/* Maximum size in bytes of list in sig-hash algorithm ext., RFC 5246 */ +#define MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN 65534 + +/* Maximum size in bytes of list in supported elliptic curve ext., RFC 4492 */ +#define MBEDTLS_SSL_MAX_CURVE_LIST_LEN 65535 + /* * Check that we obey the standard's message size bounds */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index e12ef00d4..118bc900c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -230,6 +230,9 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding signature_algorithms extension" ) ); + if( ssl->conf->sig_hashes == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + for( md = ssl->conf->sig_hashes; *md != MBEDTLS_MD_NONE; md++ ) { #if defined(MBEDTLS_ECDSA_C) @@ -238,8 +241,18 @@ static int ssl_write_signature_algorithms_ext( mbedtls_ssl_context *ssl, #if defined(MBEDTLS_RSA_C) sig_alg_len += 2; #endif + if( sig_alg_len > MBEDTLS_SSL_MAX_SIG_HASH_ALG_LIST_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "length in bytes of sig-hash-alg extension too big" ) ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } } + /* Empty signature algorithms list, this is a configuration error. */ + if( sig_alg_len == 0 ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + MBEDTLS_SSL_CHK_BUF_PTR( p, end, sig_alg_len + 6 ); /* @@ -310,6 +323,9 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding supported_elliptic_curves extension" ) ); + if( ssl->conf->curve_list == NULL ) + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + for( grp_id = ssl->conf->curve_list; *grp_id != MBEDTLS_ECP_DP_NONE; grp_id++ ) @@ -319,13 +335,21 @@ static int ssl_write_supported_elliptic_curves_ext( mbedtls_ssl_context *ssl, { MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid curve in ssl configuration" ) ); - return( 0 ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); } elliptic_curve_len += 2; + + if( elliptic_curve_len > MBEDTLS_SSL_MAX_CURVE_LIST_LEN ) + { + MBEDTLS_SSL_DEBUG_MSG( 3, + ( "malformed supported_elliptic_curves extension in config" ) ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); + } } + /* Empty elliptic curve list, this is a configuration error. */ if( elliptic_curve_len == 0 ) - return( 0 ); + return( MBEDTLS_ERR_SSL_BAD_CONFIG ); MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + elliptic_curve_len ); @@ -695,7 +719,7 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello, adding alpn extension" ) ); for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) - alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1; + alpnlen += strlen( *cur ) + 1; MBEDTLS_SSL_CHK_BUF_PTR( p, end, 6 + alpnlen ); @@ -715,7 +739,11 @@ static int ssl_write_alpn_ext( mbedtls_ssl_context *ssl, for( cur = ssl->conf->alpn_list; *cur != NULL; cur++ ) { - *p = (unsigned char)( strlen( *cur ) & 0xFF ); + /* + * mbedtls_ssl_conf_set_alpn_protocols() checked that the length of + * protocol names is less than 255. + */ + *p = (unsigned char)strlen( *cur ); memcpy( p + 1, *cur, *p ); p += 1 + *p; } From 8216dd3f34cb1d48c88a6a15779b6727afc02425 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 23 Apr 2020 16:41:44 +0200 Subject: [PATCH 18/87] Use defines to check alpn ext list validity Signed-off-by: Ronald Cron --- include/mbedtls/ssl.h | 3 +++ library/ssl_tls.c | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index ce95cec62..462cf44bc 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -144,6 +144,9 @@ #define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS */ #define MBEDTLS_SSL_MAX_HOST_NAME_LEN 255 /*!< Maximum host name defined in RFC 1035 */ +#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN 255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */ + +#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN 65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */ /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c * NONE must be zero so that memset()ing structure to zero works */ diff --git a/library/ssl_tls.c b/library/ssl_tls.c index ccfc4bdaa..57a6a5adf 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -4652,7 +4652,9 @@ int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **prot cur_len = strlen( *p ); tot_len += cur_len; - if( cur_len == 0 || cur_len > 255 || tot_len > 65535 ) + if( ( cur_len == 0 ) || + ( cur_len > MBEDTLS_SSL_MAX_ALPN_NAME_LEN ) || + ( tot_len > MBEDTLS_SSL_MAX_ALPN_LIST_LEN ) ) return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); } From 565b52bb727a81b82ad07a9bcca5ca033b554a24 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Fri, 29 May 2020 22:46:56 +0200 Subject: [PATCH 19/87] mbedtls_x509_crt_parse_der_with_ext_cb improvement Continue parsing when the callback fails to parse a non critical exception. Also document the behaviour more extensively and pass the callback error code to the caller unaltered. See https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630548 and https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630968 Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 16 +++++++++++++--- library/x509_crt.c | 4 ++-- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 296b472a7..9a9b397d9 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -317,9 +317,14 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * \param p Pointer to the start of the extension value * (the content of the OCTET STRING). * \param end End of extension value. - * - * \note The callback must fail and return a negative error code if - * it can not parse or does not support the extension. + * + * \note The callback must fail and return a negative error code + * if it can not parse or does not support the extension. + * When the callback fails to parse a critical extension + * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. + * When the callback fails to parse a non critical extension + * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips + * the extension and continues parsing. * * \return \c 0 on success. * \return A negative error code on failure. @@ -358,6 +363,11 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, * certificate extension. * The callback must return a negative error code if it * does not know how to handle such an extension. + * When the callback fails to parse a critical extension + * mbedtls_x509_crt_parse_der_with_ext_cb() also fails. + * When the callback fails to parse a non critical extension + * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips + * the extension and continues parsing. * * \return \c 0 if successful. * \return A negative error code on failure. diff --git a/library/x509_crt.c b/library/x509_crt.c index 99d3be200..490b52454 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -961,8 +961,8 @@ static int x509_get_crt_ext( unsigned char **p, if( cb != NULL ) { ret = cb( p_ctx, crt, &extn_oid, is_critical, *p, end_ext_octet ); - if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + if( ret != 0 && is_critical ) + return( ret ); *p = end_ext_octet; continue; } From e58b4638e594a0ac16a19e40d96da09508f0a7ff Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Fri, 29 May 2020 22:58:25 +0200 Subject: [PATCH 20/87] Unsupported extension tests in test_suite_x509parse All combinations of critical or not, recognized or not by the callback are now tested as requested in https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647880 In addition pass the OID of the unsupported extension to be parsed to the callback using the opaque pointer, which makes the tests fail if the library forwards the wrong pointer to the callback, as requested in https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647392 Signed-off-by: Nicola Di Lieto --- tests/suites/test_suite_x509parse.data | 14 +++++++++++++- tests/suites/test_suite_x509parse.function | 17 ++++++++++++----- 2 files changed, 25 insertions(+), 6 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index f5345e293..37e759feb 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1992,10 +1992,22 @@ X509 CRT ASN1 (Unsupported critical extension) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION x509parse_crt:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -X509 CRT ASN1 (Unsupported critical extension with callback) +X509 CRT ASN1 (Unsupported critical extension recognized by callback) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 +X509 CRT ASN1 (Unsupported critical extension not recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101ff0403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG + +X509 CRT ASN1 (Unsupported non critical extension recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011f0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 + +X509 CRT ASN1 (Unsupported non critical extension not recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 0e2719d8e..54e515673 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -305,12 +305,14 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, int critical, const unsigned char *p, const unsigned char *end ) { - ( void ) p_ctx; ( void ) crt; ( void ) p; ( void ) end; - if( MBEDTLS_OID_CMP( MBEDTLS_OID_PKIX "\x01\x1F", oid ) != 0 && critical != 0 ) - return( MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + ( void ) critical; + mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx; + if( new_oid == NULL || new_oid->tag != oid->tag || new_oid->len != oid->len || + memcmp(new_oid->p, oid->p, oid->len) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); return( 0 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C */ @@ -822,13 +824,18 @@ exit: void x509parse_crt_cb( data_t * buf, char * result_str, int result ) { mbedtls_x509_crt crt; + mbedtls_x509_buf oid; unsigned char output[2000]; int res; + oid.tag = MBEDTLS_ASN1_OID; + oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F"); + oid.p = (unsigned char *)MBEDTLS_OID_PKIX "\x01\x1F"; + mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, NULL ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, &oid ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -843,7 +850,7 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); memset( output, 0, 2000 ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, NULL ) == ( result ) ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, &oid ) == ( result ) ); if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); From 110a794e93795ebaffb21a1de91de9c572fb29c7 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Fri, 29 May 2020 23:27:47 +0200 Subject: [PATCH 21/87] Add ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt Signed-off-by: Nicola Di Lieto --- .../new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt diff --git a/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt b/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt new file mode 100644 index 000000000..fdea746de --- /dev/null +++ b/ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt @@ -0,0 +1,5 @@ +Features + * Add new mbedtls_x509_crt_parse_der_with_ext_cb() routine which allows + parsing unsupported certificate extensions via user provided callback. + Contributed by Nicola Di Lieto in #3243 as + a solution to #3241. From bf7ae6fb25a4722886880f5d23de671bd4dbcecc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:19:09 +0200 Subject: [PATCH 22/87] Silence dd invocation in all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It brings no value and distracts us from the actual content. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0a9d8063f..06d9c5c35 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1886,7 +1886,7 @@ run_component () { # Unconditionally create a seedfile that's sufficiently long. # Do this before each component, because a previous component may # have messed it up or shortened it. - dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 + dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 >/dev/null 2>&1 # Run the component code. "$@" From 2b2bdaa793d42d58f7048d46859224041d4ea6a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:28:07 +0200 Subject: [PATCH 23/87] Add a --quiet option to all.sh MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The primary purpose is to use it to run all.sh -k -q in the pre-push hook, but this can be useful in any circumstance where you're not interested in the full output from each component and just want a short summary of which components were run (and if any failed). Note that only stdout from components is suppressed, stderr is preserved so that errors are reported. This means components should avoid printing to stderr in normal usage (ie in the absence of errors). Currently all the `check_*` components obey this convention except: - check_generate_test_code: unittest prints progress to stderr - check_test_cases: lots of non-fatal warnings printed to stderr These components will be fixed in follow-up commits. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 06d9c5c35..fb9e50f99 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -120,6 +120,7 @@ pre_initialize_variables () { append_outcome=0 MEMORY=0 FORCE=0 + QUIET=0 KEEP_GOING=0 : ${MBEDTLS_TEST_OUTCOME_FILE=} @@ -200,6 +201,7 @@ Special options: --list-components List components supported on this platform and exit. General options: + -q|--quiet Only output component names, and errors if any. -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. @@ -215,6 +217,7 @@ General options: --no-force Refuse to overwrite modified files (default). --no-keep-going Stop at the first error (default). --no-memory No additional memory tests (default). + --no-quiet Print full ouput from components. --out-of-source-dir= Directory used for CMake out-of-source build tests. --outcome-file= File where test outcomes are written (not done if empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). @@ -288,6 +291,11 @@ msg() else current_section="$1" fi + + if [ $QUIET -eq 1 ]; then + return + fi + echo "" echo "******************************************************************" echo "* $current_section " @@ -363,11 +371,13 @@ pre_parse_command_line () { --no-force) FORCE=0;; --no-keep-going) KEEP_GOING=0;; --no-memory) MEMORY=0;; + --no-quiet) QUIET=0;; --openssl) shift; OPENSSL="$1";; --openssl-legacy) shift; OPENSSL_LEGACY="$1";; --openssl-next) shift; OPENSSL_NEXT="$1";; --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --quiet|-q) QUIET=1;; --random-seed) unset SEED;; --release-test|-r) SEED=1;; --seed|-s) shift; SEED="$1";; @@ -449,7 +459,7 @@ pre_setup_keep_going () { failure_summary="$failure_summary $text" failure_count=$((failure_count + 1)) - echo "${start_red}^^^^$text^^^^${end_color}" + echo "${start_red}^^^^$text^^^^${end_color}" >&2 fi } make () { @@ -495,6 +505,18 @@ not() { ! "$@" } +pre_setup_quiet_redirect () { + if [ $QUIET -ne 1 ]; then + redirect_out () { + "$@" + } + else + redirect_out () { + "$@" >/dev/null + } + fi +} + pre_prepare_outcome_file () { case "$MBEDTLS_TEST_OUTCOME_FILE" in [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";; @@ -505,6 +527,10 @@ pre_prepare_outcome_file () { } pre_print_configuration () { + if [ $QUIET -eq 1 ]; then + return + fi + msg "info: $0 configuration" echo "MEMORY: $MEMORY" echo "FORCE: $FORCE" @@ -579,6 +605,11 @@ pre_check_tools () { "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";; esac + # past this point, no call to check_tool, only printing output + if [ $QUIET -eq 1 ]; then + return + fi + msg "info: output_env.sh" case $RUN_COMPONENTS in *_armcc*) @@ -1889,10 +1920,15 @@ run_component () { dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 >/dev/null 2>&1 # Run the component code. - "$@" + if [ $QUIET -eq 1 ]; then + # msg() is silenced, so just print the component name here + echo "${current_component#component_}" + fi + redirect_out "$@" # Restore the build tree to a clean state. cleanup + current_component="" } # Preliminary setup @@ -1910,6 +1946,7 @@ else "$@" } fi +pre_setup_quiet_redirect pre_prepare_outcome_file pre_print_configuration pre_check_tools From dfb114a84307d2fe292db643115ddf7eda967563 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:40:08 +0200 Subject: [PATCH 24/87] Make check_generate_test_code more -q friendly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index fb9e50f99..e89e5ea27 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1886,7 +1886,10 @@ component_check_python_files () { component_check_generate_test_code () { msg "uint test: generate_test_code.py" - record_status ./tests/scripts/test_generate_test_code.py + # unittest writes out mundane stuff like number or tests run on stderr. + # Our convention is to reserve stderr for actual errors, and write + # harmless info on stdout so it can be suppress with --quiet. + record_status ./tests/scripts/test_generate_test_code.py 2>&1 } ################################################################ From a9119167e0739ca77b0ac24804618a8b8bfaaa53 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:51:40 +0200 Subject: [PATCH 25/87] Make component_check_test_cases more -q frienly MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index e89e5ea27..1640dbe48 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -675,7 +675,12 @@ component_check_names () { component_check_test_cases () { msg "Check: test case descriptions" # < 1s - record_status tests/scripts/check-test-cases.py + if [ $QUIET -eq 1 ]; then + OPT='--quiet' + else + OPT='' + fi + record_status tests/scripts/check-test-cases.py $OPT } component_check_doxygen_warnings () { From 129e13cb1251e184c4848ec03d34c457f8bca3ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Jun 2020 11:54:25 +0200 Subject: [PATCH 26/87] Use all.sh in pre-push hook MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The list in the pre-push hook was redundant with the list of `check_*` components in all.sh, and unsurprisingly it was outdated. Missing components were: - check_recursion - check_changelog - check_test_cases - check_python_files - check_generate_test_code Signed-off-by: Manuel Pégourié-Gonnard --- tests/git-scripts/pre-push.sh | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index 86edf5a30..132e0b01a 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -32,18 +32,4 @@ echo "URL is $URL" set -eu -run_test() -{ - TEST=$1 - echo "running '$TEST'" - if ! `$TEST > /dev/null 2>&1`; then - echo "test '$TEST' failed" - return 1 - fi -} - -run_test ./tests/scripts/check-doxy-blocks.pl -run_test ./tests/scripts/check-names.sh -run_test ./tests/scripts/check-generated-files.sh -run_test ./tests/scripts/check-files.py -run_test ./tests/scripts/doxygen.sh +tests/scripts/all.sh -q -k 'check_*' From 742f1a45281a41cb1a690593aa2e4ed359ed8ff7 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 15:01:32 +0200 Subject: [PATCH 27/87] Add a const annotation to the non-changing argument of mpi_sub_mul Signed-off-by: Gilles Peskine --- library/bignum.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index d56a16e76..8c9e9f46a 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1330,7 +1330,9 @@ cleanup: /* * Helper for mbedtls_mpi subtraction */ -static void mpi_sub_hlp( size_t n, mbedtls_mpi_uint *s, mbedtls_mpi_uint *d ) +static void mpi_sub_hlp( size_t n, + const mbedtls_mpi_uint *s, + mbedtls_mpi_uint *d ) { size_t i; mbedtls_mpi_uint c, z; From 4e91d473c30471adc196e47456f85607ddefe8ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 20:55:15 +0200 Subject: [PATCH 28/87] Revert "Shut up a clang-analyzer warning" This reverts commit 2cc69fffcf431085f18f4e59c3c5188297f97b87. A check was added in mpi_montmul because clang-analyzer warned about a possibly null pointer. However this was a false positive. Recent versions of clang-analyzer no longer emit a warning (3.6 does, 6 doesn't). Incidentally, the size check was wrong: mpi_montmul needs T->n >= 2 * (N->n + 1), not just T->n >= N->n + 1. Given that this is an internal function which is only used from one public function and in a tightly controlled way, remove both the null check (which is of low value to begin with) and the size check (which would be slightly more valuable, but was wrong anyway). This allows the function not to need to return an error, which makes the source code a little easier to read and makes the object code a little smaller. Signed-off-by: Gilles Peskine --- library/bignum.c | 33 ++++++++++++++------------------- 1 file changed, 14 insertions(+), 19 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 8c9e9f46a..4869d60cc 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1980,15 +1980,12 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) /* * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) */ -static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, +static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { size_t i, n, m; mbedtls_mpi_uint u0, u1, *d; - if( T->n < N->n + 1 || T->p == NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - memset( T->p, 0, T->n * ciL ); d = T->p; @@ -2016,15 +2013,13 @@ static int mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi else /* prevent timing attacks */ mpi_sub_hlp( n, A->p, T->p ); - - return( 0 ); } /* * Montgomery reduction: A = A * R^-1 mod N */ -static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, - mbedtls_mpi_uint mm, const mbedtls_mpi *T ) +static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, + mbedtls_mpi_uint mm, const mbedtls_mpi *T ) { mbedtls_mpi_uint z = 1; mbedtls_mpi U; @@ -2032,7 +2027,7 @@ static int mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, U.n = U.s = (int) z; U.p = &z; - return( mpi_montmul( A, &U, N, mm, T ) ); + mpi_montmul( A, &U, N, mm, T ); } /* @@ -2118,13 +2113,13 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, else MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[1], A ) ); - MBEDTLS_MPI_CHK( mpi_montmul( &W[1], &RR, N, mm, &T ) ); + mpi_montmul( &W[1], &RR, N, mm, &T ); /* * X = R^2 * R^-1 mod N = R mod N */ MBEDTLS_MPI_CHK( mbedtls_mpi_copy( X, &RR ) ); - MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); + mpi_montred( X, N, mm, &T ); if( wsize > 1 ) { @@ -2137,7 +2132,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[j], &W[1] ) ); for( i = 0; i < wsize - 1; i++ ) - MBEDTLS_MPI_CHK( mpi_montmul( &W[j], &W[j], N, mm, &T ) ); + mpi_montmul( &W[j], &W[j], N, mm, &T ); /* * W[i] = W[i - 1] * W[1] @@ -2147,7 +2142,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, MBEDTLS_MPI_CHK( mbedtls_mpi_grow( &W[i], N->n + 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &W[i], &W[i - 1] ) ); - MBEDTLS_MPI_CHK( mpi_montmul( &W[i], &W[1], N, mm, &T ) ); + mpi_montmul( &W[i], &W[1], N, mm, &T ); } } @@ -2184,7 +2179,7 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, /* * out of window, square X */ - MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); + mpi_montmul( X, X, N, mm, &T ); continue; } @@ -2202,12 +2197,12 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, * X = X^wsize R^-1 mod N */ for( i = 0; i < wsize; i++ ) - MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); + mpi_montmul( X, X, N, mm, &T ); /* * X = X * W[wbits] R^-1 mod N */ - MBEDTLS_MPI_CHK( mpi_montmul( X, &W[wbits], N, mm, &T ) ); + mpi_montmul( X, &W[wbits], N, mm, &T ); state--; nbits = 0; @@ -2220,18 +2215,18 @@ int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, */ for( i = 0; i < nbits; i++ ) { - MBEDTLS_MPI_CHK( mpi_montmul( X, X, N, mm, &T ) ); + mpi_montmul( X, X, N, mm, &T ); wbits <<= 1; if( ( wbits & ( one << wsize ) ) != 0 ) - MBEDTLS_MPI_CHK( mpi_montmul( X, &W[1], N, mm, &T ) ); + mpi_montmul( X, &W[1], N, mm, &T ); } /* * X = A^E * R * R^-1 mod N = A^E mod N */ - MBEDTLS_MPI_CHK( mpi_montred( X, N, mm, &T ) ); + mpi_montred( X, N, mm, &T ); if( neg && E->n != 0 && ( E->p[0] & 1 ) != 0 ) { From 2a82f72703c3cbb90697c13bdf57184c0547b653 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 15:00:49 +0200 Subject: [PATCH 29/87] Document some internal bignum functions Signed-off-by: Gilles Peskine --- library/bignum.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 4869d60cc..24c492633 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1328,7 +1328,8 @@ cleanup: } /* - * Helper for mbedtls_mpi subtraction + * Helper for mbedtls_mpi subtraction: + * d -= s where d and s have the same size and d >= s. */ static void mpi_sub_hlp( size_t n, const mbedtls_mpi_uint *s, @@ -1977,8 +1978,27 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) *mm = ~x + 1; } -/* - * Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) +/** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) + * + * \param[in,out] A One of the numbers to multiply. + * It must have at least one more limb than N + * (A->n >= N->n + 1). + * On successful completion, A contains the result of + * the multiplication A * B * R^-1 mod N where + * R = (2^ciL)^n. + * \param[in] B One of the numbers to multiply. + * It must be nonzero and must not have more limbs than N + * (B->n <= N->n). + * \param[in] N The modulo. N must be odd. + * \param mm The value calculated by `mpi_montg_init(&mm, N)`. + * This is -N^-1 mod 2^ciL. + * \param[in,out] T A bignum for temporary storage. + * It must be at least twice the limb size of N plus 2 + * (T->n >= 2 * (N->n + 1)). + * Its initial content is unused and + * its final content is indeterminate. + * Note that unlike the usual convention in the library + * for `const mbedtls_mpi*`, the content of T can change. */ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) @@ -2008,6 +2028,8 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi memcpy( A->p, d, ( n + 1 ) * ciL ); + /* If A >= N then A -= N. Do the subtraction unconditionally to prevent + * timing attacks. Modify T as a side effect. */ if( mbedtls_mpi_cmp_abs( A, N ) >= 0 ) mpi_sub_hlp( n, N->p, A->p ); else @@ -2017,6 +2039,8 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi /* * Montgomery reduction: A = A * R^-1 mod N + * + * See mpi_montmul() regarding constraints and guarantees on the parameters. */ static void mpi_montred( mbedtls_mpi *A, const mbedtls_mpi *N, mbedtls_mpi_uint mm, const mbedtls_mpi *T ) From f04d11e8b27d399c5f0ad079a0409320dcb646d6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 19:14:58 +0200 Subject: [PATCH 30/87] Separate out low-level mpi_safe_cond_assign Separate out a version of mpi_safe_cond_assign that works on equal-sized limb arrays, without worrying about allocation sizes or signs. Signed-off-by: Gilles Peskine --- library/bignum.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 24c492633..33534874f 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -243,6 +243,22 @@ void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y ) memcpy( Y, &T, sizeof( mbedtls_mpi ) ); } +/* + * Conditionally assign dest = src, without leaking information + * about whether the assignment was made or not. + * dest and src must be arrays of limbs of size n. + * assign must be 0 or 1. + */ +static void mpi_safe_cond_assign( size_t n, + mbedtls_mpi_uint *dest, + const mbedtls_mpi_uint *src, + unsigned char assign ) +{ + size_t i; + for( i = 0; i < n; i++ ) + dest[i] = dest[i] * ( 1 - assign ) + src[i] * assign; +} + /* * Conditionally assign X = Y, without leaking information * about whether the assignment was made or not. @@ -262,10 +278,9 @@ int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned X->s = X->s * ( 1 - assign ) + Y->s * assign; - for( i = 0; i < Y->n; i++ ) - X->p[i] = X->p[i] * ( 1 - assign ) + Y->p[i] * assign; + mpi_safe_cond_assign( Y->n, X->p, Y->p, assign ); - for( ; i < X->n; i++ ) + for( i = Y->n; i < X->n; i++ ) X->p[i] *= ( 1 - assign ); cleanup: From 132c0976e9867eb316bbdd27b8343a25532cbdc3 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 21:05:24 +0200 Subject: [PATCH 31/87] Remove a secret-dependent branch in Montgomery multiplication In mpi_montmul, an auxiliary function for modular exponentiation (mbedtls_mpi_mod_exp) that performs Montgomery multiplication, the last step is a conditional subtraction to force the result into the correct range. The current implementation uses a branch and therefore may leak information about secret data to an adversary who can observe what branch is taken through a side channel. Avoid this potential leak by always doing the same subtraction and doing a contant-trace conditional assignment to set the result. Signed-off-by: Gilles Peskine --- library/bignum.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 33534874f..aecd461b2 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2044,12 +2044,15 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi memcpy( A->p, d, ( n + 1 ) * ciL ); /* If A >= N then A -= N. Do the subtraction unconditionally to prevent - * timing attacks. Modify T as a side effect. */ - if( mbedtls_mpi_cmp_abs( A, N ) >= 0 ) - mpi_sub_hlp( n, N->p, A->p ); - else - /* prevent timing attacks */ - mpi_sub_hlp( n, A->p, T->p ); + * timing attacks. */ + /* Set d to A + (2^biL)^n - N. */ + d[n] += 1; + mpi_sub_hlp( n, N->p, d ); + /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. + * So we want to copy the result of the subtraction iff d->p[n] != 0. + * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ + mpi_safe_cond_assign( n + 1, A->p, d, d[n] ); + A->p[n] = 0; } /* From d55bfe962a57a1c12297471f6c623412d7566269 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 4 Jun 2020 21:38:26 +0200 Subject: [PATCH 32/87] Add changelog entry: fix #3394 Signed-off-by: Gilles Peskine --- ChangeLog.d/montmul-cmp-branch.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/montmul-cmp-branch.txt diff --git a/ChangeLog.d/montmul-cmp-branch.txt b/ChangeLog.d/montmul-cmp-branch.txt new file mode 100644 index 000000000..59945188a --- /dev/null +++ b/ChangeLog.d/montmul-cmp-branch.txt @@ -0,0 +1,6 @@ +Security + * Fix a side channel vulnerability in modular exponentiation that could + reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee, + Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute + of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul + Strackx (Fortanix) in #3394. From 026f555df39824d9382fc3a43f200709f6ade108 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 5 Jun 2020 10:48:25 +0200 Subject: [PATCH 33/87] Explicitly cast down from mbedtls_mpi_uint to unsigned char Let code analyzers know that this is deliberate. For example MSVC warns about the conversion if it's implicit. Signed-off-by: Gilles Peskine --- library/bignum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/bignum.c b/library/bignum.c index aecd461b2..487f1ef9c 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2051,7 +2051,7 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. * So we want to copy the result of the subtraction iff d->p[n] != 0. * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ - mpi_safe_cond_assign( n + 1, A->p, d, d[n] ); + mpi_safe_cond_assign( n + 1, A->p, d, (unsigned char) d[n] ); A->p[n] = 0; } From f1f180a6a19408023b04fdb2361c404c378006fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jun 2020 10:46:35 +0200 Subject: [PATCH 34/87] all.sh: keep dd output in non-quiet mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since dd prints everything on stderr, both normal status update and actual errors when they occur, redirecting that to /dev/null is a trade-off that's acceptable in quiet mode (typically used on a developer's machine and the developer will re-run in non-quiet mode if anything fails without sufficient detail in the output), but not that much in non-quiet mode. For example, if our dd invocation fails because the disk in full on a CI machine, we want the error to be reported at the time we invoke dd, and not later when a seemingly unrelated test fails due to an incorrect seedfile. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1640dbe48..f2b346359 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -510,10 +510,16 @@ pre_setup_quiet_redirect () { redirect_out () { "$@" } + redirect_err () { + "$@" + } else redirect_out () { "$@" >/dev/null } + redirect_err () { + "$@" 2>/dev/null + } fi } @@ -1925,7 +1931,7 @@ run_component () { # Unconditionally create a seedfile that's sufficiently long. # Do this before each component, because a previous component may # have messed it up or shortened it. - dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 >/dev/null 2>&1 + redirect_err dd if=/dev/urandom of=./tests/seedfile bs=64 count=1 # Run the component code. if [ $QUIET -eq 1 ]; then From 304b0995342d7b77b3817f74f864633d09e9e7a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jun 2020 10:59:41 +0200 Subject: [PATCH 35/87] all.sh: clean up some uses of "local" variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit While pure sh doesn't have a concept of local variables, we can partially emulate them by unsetting variables before we exit the function, and use the convention of giving them lowercase names to distinguish from global variables. Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index f2b346359..32efc1d1f 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -682,11 +682,12 @@ component_check_names () { component_check_test_cases () { msg "Check: test case descriptions" # < 1s if [ $QUIET -eq 1 ]; then - OPT='--quiet' + opt='--quiet' else - OPT='' + opt='' fi - record_status tests/scripts/check-test-cases.py $OPT + record_status tests/scripts/check-test-cases.py $opt + unset opt } component_check_doxygen_warnings () { @@ -1942,7 +1943,7 @@ run_component () { # Restore the build tree to a clean state. cleanup - current_component="" + unset current_component } # Preliminary setup From e050191ef58733726f1a23858190c5b3b8a62ba9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 8 Jun 2020 12:59:27 +0200 Subject: [PATCH 36/87] Make basic-build-test.sh deterministic MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 8 ++++++-- tests/scripts/basic-build-test.sh | 5 +++++ 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d911d493a..00bf997f5 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -122,6 +122,10 @@ pre_initialize_variables () { FORCE=0 KEEP_GOING=0 + # Seed value used with the --release-test option. + # !!! Keep this in sync with SEED in basic-build-test.sh !!! + RELEASE_SEED=1 + : ${MBEDTLS_TEST_OUTCOME_FILE=} : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} export MBEDTLS_TEST_OUTCOME_FILE @@ -219,7 +223,7 @@ General options: --outcome-file= File where test outcomes are written (not done if empty; default: \$MBEDTLS_TEST_OUTCOME_FILE). --random-seed Use a random seed value for randomized tests (default). - -r|--release-test Run this script in release mode. This fixes the seed value to 1. + -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}. -s|--seed Integer seed value to use for this test run. Tool path options: @@ -369,7 +373,7 @@ pre_parse_command_line () { --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";; --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; --random-seed) unset SEED;; - --release-test|-r) SEED=1;; + --release-test|-r) SEED=$RELEASE_SEED;; --seed|-s) shift; SEED="$1";; -*) echo >&2 "Unknown option: $1" diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 0be870587..f91b14466 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -43,6 +43,11 @@ fi : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} +# Used to make ssl-opt.sh deterministic. +# !!! Keep this in sync with RELEASE_SEED in all.sh !!! +: ${SEED:=1} +export SEED + # To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh # we just export the variables they require export OPENSSL_CMD="$OPENSSL" From 37ecc61836da2b5be50112479828e7c0ca147ee1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Jun 2020 22:05:13 +0200 Subject: [PATCH 37/87] More logical parameter order for mpi_sub_hlp mpi_sub_hlp performs a subtraction A - B, but took parameters in the order (B, A). Swap the parameters so that they match the usual mathematical syntax. This has the additional benefit of putting the output parameter (A) first, which is the normal convention in this module. Signed-off-by: Gilles Peskine --- library/bignum.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 487f1ef9c..64ea872e0 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1347,8 +1347,8 @@ cleanup: * d -= s where d and s have the same size and d >= s. */ static void mpi_sub_hlp( size_t n, - const mbedtls_mpi_uint *s, - mbedtls_mpi_uint *d ) + mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *s ) { size_t i; mbedtls_mpi_uint c, z; @@ -1403,7 +1403,7 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( B->p[n - 1] != 0 ) break; - mpi_sub_hlp( n, B->p, X->p ); + mpi_sub_hlp( n, X->p, B->p ); cleanup: @@ -2047,7 +2047,7 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi * timing attacks. */ /* Set d to A + (2^biL)^n - N. */ d[n] += 1; - mpi_sub_hlp( n, N->p, d ); + mpi_sub_hlp( n, d, N->p ); /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. * So we want to copy the result of the subtraction iff d->p[n] != 0. * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ From c097e9ea45f12bd8cb2f2ffa40a9181dba898b91 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Jun 2020 21:58:22 +0200 Subject: [PATCH 38/87] Move carry propagation out of mpi_sub_hlp The function mpi_sub_hlp had confusing semantics: although it took a size parameter, it accessed the limb array d beyond this size, to propagate the carry. This made the function difficult to understand and analyze, with a potential buffer overflow if misused (not enough room to propagate the carry). Change the function so that it only performs the subtraction within the specified number of limbs, and returns the carry. Move the carry propagation out of mpi_sub_hlp and into its caller mbedtls_mpi_sub_abs. This makes the code of subtraction very slightly less neat, but not significantly different. In the one other place where mpi_sub_hlp is used, namely mpi_montmul, this is a net win because the carry is potentially sensitive data and the function carefully arranges to not have to propagate it. Signed-off-by: Gilles Peskine --- library/bignum.c | 37 +++++++++++++++++++++++++------------ 1 file changed, 25 insertions(+), 12 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 64ea872e0..0fddef2ac 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1343,12 +1343,23 @@ cleanup: } /* - * Helper for mbedtls_mpi subtraction: - * d -= s where d and s have the same size and d >= s. + * Helper for mbedtls_mpi subtraction. + * + * Calculate d - s where d and s have the same size. + * This function operates modulo (2^ciL)^n and returns the carry + * (1 if there was a wraparound, i.e. if `d < s`, and 0 otherwise). + * + * \param n Number of limbs of \p d and \p s. + * \param[in,out] d On input, the left operand. + * On output, the result of the subtraction: + * \param[s] The right operand. + * + * \return 1 if `d < s`. + * 0 if `d >= s`. */ -static void mpi_sub_hlp( size_t n, - mbedtls_mpi_uint *d, - const mbedtls_mpi_uint *s ) +static mbedtls_mpi_uint mpi_sub_hlp( size_t n, + mbedtls_mpi_uint *d, + const mbedtls_mpi_uint *s ) { size_t i; mbedtls_mpi_uint c, z; @@ -1359,11 +1370,7 @@ static void mpi_sub_hlp( size_t n, c = ( *d < *s ) + z; *d -= *s; } - while( c != 0 ) - { - z = ( *d < c ); *d -= c; - c = z; d++; - } + return( c ); } /* @@ -1374,6 +1381,7 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi mbedtls_mpi TB; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; + mbedtls_mpi_uint c, z; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( B != NULL ); @@ -1403,7 +1411,12 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( B->p[n - 1] != 0 ) break; - mpi_sub_hlp( n, X->p, B->p ); + c = mpi_sub_hlp( n, X->p, B->p ); + while( c != 0 ) + { + z = ( X->p[n] < c ); X->p[n] -= c; + c = z; n++; + } cleanup: @@ -2047,7 +2060,7 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi * timing attacks. */ /* Set d to A + (2^biL)^n - N. */ d[n] += 1; - mpi_sub_hlp( n, d, N->p ); + d[n] -= mpi_sub_hlp( n, d, N->p ); /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. * So we want to copy the result of the subtraction iff d->p[n] != 0. * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ From 221626f2d3fb8712a4e171240a909a1eb464ce53 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Jun 2020 22:37:50 +0200 Subject: [PATCH 39/87] Simplify the final reduction in mpi_montmul There was some confusion during review about when A->p[n] could be nonzero. In fact, there is no need to set A->p[n]: only the intermediate result d might need to extend to n+1 limbs, not the final result A. So never access A->p[n]. Rework the explanation of the calculation in a way that should be easier to follow. Signed-off-by: Gilles Peskine --- library/bignum.c | 29 ++++++++++++++++++----------- 1 file changed, 18 insertions(+), 11 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 0fddef2ac..7a81f33b1 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -2009,8 +2009,8 @@ static void mpi_montg_init( mbedtls_mpi_uint *mm, const mbedtls_mpi *N ) /** Montgomery multiplication: A = A * B * R^-1 mod N (HAC 14.36) * * \param[in,out] A One of the numbers to multiply. - * It must have at least one more limb than N - * (A->n >= N->n + 1). + * It must have at least as many limbs as N + * (A->n >= N->n), and any limbs beyond n are ignored. * On successful completion, A contains the result of * the multiplication A * B * R^-1 mod N where * R = (2^ciL)^n. @@ -2054,18 +2054,25 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi *d++ = u0; d[n + 1] = 0; } - memcpy( A->p, d, ( n + 1 ) * ciL ); + /* At this point, d is either the desired result or the desired result + * plus N. We now potentially subtract N, avoiding leaking whether the + * subtraction is performed through side channels. */ - /* If A >= N then A -= N. Do the subtraction unconditionally to prevent - * timing attacks. */ - /* Set d to A + (2^biL)^n - N. */ + /* Copy the n least significant limbs of d to A, so that + * A = d if d < N (recall that N has n limbs). */ + memcpy( A->p, d, n * ciL ); + /* If d >= N then we want to set A to N - d. To prevent timing attacks, + * do the calculation without using conditional tests. */ + /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */ d[n] += 1; d[n] -= mpi_sub_hlp( n, d, N->p ); - /* Now d - (2^biL)^n = A - N so d >= (2^biL)^n iff A >= N. - * So we want to copy the result of the subtraction iff d->p[n] != 0. - * Note that d->p[n] is either 0 or 1 since A - N <= N <= (2^biL)^n. */ - mpi_safe_cond_assign( n + 1, A->p, d, (unsigned char) d[n] ); - A->p[n] = 0; + /* If d0 < N then d < (2^biL)^n + * so d[n] == 0 and we want to keep A as it is. + * If d0 >= N then d >= (2^biL)^n, and d <= (2^biL)^n + N < 2 * (2^biL)^n + * so d[n] == 1 and we want to set A to the result of the subtraction + * which is d - (2^biL)^n, i.e. the n least significant limbs of d. + * This exactly corresponds to a conditional assignment. */ + mpi_safe_cond_assign( n, A->p, d, (unsigned char) d[n] ); } /* From 0e5faf64074b987284ed3305f3bb4326662a8ad5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 8 Jun 2020 22:50:35 +0200 Subject: [PATCH 40/87] mbedtls_mpi_sub_abs: check the range of the result when it happens The function mbedtls_mpi_sub_abs first checked that A >= B and then performed the subtraction, relying on the fact that A >= B to guarantee that the carry propagation would stop, and not taking advantage of the fact that the carry when subtracting two numbers can only be 0 or 1. This made the carry propagation code a little hard to follow. Write an ad hoc loop for the carry propagation, checking the size of the result. This makes termination obvious. The initial check that A >= B is no longer needed, since the function now checks that the carry propagation terminates, which is equivalent. This is a slight performance gain. Signed-off-by: Gilles Peskine --- library/bignum.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 7a81f33b1..3825820ea 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1374,20 +1374,20 @@ static mbedtls_mpi_uint mpi_sub_hlp( size_t n, } /* - * Unsigned subtraction: X = |A| - |B| (HAC 14.9) + * Unsigned subtraction: X = |A| - |B| (HAC 14.9, 14.10) */ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B ) { mbedtls_mpi TB; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t n; - mbedtls_mpi_uint c, z; + mbedtls_mpi_uint carry; MPI_VALIDATE_RET( X != NULL ); MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( B != NULL ); - if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) - return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + /* if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) */ + /* return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); */ mbedtls_mpi_init( &TB ); @@ -1411,11 +1411,17 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi if( B->p[n - 1] != 0 ) break; - c = mpi_sub_hlp( n, X->p, B->p ); - while( c != 0 ) + carry = mpi_sub_hlp( n, X->p, B->p ); + if( carry != 0 ) { - z = ( X->p[n] < c ); X->p[n] -= c; - c = z; n++; + /* Propagate the carry to the first nonzero limb of X. */ + for( ; n < X->n && X->p[n] == 0; n++ ) + --X->p[n]; + /* If we ran out of space for the carry, it means that the result + * is negative. */ + if( n == X->n ) + return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); + --X->p[n]; } cleanup: From 09ec10a32e56c11d358659ba3a2e547049520298 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 9 Jun 2020 10:39:38 +0200 Subject: [PATCH 41/87] Clean up some comments Signed-off-by: Gilles Peskine --- library/bignum.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/library/bignum.c b/library/bignum.c index 3825820ea..d9ab6f68b 100644 --- a/library/bignum.c +++ b/library/bignum.c @@ -1342,7 +1342,7 @@ cleanup: return( ret ); } -/* +/** * Helper for mbedtls_mpi subtraction. * * Calculate d - s where d and s have the same size. @@ -1352,7 +1352,7 @@ cleanup: * \param n Number of limbs of \p d and \p s. * \param[in,out] d On input, the left operand. * On output, the result of the subtraction: - * \param[s] The right operand. + * \param[in] s The right operand. * * \return 1 if `d < s`. * 0 if `d >= s`. @@ -1386,9 +1386,6 @@ int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi MPI_VALIDATE_RET( A != NULL ); MPI_VALIDATE_RET( B != NULL ); - /* if( mbedtls_mpi_cmp_abs( A, B ) < 0 ) */ - /* return( MBEDTLS_ERR_MPI_NEGATIVE_VALUE ); */ - mbedtls_mpi_init( &TB ); if( X == B ) @@ -2067,7 +2064,7 @@ static void mpi_montmul( mbedtls_mpi *A, const mbedtls_mpi *B, const mbedtls_mpi /* Copy the n least significant limbs of d to A, so that * A = d if d < N (recall that N has n limbs). */ memcpy( A->p, d, n * ciL ); - /* If d >= N then we want to set A to N - d. To prevent timing attacks, + /* If d >= N then we want to set A to d - N. To prevent timing attacks, * do the calculation without using conditional tests. */ /* Set d to d0 + (2^biL)^n - N where d0 is the current value of d. */ d[n] += 1; From 5620d71d581b7a5e9aafc56103b9655662b9826f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 9 Jun 2020 12:52:04 +0200 Subject: [PATCH 42/87] Remove hardcoded line number from the zeroize test MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Instead, we insert a comment containing GDB_BREAK_HERE in the line we want to break at, and let the gdb script search for it. Signed-off-by: Bence Szépkúti --- programs/test/zeroize.c | 12 +++++------- tests/scripts/test_zeroize.gdb | 12 +++--------- 2 files changed, 8 insertions(+), 16 deletions(-) diff --git a/programs/test/zeroize.c b/programs/test/zeroize.c index c670a6b58..e61b4707c 100644 --- a/programs/test/zeroize.c +++ b/programs/test/zeroize.c @@ -4,12 +4,10 @@ * This is a simple test application used for debugger-driven testing to check * whether calls to mbedtls_platform_zeroize() are being eliminated by compiler * optimizations. This application is used by the GDB script at - * tests/scripts/test_zeroize.gdb under the assumption that the code does not - * change often (as opposed to the library code) because the script sets a - * breakpoint at the last return statement in the main() function of this - * program. The debugger facilities are then used to manually inspect the - * memory and verify that the call to mbedtls_platform_zeroize() was not - * eliminated. + * tests/scripts/test_zeroize.gdb: the script sets a breakpoint at the last + * return statement in the main() function of this program. The debugger + * facilities are then used to manually inspect the memory and verify that the + * call to mbedtls_platform_zeroize() was not eliminated. * * Copyright (C) 2018, Arm Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -98,5 +96,5 @@ int main( int argc, char** argv ) fclose( fp ); mbedtls_platform_zeroize( buf, sizeof( buf ) ); - mbedtls_exit( exit_code ); + mbedtls_exit( exit_code ); // GDB_BREAK_HERE -- don't remove this comment! } diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index c929c88a0..8164acb9b 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -31,19 +31,13 @@ # the compiler potentially has a bug. # # Note: This test requires that the test program is compiled with -g3. -# -# WARNING: There does not seem to be a mechanism in GDB scripts to set a -# breakpoint at the end of a function (probably because there are a lot of -# complications as function can have multiple exit points, etc). Therefore, it -# was necessary to hard-code the line number of the breakpoint in the zeroize.c -# test app. The assumption is that zeroize.c is a simple test app that does not -# change often (as opposed to the actual library code), so the breakpoint line -# number does not need to be updated often. set confirm off file ./programs/test/zeroize -break zeroize.c:100 + +search GDB_BREAK_HERE +break $_ set args ./programs/test/zeroize.c run From 672257b7d92d6f5dd7f03e5ac40d186e36b76648 Mon Sep 17 00:00:00 2001 From: irwir Date: Thu, 21 May 2020 17:23:57 +0300 Subject: [PATCH 43/87] Add changelog entry Signed-off-by: irwir --- ChangeLog.d/bugfix_PR3333.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/bugfix_PR3333.txt diff --git a/ChangeLog.d/bugfix_PR3333.txt b/ChangeLog.d/bugfix_PR3333.txt new file mode 100644 index 000000000..90766ac71 --- /dev/null +++ b/ChangeLog.d/bugfix_PR3333.txt @@ -0,0 +1,2 @@ +Bugfix + * Remove unused macros from MSVC projects. Reported in #3297 and fix submitted in #3333 by irwir. From c857044e94715481c7e1222ef2b6fac221038fe1 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Wed, 15 Apr 2020 17:00:50 +0100 Subject: [PATCH 44/87] Add min/max version negotiation to unit tests Add the min/max version negotiation tests from ssl-opt.sh as unit tests for the sake of utility and easier running of tests during development Signed-off-by: Paul Elliott --- tests/suites/test_suite_ssl.data | 44 ++++++++++++-- tests/suites/test_suite_ssl.function | 87 +++++++++++++++++++++++----- 2 files changed, 109 insertions(+), 22 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index aa314dd32..d3158fd4c 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -201,19 +201,19 @@ move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TIC Handshake, SSL3 depends_on:MBEDTLS_SSL_PROTO_SSL3:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED -handshake_version:MBEDTLS_SSL_MINOR_VERSION_0:0 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0:MBEDTLS_SSL_MINOR_VERSION_0 Handshake, tls1 depends_on:MBEDTLS_SSL_PROTO_TLS1:MBEDTLS_CIPHER_MODE_CBC -handshake_version:MBEDTLS_SSL_MINOR_VERSION_1:0 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1 Handshake, tls1_1 depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC -handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:0 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2 Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2 -handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:0 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3 Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED @@ -241,11 +241,11 @@ handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0 DTLS Handshake, tls1_1 depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_DTLS -handshake_version:MBEDTLS_SSL_MINOR_VERSION_2:1 +handshake_version:1:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2:MBEDTLS_SSL_MINOR_VERSION_2 DTLS Handshake, tls1_2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS -handshake_version:MBEDTLS_SSL_MINOR_VERSION_3:1 +handshake_version:1:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3:MBEDTLS_SSL_MINOR_VERSION_3 DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384 depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS @@ -281,6 +281,38 @@ handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1 DTLS Handshake fragmentation, MFL=1024 handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1 +Handshake min/max version check, all -> 1.2 +depends_on:MBEDTLS_SSL_PROTO_TLS1_2 +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_3 + +Handshake min/max version check, cli max 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, srv max 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, cli+srv max 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, cli max 1.1, srv min 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, cli min 1.1, srv max 1.1 -> 1.1 +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_1 + +Handshake min/max version check, cli min 1.2, srv max 1.1 -> fail +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_TLS1_2 +handshake_version:0:MBEDTLS_SSL_MINOR_VERSION_2:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:TEST_SSL_MINOR_VERSION_NONE + +Handshake min/max version check, srv min 1.2, cli max 1.1 -> fail +depends_on:MBEDTLS_SSL_PROTO_TLS1_1:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_SSL_PROTO_TLS1_2 +handshake_version:0:TEST_SSL_MINOR_VERSION_NONE:MBEDTLS_SSL_MINOR_VERSION_1:MBEDTLS_SSL_MINOR_VERSION_2:TEST_SSL_MINOR_VERSION_NONE:TEST_SSL_MINOR_VERSION_NONE + Sending app data via TLS, MFL=512 without fragmentation depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1 diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6b32ca344..9d16a573b 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -36,10 +36,17 @@ void log_analyzer( void *ctx, int level, } } +/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */ +#define TEST_SSL_MINOR_VERSION_NONE -1 + typedef struct handshake_test_options { const char *cipher; - int version; + int client_min_version; + int client_max_version; + int server_min_version; + int server_max_version; + int expected_negotiated_version; int pk_alg; data_t *psk_str; int dtls; @@ -62,7 +69,11 @@ typedef struct handshake_test_options void init_handshake_options( handshake_test_options *opts ) { opts->cipher = ""; - opts->version = MBEDTLS_SSL_MINOR_VERSION_3; + opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE; + opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE; + opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE; + opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE; + opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3; opts->pk_alg = MBEDTLS_PK_RSA; opts->psk_str = NULL; opts->dtls = 0; @@ -1671,7 +1682,7 @@ void perform_handshake( handshake_test_options* options ) #if defined(MBEDTLS_SSL_RENEGOTIATION) int ret = -1; #endif - + int expected_handshake_result = 0; mbedtls_test_message_queue server_queue, client_queue; mbedtls_test_message_socket_context server_context, client_context; @@ -1697,10 +1708,18 @@ void perform_handshake( handshake_test_options* options ) options->pk_alg, NULL, NULL, NULL ) == 0 ); } - mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->version ); - mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->version ); + + if( options->client_min_version != TEST_SSL_MINOR_VERSION_NONE ) + { + mbedtls_ssl_conf_min_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->client_min_version ); + } + + if( options->client_max_version != TEST_SSL_MINOR_VERSION_NONE ) + { + mbedtls_ssl_conf_max_version( &client.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->client_max_version ); + } if( strlen( options->cipher ) > 0 ) { @@ -1737,8 +1756,18 @@ void perform_handshake( handshake_test_options* options ) mbedtls_ssl_conf_authmode( &server.conf, options->srv_auth_mode ); - mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, - options->version ); + if( options->server_min_version != TEST_SSL_MINOR_VERSION_NONE ) + { + mbedtls_ssl_conf_min_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->server_min_version ); + } + + if( options->server_max_version != TEST_SSL_MINOR_VERSION_NONE ) + { + mbedtls_ssl_conf_max_version( &server.conf, MBEDTLS_SSL_MAJOR_VERSION_3, + options->server_max_version ); + } + #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) TEST_ASSERT( mbedtls_ssl_conf_max_frag_len( &(server.conf), (unsigned char) options->mfl ) == 0 ); @@ -1803,18 +1832,36 @@ void perform_handshake( handshake_test_options* options ) } #endif + if( options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE ) + { + expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION; + } + TEST_ASSERT( mbedtls_move_handshake_to_state( &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER ) - == 0 ); + == expected_handshake_result ); + + if( expected_handshake_result != 0 ) + { + /* Connection will have failed by this point, skip to cleanup */ + goto exit; + } + TEST_ASSERT( client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); TEST_ASSERT( server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER ); + /* Check that we agree on the version... */ + TEST_ASSERT( client.ssl.minor_ver == server.ssl.minor_ver ); + + /* And check that the version negotiated is the expected one. */ + TEST_EQUAL( client.ssl.minor_ver, options->expected_negotiated_version ); + #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) if( options->resize_buffers != 0 ) { - if( options->version != MBEDTLS_SSL_MINOR_VERSION_0 && - options->version != MBEDTLS_SSL_MINOR_VERSION_1 ) + if( options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 && + options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1 ) { /* A server, when using DTLS, might delay a buffer resize to happen * after it receives a message, so we force it. */ @@ -3791,17 +3838,25 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */ -void handshake_version( int version, int dtls ) +void handshake_version( int dtls, int client_min_version, int client_max_version, + int server_min_version, int server_max_version, + int expected_negotiated_version ) { handshake_test_options options; init_handshake_options( &options ); - options.version = version; + options.client_min_version = client_min_version; + options.client_max_version = client_max_version; + options.server_min_version = server_min_version; + options.server_max_version = server_max_version; + + options.expected_negotiated_version = expected_negotiated_version; + options.dtls = dtls; /* By default, SSLv3.0 and TLSv1.0 use 1/n-1 splitting when sending data, so * the number of fragments will be twice as big. */ - if( version == MBEDTLS_SSL_MINOR_VERSION_0 || - version == MBEDTLS_SSL_MINOR_VERSION_1 ) + if( expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_0 || + expected_negotiated_version == MBEDTLS_SSL_MINOR_VERSION_1 ) { options.expected_cli_fragments = 2; options.expected_srv_fragments = 2; From 3c1b090e582f7f617b3040bc97413b6d65b23790 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?okhowang=28=E7=8E=8B=E6=B2=9B=E6=96=87=29?= Date: Wed, 25 Mar 2020 19:55:32 +0800 Subject: [PATCH 45/87] Use FindPython3 when cmake version >= 3.15.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: okhowang(王沛文) --- 3rdparty/everest/CMakeLists.txt | 2 +- CMakeLists.txt | 19 +++++++++++++++---- ChangeLog.d/use-find-python3-cmake.txt | 2 ++ programs/psa/CMakeLists.txt | 2 +- tests/CMakeLists.txt | 7 +++---- 5 files changed, 22 insertions(+), 10 deletions(-) create mode 100644 ChangeLog.d/use-find-python3-cmake.txt diff --git a/3rdparty/everest/CMakeLists.txt b/3rdparty/everest/CMakeLists.txt index 782c0c563..c27a8e5ee 100644 --- a/3rdparty/everest/CMakeLists.txt +++ b/3rdparty/everest/CMakeLists.txt @@ -10,7 +10,7 @@ set(everest_src list(APPEND everest_inc ${CMAKE_CURRENT_SOURCE_DIR}/include ${CMAKE_CURRENT_SOURCE_DIR}/include/everest ${CMAKE_CURRENT_SOURCE_DIR}/include/everest/kremlib) -execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) +execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/config.h get MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED RESULT_VARIABLE result) if(${result} EQUAL 0) diff --git a/CMakeLists.txt b/CMakeLists.txt index c84194c63..1f675c1ee 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -51,18 +51,29 @@ set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}" "${WARNING_BORDER}") # Python 3 is only needed here to check for configuration warnings. -find_package(PythonInterp 3) -if(PYTHONINTERP_FOUND) +if(NOT CMAKE_VERSION VERSION_LESS 3.15.0) + set(Python3_FIND_STRATEGY LOCATION) + find_package(Python3 COMPONENTS Interpreter) + if(Python3_Interpreter_FOUND) + set(MBEDTLS_PYTHON_EXECUTABLE ${Python3_EXECUTABLE}) + endif() +else() + find_package(PythonInterp 3) + if(PYTHONINTERP_FOUND) + set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE}) + endif() +endif() +if(MBEDTLS_PYTHON_EXECUTABLE) # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning - execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY RESULT_VARIABLE result) if(${result} EQUAL 0) message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING}) endif() # If NULL Entropy is configured, display an appropriate warning - execute_process(COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY + execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/config.h get MBEDTLS_TEST_NULL_ENTROPY RESULT_VARIABLE result) if(${result} EQUAL 0) message(WARNING ${NULL_ENTROPY_WARNING}) diff --git a/ChangeLog.d/use-find-python3-cmake.txt b/ChangeLog.d/use-find-python3-cmake.txt new file mode 100644 index 000000000..36a5171ee --- /dev/null +++ b/ChangeLog.d/use-find-python3-cmake.txt @@ -0,0 +1,2 @@ +Changes + * Use FindPython3 when cmake version >= 3.15.0 diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt index 201f987c7..4373cebc8 100644 --- a/programs/psa/CMakeLists.txt +++ b/programs/psa/CMakeLists.txt @@ -10,7 +10,7 @@ target_link_libraries(psa_constant_names mbedtls) add_custom_target( psa_constant_names_generated - COMMAND ${PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR} + COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} scripts/generate_psa_constants.py ${CMAKE_CURRENT_BINARY_DIR} WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../../ ) add_dependencies(psa_constant_names psa_constant_names_generated) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index 14a7b7e94..bd5ed8328 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -17,9 +17,8 @@ if(ENABLE_ZLIB_SUPPORT) set(libs ${libs} ${ZLIB_LIBRARIES}) endif(ENABLE_ZLIB_SUPPORT) -find_package(PythonInterp) -if(NOT PYTHONINTERP_FOUND) - message(FATAL_ERROR "Cannot build test suites without Python 2 or 3") +if(NOT MBEDTLS_PYTHON_EXECUTABLE) + message(FATAL_ERROR "Cannot build test suites without Python 3") endif() # Enable definition of various functions used throughout the testsuite @@ -43,7 +42,7 @@ function(add_test_suite suite_name) add_custom_command( OUTPUT test_suite_${data_name}.c - COMMAND ${PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o . + COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py -f ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function -d ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data -t ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function -p ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function -s ${CMAKE_CURRENT_SOURCE_DIR}/suites --helpers-file ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function -o . DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) From 02c78b78259a62e65f6b3fd25f342cf6d8ce2c03 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 27 May 2020 09:22:32 +0200 Subject: [PATCH 46/87] tests: Create an include folder Create an include folder dedicated to include files for tests. With the upcoming work on tests for PSA crypto drivers the number of includes specific to tests is going to increase significantly thus create a dedicated folder. Don't put the include files in the include folder but in include/test folder. This way test headers can be included using a test/* path pattern as mbedtls and psa headers are included using an mbedtls/* and psa/* path pattern. This makes explicit the scope of the test headers. Move the existing includes for tests into include/test and update the code and build systems (make and cmake) accordingly. Signed-off-by: Ronald Cron --- tests/.gitignore | 2 +- tests/CMakeLists.txt | 2 +- tests/Makefile | 14 +++++++------- tests/{ => include/test}/psa_crypto_helpers.h | 2 +- tests/{ => include/test}/psa_helpers.h | 0 tests/suites/test_suite_cipher.function | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_psa_crypto.function | 2 +- .../suites/test_suite_psa_crypto_entropy.function | 2 +- tests/suites/test_suite_psa_crypto_hash.function | 2 +- tests/suites/test_suite_psa_crypto_init.function | 2 +- .../test_suite_psa_crypto_persistent_key.function | 2 +- .../test_suite_psa_crypto_se_driver_hal.function | 2 +- ...t_suite_psa_crypto_se_driver_hal_mocks.function | 2 +- .../test_suite_psa_crypto_slot_management.function | 2 +- tests/suites/test_suite_psa_its.function | 2 +- 16 files changed, 21 insertions(+), 21 deletions(-) rename tests/{ => include/test}/psa_crypto_helpers.h (99%) rename tests/{ => include/test}/psa_helpers.h (100%) diff --git a/tests/.gitignore b/tests/.gitignore index fbbd0dfe2..805287eb2 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -8,4 +8,4 @@ data_files/hmac_drbg_seed data_files/ctr_drbg_seed data_files/entropy_seed -/instrument_record_status.h +include/test/instrument_record_status.h diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index bd5ed8328..cc5a9c67d 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -46,7 +46,7 @@ function(add_test_suite suite_name) DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) - include_directories(${CMAKE_CURRENT_SOURCE_DIR}) + include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include) add_executable(test_suite_${data_name} test_suite_${data_name}.c) target_link_libraries(test_suite_${data_name} ${libs}) if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX}) diff --git a/tests/Makefile b/tests/Makefile index e74bf9548..e027e127c 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -6,7 +6,7 @@ CFLAGS ?= -O2 WARNING_CFLAGS ?= -Wall -Wextra LDFLAGS ?= -LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -I../library -D_FILE_OFFSET_BITS=64 +LOCAL_CFLAGS = $(WARNING_CFLAGS) -I./include -I../include -I../library -D_FILE_OFFSET_BITS=64 LOCAL_LDFLAGS = -L../library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ @@ -110,9 +110,9 @@ $(BINARIES): %$(EXEXT): %.c $(DEP) $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ # Some test suites require additional header files. -$(filter test_suite_psa_crypto%, $(BINARIES)): psa_crypto_helpers.h +$(filter test_suite_psa_crypto%, $(BINARIES)): include/test/psa_crypto_helpers.h $(addprefix embedded_,$(filter test_suite_psa_crypto%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_crypto_helpers.h -$(filter test_suite_psa_%, $(BINARIES)): psa_helpers.h +$(filter test_suite_psa_%, $(BINARIES)): include/test/psa_helpers.h $(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mbedtls/%/psa_helpers.h clean: @@ -152,7 +152,7 @@ $(EMBEDDED_TESTS): embedded_%: suites/$$(firstword $$(subst ., ,$$*)).function s generate-target-tests: $(EMBEDDED_TESTS) define copy_header_to_target -TESTS/mbedtls/$(1)/$(2): $(2) +TESTS/mbedtls/$(1)/$(2): include/test/$(2) echo " Copy ./$$@" ifndef WINDOWS mkdir -p $$(@D) @@ -163,11 +163,11 @@ else endif endef -$(foreach app, $(APPS), $(foreach file, $(wildcard *.h), \ +$(foreach app, $(APPS), $(foreach file, $(notdir $(wildcard include/test/*.h)), \ $(eval $(call copy_header_to_target,$(app),$(file))))) ifdef RECORD_PSA_STATUS_COVERAGE_LOG -$(BINARIES): instrument_record_status.h -instrument_record_status.h: ../include/psa/crypto.h Makefile +$(BINARIES): include/test/instrument_record_status.h +include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p' endif diff --git a/tests/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h similarity index 99% rename from tests/psa_crypto_helpers.h rename to tests/include/test/psa_crypto_helpers.h index 19303de57..1dd608433 100644 --- a/tests/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -22,7 +22,7 @@ #ifndef PSA_CRYPTO_HELPERS_H #define PSA_CRYPTO_HELPERS_H -#include "psa_helpers.h" +#include "test/psa_helpers.h" #include diff --git a/tests/psa_helpers.h b/tests/include/test/psa_helpers.h similarity index 100% rename from tests/psa_helpers.h rename to tests/include/test/psa_helpers.h diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 8405f69c7..783407314 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -10,7 +10,7 @@ #endif #if defined(MBEDTLS_USE_PSA_CRYPTO) -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #endif /* END_HEADER */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index d88ca5454..a67cb4564 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -17,7 +17,7 @@ #if defined(MBEDTLS_USE_PSA_CRYPTO) #include "mbedtls/psa_util.h" -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #define PSA_INIT( ) PSA_ASSERT( psa_crypto_init( ) ) #else /* Define empty macros so that we can use them in the preamble and teardown diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function index bc95f6fb0..ae4045c74 100644 --- a/tests/suites/test_suite_psa_crypto.function +++ b/tests/suites/test_suite_psa_crypto.function @@ -9,7 +9,7 @@ * uses mbedtls_ctr_drbg internally. */ #include "mbedtls/ctr_drbg.h" -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" /* Tests that require more than 128kB of RAM plus change have this symbol * as a dependency. Currently we always define this symbol, so the tests diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function index 8538d6d8d..66c241e5e 100644 --- a/tests/suites/test_suite_psa_crypto_entropy.function +++ b/tests/suites/test_suite_psa_crypto_entropy.function @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/entropy_poll.h" -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #if defined(MBEDTLS_PSA_ITS_FILE_C) #include #else diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index d50ff5ad2..6c577c06a 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -2,7 +2,7 @@ #include -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" /* END_HEADER */ diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function index 3283ac9f6..fd4ff21fc 100644 --- a/tests/suites/test_suite_psa_crypto_init.function +++ b/tests/suites/test_suite_psa_crypto_init.function @@ -1,7 +1,7 @@ /* BEGIN_HEADER */ #include -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" /* Some tests in this module configure entropy sources. */ #include "psa_crypto_invasive.h" diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function index e2d87efd8..49ce964fb 100644 --- a/tests/suites/test_suite_psa_crypto_persistent_key.function +++ b/tests/suites/test_suite_psa_crypto_persistent_key.function @@ -9,7 +9,7 @@ #include -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #include "psa_crypto_storage.h" #include "mbedtls/md.h" diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index f95f7e526..9f44b884b 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -1,5 +1,5 @@ /* BEGIN_HEADER */ -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #include "psa/crypto_se_driver.h" #include "psa_crypto_se.h" diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function index f6acb0727..ef50a6814 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function @@ -1,5 +1,5 @@ /* BEGIN_HEADER */ -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #include "psa/crypto_se_driver.h" #include "psa_crypto_se.h" diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index 4c824f7de..a9c7f0459 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -1,7 +1,7 @@ /* BEGIN_HEADER */ #include -#include "psa_crypto_helpers.h" +#include "test/psa_crypto_helpers.h" #include "psa_crypto_storage.h" typedef enum diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function index 04a735a29..b6cc488a6 100644 --- a/tests/suites/test_suite_psa_its.function +++ b/tests/suites/test_suite_psa_its.function @@ -7,7 +7,7 @@ #include "../library/psa_crypto_its.h" -#include "psa_helpers.h" +#include "test/psa_helpers.h" /* Internal definitions of the implementation, copied for the sake of * some of the tests and of the cleanup code. */ From f91c495379dc96845f14da5815e202a8084bde29 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 27 May 2020 16:22:17 +0200 Subject: [PATCH 47/87] tests: helpers: Update static qualifiers In preparation of moving the content of helpers.function to its own compilation unit, remove/add static qualifiers where appropriate. Signed-off-by: Ronald Cron --- tests/suites/helpers.function | 10 +++++----- tests/suites/test_suite_pk.function | 2 -- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index f38502f55..5ed37da09 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -449,7 +449,7 @@ test_info_t; static test_info_t test_info; #if defined(MBEDTLS_PLATFORM_C) -mbedtls_platform_context platform_ctx; +static mbedtls_platform_context platform_ctx; #endif #if defined(MBEDTLS_CHECK_PARAMS) @@ -504,7 +504,7 @@ void test_skip( const char *test, int line_no, const char* filename ) test_info.filename = filename; } -static int platform_setup() +int platform_setup() { int ret = 0; #if defined(MBEDTLS_PLATFORM_C) @@ -513,7 +513,7 @@ static int platform_setup() return( ret ); } -static void platform_teardown() +void platform_teardown() { #if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_teardown( &platform_ctx ); @@ -652,7 +652,7 @@ void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) * * For convenience, dies if allocation fails. */ -static unsigned char *zero_alloc( size_t len ) +unsigned char *zero_alloc( size_t len ) { void *p; size_t actual_len = ( len != 0 ) ? len : 1; @@ -701,7 +701,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) * * rng_state shall be NULL. */ -static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) +int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) { #if !defined(__OpenBSD__) size_t i; diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index a67cb4564..88f8e3bab 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -27,8 +27,6 @@ #define PSA_DONE( ) ( (void) 0 ) #endif -static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); - #define RSA_KEY_SIZE 512 #define RSA_KEY_LEN 64 From 4b8b199eada218a292f7a2b5bda9a25faedc3fde Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 13:52:23 +0200 Subject: [PATCH 48/87] tests: Add macros.h include file Just adding an empty file. The purpose of this header file is to contain the definition of generic macros used for the purpose of testing. Signed-off-by: Ronald Cron --- tests/include/test/macros.h | 34 ++++++++++++++++++++++++++++++++++ tests/suites/helpers.function | 2 ++ 2 files changed, 36 insertions(+) create mode 100644 tests/include/test/macros.h diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h new file mode 100644 index 000000000..dc99bdca2 --- /dev/null +++ b/tests/include/test/macros.h @@ -0,0 +1,34 @@ +/** + * \file macros.h + * + * \brief This file contains generic macros for the purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_MACROS_H +#define TEST_MACROS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#endif /* TEST_MACROS_H */ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 5ed37da09..fe398e218 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -2,6 +2,8 @@ /*----------------------------------------------------------------------------*/ /* Headers */ +#include + #include #if defined(MBEDTLS_PLATFORM_C) From 849930a50e41e9ed6609e7fa6c86fc0840a54656 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Jun 2020 08:06:47 +0200 Subject: [PATCH 49/87] tests: Move generic macros to macros.h Move generic macros from helpers.function to macros.h. Signed-off-by: Ronald Cron --- tests/include/test/macros.h | 103 ++++++++++++++++++++++++++++++++++ tests/suites/helpers.function | 83 --------------------------- 2 files changed, 103 insertions(+), 83 deletions(-) diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index dc99bdca2..25f831208 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -31,4 +31,107 @@ #include MBEDTLS_CONFIG_FILE #endif +#include + +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_fprintf fprintf +#define mbedtls_snprintf snprintf +#define mbedtls_calloc calloc +#define mbedtls_free free +#define mbedtls_exit exit +#define mbedtls_time time +#define mbedtls_time_t time_t +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +#include "mbedtls/memory_buffer_alloc.h" +#endif + +#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ +{ \ + mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ + __FILE__, __LINE__, #a ); \ + mbedtls_exit( 1 ); \ +} + +#if defined(__GNUC__) +/* Test if arg and &(arg)[0] have the same type. This is true if arg is + * an array but not if it's a pointer. */ +#define IS_ARRAY_NOT_POINTER( arg ) \ + ( ! __builtin_types_compatible_p( __typeof__( arg ), \ + __typeof__( &( arg )[0] ) ) ) +#else +/* On platforms where we don't know how to implement this check, + * omit it. Oh well, a non-portable check is better than nothing. */ +#define IS_ARRAY_NOT_POINTER( arg ) 1 +#endif + +/* A compile-time constant with the value 0. If `const_expr` is not a + * compile-time constant with a nonzero value, cause a compile-time error. */ +#define STATIC_ASSERT_EXPR( const_expr ) \ + ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) +/* Return the scalar value `value` (possibly promoted). This is a compile-time + * constant if `value` is. `condition` must be a compile-time constant. + * If `condition` is false, arrange to cause a compile-time error. */ +#define STATIC_ASSERT_THEN_RETURN( condition, value ) \ + ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) + +#define ARRAY_LENGTH_UNSAFE( array ) \ + ( sizeof( array ) / sizeof( *( array ) ) ) +/** Return the number of elements of a static or stack array. + * + * \param array A value of array (not pointer) type. + * + * \return The number of elements of the array. + */ +#define ARRAY_LENGTH( array ) \ + ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ + ARRAY_LENGTH_UNSAFE( array ) ) ) + +/** Return the smaller of two values. + * + * \param x An integer-valued expression without side effects. + * \param y An integer-valued expression without side effects. + * + * \return The smaller of \p x and \p y. + */ +#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) ) + +/** Return the larger of two values. + * + * \param x An integer-valued expression without side effects. + * \param y An integer-valued expression without side effects. + * + * \return The larger of \p x and \p y. + */ +#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) ) + +/* + * 32-bit integer manipulation macros (big endian) + */ +#ifndef GET_UINT32_BE +#define GET_UINT32_BE(n,b,i) \ +{ \ + (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ + | ( (uint32_t) (b)[(i) + 1] << 16 ) \ + | ( (uint32_t) (b)[(i) + 2] << 8 ) \ + | ( (uint32_t) (b)[(i) + 3] ); \ +} +#endif + +#ifndef PUT_UINT32_BE +#define PUT_UINT32_BE(n,b,i) \ +{ \ + (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) ); \ +} +#endif + #endif /* TEST_MACROS_H */ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index fe398e218..fa23d3362 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -313,65 +313,6 @@ typedef enum #define TEST_VALID_PARAM( TEST ) \ TEST_ASSERT( ( TEST, 1 ) ); -#define TEST_HELPER_ASSERT(a) if( !( a ) ) \ -{ \ - mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \ - __FILE__, __LINE__, #a ); \ - mbedtls_exit( 1 ); \ -} - -#if defined(__GNUC__) -/* Test if arg and &(arg)[0] have the same type. This is true if arg is - * an array but not if it's a pointer. */ -#define IS_ARRAY_NOT_POINTER( arg ) \ - ( ! __builtin_types_compatible_p( __typeof__( arg ), \ - __typeof__( &( arg )[0] ) ) ) -#else -/* On platforms where we don't know how to implement this check, - * omit it. Oh well, a non-portable check is better than nothing. */ -#define IS_ARRAY_NOT_POINTER( arg ) 1 -#endif - -/* A compile-time constant with the value 0. If `const_expr` is not a - * compile-time constant with a nonzero value, cause a compile-time error. */ -#define STATIC_ASSERT_EXPR( const_expr ) \ - ( 0 && sizeof( struct { int STATIC_ASSERT : 1 - 2 * ! ( const_expr ); } ) ) -/* Return the scalar value `value` (possibly promoted). This is a compile-time - * constant if `value` is. `condition` must be a compile-time constant. - * If `condition` is false, arrange to cause a compile-time error. */ -#define STATIC_ASSERT_THEN_RETURN( condition, value ) \ - ( STATIC_ASSERT_EXPR( condition ) ? 0 : ( value ) ) - -#define ARRAY_LENGTH_UNSAFE( array ) \ - ( sizeof( array ) / sizeof( *( array ) ) ) -/** Return the number of elements of a static or stack array. - * - * \param array A value of array (not pointer) type. - * - * \return The number of elements of the array. - */ -#define ARRAY_LENGTH( array ) \ - ( STATIC_ASSERT_THEN_RETURN( IS_ARRAY_NOT_POINTER( array ), \ - ARRAY_LENGTH_UNSAFE( array ) ) ) - -/** Return the smaller of two values. - * - * \param x An integer-valued expression without side effects. - * \param y An integer-valued expression without side effects. - * - * \return The smaller of \p x and \p y. - */ -#define MIN( x, y ) ( ( x ) < ( y ) ? ( x ) : ( y ) ) - -/** Return the larger of two values. - * - * \param x An integer-valued expression without side effects. - * \param y An integer-valued expression without side effects. - * - * \return The larger of \p x and \p y. - */ -#define MAX( x, y ) ( ( x ) > ( y ) ? ( x ) : ( y ) ) - /** Allocate memory dynamically and fail the test case if this fails. * * You must set \p pointer to \c NULL before calling this macro and @@ -404,30 +345,6 @@ typedef enum } \ while( 0 ) -/* - * 32-bit integer manipulation macros (big endian) - */ -#ifndef GET_UINT32_BE -#define GET_UINT32_BE(n,b,i) \ -{ \ - (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ - | ( (uint32_t) (b)[(i) + 1] << 16 ) \ - | ( (uint32_t) (b)[(i) + 2] << 8 ) \ - | ( (uint32_t) (b)[(i) + 3] ); \ -} -#endif - -#ifndef PUT_UINT32_BE -#define PUT_UINT32_BE(n,b,i) \ -{ \ - (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ - (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ - (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ - (b)[(i) + 3] = (unsigned char) ( (n) ); \ -} -#endif - - /*----------------------------------------------------------------------------*/ /* Global variables */ From 5ee570752184d16d4a6ed340c040c6e5fcd6520f Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 11 Jun 2020 09:34:06 +0200 Subject: [PATCH 50/87] ssl_client: Align line breaking with MBEDTLS_SSL_DEBUG_* Signed-off-by: Ronald Cron --- library/ssl_cli.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 118bc900c..48ef30de2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1367,8 +1367,8 @@ static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl, { if( len != 1 || buf[0] != 0x00 ) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ( "non-zero length renegotiation info" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "non-zero length renegotiation info" ) ); mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, @@ -3761,8 +3761,8 @@ ecdh_calc_secret: ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 && ssl_conf_has_static_raw_psk( ssl->conf ) == 0 ) { - MBEDTLS_SSL_DEBUG_MSG( - 1, ( "skip PMS generation for opaque PSK" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, + ( "skip PMS generation for opaque PSK" ) ); } else #endif /* MBEDTLS_USE_PSA_CRYPTO && @@ -3770,8 +3770,8 @@ ecdh_calc_secret: if( ( ret = mbedtls_ssl_psk_derive_premaster( ssl, ciphersuite_info->key_exchange ) ) != 0 ) { - MBEDTLS_SSL_DEBUG_RET( - 1, "mbedtls_ssl_psk_derive_premaster", ret ); + MBEDTLS_SSL_DEBUG_RET( 1, + "mbedtls_ssl_psk_derive_premaster", ret ); return( ret ); } } From b7b35e125b579113821afef4a66af47aad323b3d Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Thu, 11 Jun 2020 09:50:51 +0200 Subject: [PATCH 51/87] Align with check-like function return value convention By convention, in the project, functions that have a check or similar in the name return 0 if the check succeeds, non-zero otherwise. Align with this for mbedtls_ssl_chk_buf_ptr(). Signed-off-by: Ronald Cron --- include/mbedtls/ssl_internal.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h index 1a3102a2c..0460357f1 100644 --- a/include/mbedtls/ssl_internal.h +++ b/include/mbedtls/ssl_internal.h @@ -313,13 +313,13 @@ static inline uint32_t mbedtls_ssl_get_input_buflen( const mbedtls_ssl_context * * \param end Pointer to one past the end of the buffer. * \param need Needed space in bytes. * - * \return Non-zero if the needed space is available in the buffer, 0 + * \return Zero if the needed space is available in the buffer, non-zero * otherwise. */ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, const uint8_t *end, size_t need ) { - return( cur <= end && need <= (size_t)( end - cur ) ); + return( ( cur > end ) || ( need > (size_t)( end - cur ) ) ); } /** @@ -334,7 +334,7 @@ static inline int mbedtls_ssl_chk_buf_ptr( const uint8_t *cur, */ #define MBEDTLS_SSL_CHK_BUF_PTR( cur, end, need ) \ do { \ - if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) == 0 ) \ + if( mbedtls_ssl_chk_buf_ptr( ( cur ), ( end ), ( need ) ) != 0 ) \ { \ return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); \ } \ From 0b01fd9b6722d13afa35c8ce07ff65bbe9c0f33b Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 12:29:15 +0100 Subject: [PATCH 52/87] net_sockets: Fix building on NetBSD 9.0 Fixes #2310 Signed-off-by: nia --- library/net_sockets.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 8258aea73..b26e85818 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -23,6 +23,7 @@ * be set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ #define _POSIX_C_SOURCE 200112L +#define _XOPEN_SOURCE 600 /* sockaddr_storage */ #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" @@ -322,7 +323,8 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx, struct sockaddr_storage client_addr; #if defined(__socklen_t_defined) || defined(_SOCKLEN_T) || \ - defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) + defined(_SOCKLEN_T_DECLARED) || defined(__DEFINED_socklen_t) || \ + defined(socklen_t) socklen_t n = (socklen_t) sizeof( client_addr ); socklen_t type_len = (socklen_t) sizeof( type ); #else From 7eb0e62f6414897ac9b3b7561de729405d803f60 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 12:30:12 +0100 Subject: [PATCH 53/87] ssl_mail_client: Define _XOPEN_SOURCE=600 for gethostname Fixes building this program on NetBSD 9.0. Signed-off-by: nia --- programs/ssl/ssl_mail_client.c | 1 + 1 file changed, 1 insertion(+) diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 08ff02595..b7458cd21 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -23,6 +23,7 @@ * be set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ #define _POSIX_C_SOURCE 200112L +#define _XOPEN_SOURCE 600 #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" From 508e21ccfdd7107303bce9bcbbc093a0d2c65006 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 13:55:07 +0100 Subject: [PATCH 54/87] Add ChangeLog.d entry for #3422 Signed-off-by: nia --- ChangeLog.d/bugfix_PR3422.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/bugfix_PR3422.txt diff --git a/ChangeLog.d/bugfix_PR3422.txt b/ChangeLog.d/bugfix_PR3422.txt new file mode 100644 index 000000000..dfe152c36 --- /dev/null +++ b/ChangeLog.d/bugfix_PR3422.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix building library/net_sockets.c and the ssl_mail_client program on NetBSD. Contributed by Nia Alarie in #3422. From 9f5312cc4ec704d4a58df52b00987109ac327af0 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 13:32:13 +0100 Subject: [PATCH 55/87] entropy: Add support for BSD sysctl(KERN_ARND) This is basically the same as reading from /dev/urandom on supported systems, only it has a limit of 256 bytes per call, and does not require an open file descriptor (so it can be used in chroots, when resource limits are in place, or are otherwise exhausted). It's functionally equivalent to the comparable function getentropy(), but has been around for longer. It's actually used to implement getentropy in FreeBSD's libc. Discussions about adding getrandom or getentropy to NetBSD are still ongoing. It's present in all supported versions of FreeBSD and NetBSD. It's not present in DragonFly or OpenBSD. Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7 Comparable code in OpenSSL: https://github.com/openssl/openssl/blob/ddec332f329a432a45c0131d83f3bfb46114532b/crypto/rand/rand_unix.c#L208 Signed-off-by: nia --- library/entropy_poll.c | 45 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 8b4a5af9e..203034eb4 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -115,6 +115,41 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #endif /* SYS_getrandom */ #endif /* __linux__ || __midipix__ */ +/* + * Some BSD systems provide KERN_ARND. + * This is equivalent to reading from /dev/urandom, only it doesn't require an + * open file descriptor, and provides up to 256 bytes per call (basically the + * same as getentropy(), but with a longer history). + * + * Documentation: https://netbsd.gw.com/cgi-bin/man-cgi?sysctl+7 + */ +#if (defined(__FreeBSD__) || defined(__NetBSD__)) && !defined(HAVE_GETRANDOM) +#include +#include +#if defined(KERN_ARND) +#define HAVE_SYSCTL_ARND + +static int sysctl_wrapper ( void *buf, size_t buflen ) +{ + int name[2]; + size_t len; + + name[0] = CTL_KERN; + name[1] = KERN_ARND; + + while( buflen > 0 ) + { + len = buflen > 256 ? 256 : buflen; + if( sysctl(name, 2, buf, &len, NULL, 0) == -1 ) + return( -1 ); + buflen -= len; + buf += len; + } + return( 0 ); +} +#endif /* KERN_ARND */ +#endif /* __FreeBSD__ || __NetBSD__ */ + #include int mbedtls_platform_entropy_poll( void *data, @@ -139,6 +174,15 @@ int mbedtls_platform_entropy_poll( void *data, ((void) ret); #endif /* HAVE_GETRANDOM */ +#if defined(HAVE_SYSCTL_ARND) + ((void) file); + ((void) read_len); + if( sysctl_wrapper( output, len ) == -1 ) + return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); + *olen = len; + return( 0 ); +#else + *olen = 0; file = fopen( "/dev/urandom", "rb" ); @@ -156,6 +200,7 @@ int mbedtls_platform_entropy_poll( void *data, *olen = len; return( 0 ); +#endif /* HAVE_SYSCTL_ARND */ } #endif /* _WIN32 && !EFIX64 && !EFI32 */ #endif /* !MBEDTLS_NO_PLATFORM_ENTROPY */ From 6777dcb16f99ea0b7944eef3137683dd41e00854 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 14:01:07 +0100 Subject: [PATCH 56/87] Add ChangeLog.d entry for kern.arandom support. Signed-off-by: nia --- ChangeLog.d/sysctl-arnd-support.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/sysctl-arnd-support.txt diff --git a/ChangeLog.d/sysctl-arnd-support.txt b/ChangeLog.d/sysctl-arnd-support.txt new file mode 100644 index 000000000..14ad67412 --- /dev/null +++ b/ChangeLog.d/sysctl-arnd-support.txt @@ -0,0 +1,2 @@ +Features + * Added support to entropy_poll for the kern.arandom syscall supported on some BSD systems. Contributed by Nia Alarie in #3423. From 1c0c837ddc997fab9dd4480d52a06576a6c1fff0 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 12:03:45 +0100 Subject: [PATCH 57/87] Define _POSIX_C_SOURCE to be 200112L, as a minimum for C99. Strict platforms cannot be expected to accept C99 code as valid when earlier standards versions are selected. This helps the programs build on Solaris-like platforms (e.g. illumos). Fixes #3420 Signed-off-by: nia --- programs/aes/aescrypt2.c | 2 +- programs/aes/crypt_and_hash.c | 2 +- tests/suites/main_test.function | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index f17c641b0..b0c1feaff 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -22,7 +22,7 @@ /* Enable definition of fileno() even when compiling with -std=c99. Must be * set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ -#define _POSIX_C_SOURCE 1 +#define _POSIX_C_SOURCE 200112L #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index 1e03d43ae..5c7048045 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -23,7 +23,7 @@ /* Enable definition of fileno() even when compiling with -std=c99. Must be * set before config.h, which pulls in glibc's features.h indirectly. * Harmless on other platforms. */ -#define _POSIX_C_SOURCE 1 +#define _POSIX_C_SOURCE 200112L #if !defined(MBEDTLS_CONFIG_FILE) #include "mbedtls/config.h" diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ff4cf2015..e56191a4c 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -21,7 +21,7 @@ #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) #if !defined(_POSIX_C_SOURCE) -#define _POSIX_C_SOURCE 1 // for fileno() from +#define _POSIX_C_SOURCE 200112L // for fileno() from #endif #endif From ecef1ddd5be76b0b5a4571d0db5440915c55a4e0 Mon Sep 17 00:00:00 2001 From: nia Date: Thu, 11 Jun 2020 18:43:48 +0100 Subject: [PATCH 58/87] Add ChangeLog.d entry for PR3421 Signed-off-by: nia --- ChangeLog.d/bugfix_PR3421.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/bugfix_PR3421.txt diff --git a/ChangeLog.d/bugfix_PR3421.txt b/ChangeLog.d/bugfix_PR3421.txt new file mode 100644 index 000000000..b52dee00f --- /dev/null +++ b/ChangeLog.d/bugfix_PR3421.txt @@ -0,0 +1,2 @@ +Bugfix + * Set _POSIX_C_SOURCE to at least 200112L in C99 code. Reported in #3420 and fix submitted in #3421 by Nia Alarie. From 6f1eda710ccc8e1e954dd072d4cd074ee804163b Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Thu, 11 Jun 2020 20:22:00 +0100 Subject: [PATCH 59/87] Fix for resource leak in test_suite_ssl Fix for coverity bugs 349041, 349052 Allocated pointers could potentially be leaked in the case of errors. Signed-off-by: Paul Elliott --- tests/suites/test_suite_ssl.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 9d16a573b..f9bb52085 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1179,6 +1179,7 @@ static int build_transforms( mbedtls_ssl_transform *t_in, size_t keylen, maclen, ivlen; unsigned char *key0 = NULL, *key1 = NULL; + unsigned char *md0 = NULL, *md1 = NULL; unsigned char iv_enc[16], iv_dec[16]; #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) @@ -1245,7 +1246,6 @@ static int build_transforms( mbedtls_ssl_transform *t_in, cipher_info->mode == MBEDTLS_MODE_STREAM ) { mbedtls_md_info_t const *md_info; - unsigned char *md0, *md1; /* Pick hash */ md_info = mbedtls_md_info_from_type( hash_id ); @@ -1283,9 +1283,6 @@ static int build_transforms( mbedtls_ssl_transform *t_in, memcpy( &t_out->mac_dec, md0, maclen ); } #endif - - mbedtls_free( md0 ); - mbedtls_free( md1 ); } #else ((void) hash_id); @@ -1417,6 +1414,9 @@ cleanup: mbedtls_free( key0 ); mbedtls_free( key1 ); + mbedtls_free( md0 ); + mbedtls_free( md1 ); + return( ret ); } From b6d6d4c61ababab68a396b5fa1f4c8908811520b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 3 Jun 2020 10:11:18 +0200 Subject: [PATCH 60/87] tests: Add helpers.c and helpers.h files The purpose of helpers.c file is to contain the helper functions that have been in helpers.function so far and that are not related to the mechanism of unit test execution and not related to random number generation (will be moved in a dedicated file). The purpose of helpers.h is to contain the interface exposed by helpers.c thus helper function prototypes. Make the changes in the build systems (make and cmake) to build helpers.c and link it to test executables along with mbedtls library. Signed-off-by: Ronald Cron --- tests/.gitignore | 3 +++ tests/CMakeLists.txt | 8 ++++++-- tests/Makefile | 20 +++++++++++++++----- tests/include/test/helpers.h | 35 +++++++++++++++++++++++++++++++++++ tests/src/helpers.c | 19 +++++++++++++++++++ tests/suites/helpers.function | 1 + 6 files changed, 79 insertions(+), 7 deletions(-) create mode 100644 tests/include/test/helpers.h create mode 100644 tests/src/helpers.c diff --git a/tests/.gitignore b/tests/.gitignore index 805287eb2..d49611c1e 100644 --- a/tests/.gitignore +++ b/tests/.gitignore @@ -9,3 +9,6 @@ data_files/ctr_drbg_seed data_files/entropy_seed include/test/instrument_record_status.h + +src/*.o +src/libmbed* diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index cc5a9c67d..39a7a2cd0 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -46,9 +46,9 @@ function(add_test_suite suite_name) DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data ) - include_directories(${CMAKE_CURRENT_SOURCE_DIR}/include) - add_executable(test_suite_${data_name} test_suite_${data_name}.c) + add_executable(test_suite_${data_name} test_suite_${data_name}.c $) target_link_libraries(test_suite_${data_name} ${libs}) + target_include_directories(test_suite_${data_name} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include) if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX}) message(STATUS "The test suite ${data_name} will not be executed.") else() @@ -66,6 +66,10 @@ if(MSVC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) +file(GLOB MBEDTESTS_FILES ${CMAKE_CURRENT_SOURCE_DIR}/src/*.c) +add_library(mbedtests OBJECT ${MBEDTESTS_FILES}) +target_include_directories(mbedtests PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include) + add_test_suite(aes aes.cbc) add_test_suite(aes aes.cfb) add_test_suite(aes aes.ecb) diff --git a/tests/Makefile b/tests/Makefile index e027e127c..6f3179cff 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -21,9 +21,9 @@ LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) LOCAL_CFLAGS += -D_POSIX_C_SOURCE=200809L ifndef SHARED -DEP=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a +MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a else -DEP=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) +MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT) endif ifdef DEBUG @@ -74,9 +74,16 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS)) all: $(BINARIES) -$(DEP): +$(MBEDLIBS): $(MAKE) -C ../library +MBEDTESTS_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c)) + +# Rule to compile common test C files in src folder +src/%.o : src/%.c + echo " CC $<" + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $< + C_FILES := $(addsuffix .c,$(APPS)) # Wildcard target for test code generation: @@ -105,9 +112,9 @@ C_FILES := $(addsuffix .c,$(APPS)) -o . -$(BINARIES): %$(EXEXT): %.c $(DEP) +$(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(MBEDTESTS_OBJS) echo " CC $<" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + $(CC) $(LOCAL_CFLAGS) $(CFLAGS) $< $(MBEDTESTS_OBJS) $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ # Some test suites require additional header files. $(filter test_suite_psa_crypto%, $(BINARIES)): include/test/psa_crypto_helpers.h @@ -118,10 +125,13 @@ $(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: TESTS/mb clean: ifndef WINDOWS rm -rf $(BINARIES) *.c *.datax TESTS + rm -f src/*.o src/libmbed* else if exist *.c del /Q /F *.c if exist *.exe del /Q /F *.exe if exist *.datax del /Q /F *.datax + if exist src/*.o del /Q /F src/*.o + if exist src/libmbed* del /Q /F src/libmed* ifneq ($(wildcard TESTS/.*),) rmdir /Q /S TESTS endif diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h new file mode 100644 index 000000000..289f04a84 --- /dev/null +++ b/tests/include/test/helpers.h @@ -0,0 +1,35 @@ +/** + * \file helpers.h + * + * \brief This file contains the prototypes of helper functions for the + * purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_HELPERS_H +#define TEST_HELPERS_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#endif /* TEST_HELPERS_H */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c new file mode 100644 index 000000000..2258e554a --- /dev/null +++ b/tests/src/helpers.c @@ -0,0 +1,19 @@ +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index fa23d3362..445c5c9a5 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -3,6 +3,7 @@ /* Headers */ #include +#include #include From f40529d5f4f9d87d69b4896493814fd2329b32ac Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 16:27:37 +0200 Subject: [PATCH 61/87] tests: Move generic helper functions Move generic helper functions from helpers.functions to helpers.c Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 47 +++++++++++ tests/src/helpers.c | 129 ++++++++++++++++++++++++++++++ tests/suites/helpers.function | 144 ---------------------------------- 3 files changed, 176 insertions(+), 144 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 289f04a84..9194ada68 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -32,4 +32,51 @@ #include MBEDTLS_CONFIG_FILE #endif +#if defined(MBEDTLS_PLATFORM_C) +#include "mbedtls/platform.h" +#else +#include +#define mbedtls_fprintf fprintf +#define mbedtls_snprintf snprintf +#define mbedtls_calloc calloc +#define mbedtls_free free +#define mbedtls_exit exit +#define mbedtls_time time +#define mbedtls_time_t time_t +#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS +#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE +#endif + +#include +#include + +int platform_setup( void ); +void platform_teardown( void ); + +int unhexify( unsigned char *obuf, const char *ibuf ); +void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); + +/** + * Allocate and zeroize a buffer. + * + * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. + * + * For convenience, dies if allocation fails. + */ +unsigned char *zero_alloc( size_t len ); + +/** + * Allocate and fill a buffer from hex data. + * + * The buffer is sized exactly as needed. This allows to detect buffer + * overruns (including overreads) when running the test suite under valgrind. + * + * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. + * + * For convenience, dies if allocation fails. + */ +unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ); + +int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); + #endif /* TEST_HELPERS_H */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 2258e554a..b5ca1f8c1 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -17,3 +17,132 @@ */ #include +#include +#include + +#if defined(MBEDTLS_PLATFORM_C) +static mbedtls_platform_context platform_ctx; +#endif + +int platform_setup( void ) +{ + int ret = 0; +#if defined(MBEDTLS_PLATFORM_C) + ret = mbedtls_platform_setup( &platform_ctx ); +#endif /* MBEDTLS_PLATFORM_C */ + return( ret ); +} + +void platform_teardown( void ) +{ +#if defined(MBEDTLS_PLATFORM_C) + mbedtls_platform_teardown( &platform_ctx ); +#endif /* MBEDTLS_PLATFORM_C */ +} + +int unhexify( unsigned char *obuf, const char *ibuf ) +{ + unsigned char c, c2; + int len = strlen( ibuf ) / 2; + TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ + + while( *ibuf != 0 ) + { + c = *ibuf++; + if( c >= '0' && c <= '9' ) + c -= '0'; + else if( c >= 'a' && c <= 'f' ) + c -= 'a' - 10; + else if( c >= 'A' && c <= 'F' ) + c -= 'A' - 10; + else + TEST_HELPER_ASSERT( 0 ); + + c2 = *ibuf++; + if( c2 >= '0' && c2 <= '9' ) + c2 -= '0'; + else if( c2 >= 'a' && c2 <= 'f' ) + c2 -= 'a' - 10; + else if( c2 >= 'A' && c2 <= 'F' ) + c2 -= 'A' - 10; + else + TEST_HELPER_ASSERT( 0 ); + + *obuf++ = ( c << 4 ) | c2; + } + + return len; +} + +void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) +{ + unsigned char l, h; + + while( len != 0 ) + { + h = *ibuf / 16; + l = *ibuf % 16; + + if( h < 10 ) + *obuf++ = '0' + h; + else + *obuf++ = 'a' + h - 10; + + if( l < 10 ) + *obuf++ = '0' + l; + else + *obuf++ = 'a' + l - 10; + + ++ibuf; + len--; + } +} + +unsigned char *zero_alloc( size_t len ) +{ + void *p; + size_t actual_len = ( len != 0 ) ? len : 1; + + p = mbedtls_calloc( 1, actual_len ); + TEST_HELPER_ASSERT( p != NULL ); + + memset( p, 0x00, actual_len ); + + return( p ); +} + +unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) +{ + unsigned char *obuf; + + *olen = strlen( ibuf ) / 2; + + if( *olen == 0 ) + return( zero_alloc( *olen ) ); + + obuf = mbedtls_calloc( 1, *olen ); + TEST_HELPER_ASSERT( obuf != NULL ); + + (void) unhexify( obuf, ibuf ); + + return( obuf ); +} + +int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) +{ + int ret = 0; + uint32_t i = 0; + + if( a_len != b_len ) + return( -1 ); + + for( i = 0; i < a_len; i++ ) + { + if( a[i] != b[i] ) + { + ret = -1; + break; + } + } + return ret; +} diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 445c5c9a5..2d1e38c23 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -368,10 +368,6 @@ typedef struct test_info_t; static test_info_t test_info; -#if defined(MBEDTLS_PLATFORM_C) -static mbedtls_platform_context platform_ctx; -#endif - #if defined(MBEDTLS_CHECK_PARAMS) jmp_buf param_fail_jmp; jmp_buf jmp_tmp; @@ -424,22 +420,6 @@ void test_skip( const char *test, int line_no, const char* filename ) test_info.filename = filename; } -int platform_setup() -{ - int ret = 0; -#if defined(MBEDTLS_PLATFORM_C) - ret = mbedtls_platform_setup( &platform_ctx ); -#endif /* MBEDTLS_PLATFORM_C */ - return( ret ); -} - -void platform_teardown() -{ -#if defined(MBEDTLS_PLATFORM_C) - mbedtls_platform_teardown( &platform_ctx ); -#endif /* MBEDTLS_PLATFORM_C */ -} - #if defined(MBEDTLS_CHECK_PARAMS) void mbedtls_param_failed( const char *failure_condition, const char *file, @@ -507,111 +487,6 @@ static void close_output( FILE* out_stream ) } #endif /* __unix__ || __APPLE__ __MACH__ */ -int unhexify( unsigned char *obuf, const char *ibuf ) -{ - unsigned char c, c2; - int len = strlen( ibuf ) / 2; - TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */ - - while( *ibuf != 0 ) - { - c = *ibuf++; - if( c >= '0' && c <= '9' ) - c -= '0'; - else if( c >= 'a' && c <= 'f' ) - c -= 'a' - 10; - else if( c >= 'A' && c <= 'F' ) - c -= 'A' - 10; - else - TEST_HELPER_ASSERT( 0 ); - - c2 = *ibuf++; - if( c2 >= '0' && c2 <= '9' ) - c2 -= '0'; - else if( c2 >= 'a' && c2 <= 'f' ) - c2 -= 'a' - 10; - else if( c2 >= 'A' && c2 <= 'F' ) - c2 -= 'A' - 10; - else - TEST_HELPER_ASSERT( 0 ); - - *obuf++ = ( c << 4 ) | c2; - } - - return len; -} - -void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) -{ - unsigned char l, h; - - while( len != 0 ) - { - h = *ibuf / 16; - l = *ibuf % 16; - - if( h < 10 ) - *obuf++ = '0' + h; - else - *obuf++ = 'a' + h - 10; - - if( l < 10 ) - *obuf++ = '0' + l; - else - *obuf++ = 'a' + l - 10; - - ++ibuf; - len--; - } -} - -/** - * Allocate and zeroize a buffer. - * - * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. - * - * For convenience, dies if allocation fails. - */ -unsigned char *zero_alloc( size_t len ) -{ - void *p; - size_t actual_len = ( len != 0 ) ? len : 1; - - p = mbedtls_calloc( 1, actual_len ); - TEST_HELPER_ASSERT( p != NULL ); - - memset( p, 0x00, actual_len ); - - return( p ); -} - -/** - * Allocate and fill a buffer from hex data. - * - * The buffer is sized exactly as needed. This allows to detect buffer - * overruns (including overreads) when running the test suite under valgrind. - * - * If the size if zero, a pointer to a zeroized 1-byte buffer is returned. - * - * For convenience, dies if allocation fails. - */ -unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) -{ - unsigned char *obuf; - - *olen = strlen( ibuf ) / 2; - - if( *olen == 0 ) - return( zero_alloc( *olen ) ); - - obuf = mbedtls_calloc( 1, *olen ); - TEST_HELPER_ASSERT( obuf != NULL ); - - (void) unhexify( obuf, ibuf ); - - return( obuf ); -} - /** * This function just returns data from rand(). * Although predictable and often similar on multiple @@ -752,22 +627,3 @@ int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } - -int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) -{ - int ret = 0; - uint32_t i = 0; - - if( a_len != b_len ) - return( -1 ); - - for( i = 0; i < a_len; i++ ) - { - if( a[i] != b[i] ) - { - ret = -1; - break; - } - } - return ret; -} From b7eb67fb74e98ae4c7002bb9a37bc07911f4ee59 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 16:57:42 +0200 Subject: [PATCH 62/87] tests: Add random.c and random.h files The purpose of random.c file is to contain the helper functions to generate random numbers that have been in helpers.function so far. The purpose of random.h is to contain the interface exposed by random.c thus helper function prototypes. Signed-off-by: Ronald Cron --- tests/include/test/random.h | 35 +++++++++++++++++++++++++++++++++++ tests/src/random.c | 26 ++++++++++++++++++++++++++ tests/suites/helpers.function | 1 + 3 files changed, 62 insertions(+) create mode 100644 tests/include/test/random.h create mode 100644 tests/src/random.c diff --git a/tests/include/test/random.h b/tests/include/test/random.h new file mode 100644 index 000000000..11a353176 --- /dev/null +++ b/tests/include/test/random.h @@ -0,0 +1,35 @@ +/** + * \file random.h + * + * \brief This file contains the prototypes of helper functions to generate + * random numbers for the purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#ifndef TEST_RANDOM_H +#define TEST_RANDOM_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#endif /* TEST_RANDOM_H */ diff --git a/tests/src/random.c b/tests/src/random.c new file mode 100644 index 000000000..f80a1c471 --- /dev/null +++ b/tests/src/random.c @@ -0,0 +1,26 @@ +/** + * \file random.c + * + * \brief This file contains the helper functions to generate random numbers + * for the purpose of testing. + */ + +/* Copyright (C) 2020, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + +#include diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2d1e38c23..926658216 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -4,6 +4,7 @@ #include #include +#include #include From 2058d56fccc2309e8bb575912c15333593e15250 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Tue, 9 Jun 2020 17:11:47 +0200 Subject: [PATCH 63/87] tests: Move random helper functions Move helper functions to generate random numbers from helpers.functions to random.c. Signed-off-by: Ronald Cron --- tests/include/test/random.h | 63 +++++++++++++++ tests/src/random.c | 91 ++++++++++++++++++++++ tests/suites/helpers.function | 141 ---------------------------------- 3 files changed, 154 insertions(+), 141 deletions(-) diff --git a/tests/include/test/random.h b/tests/include/test/random.h index 11a353176..c60803597 100644 --- a/tests/include/test/random.h +++ b/tests/include/test/random.h @@ -32,4 +32,67 @@ #include MBEDTLS_CONFIG_FILE #endif +#include +#include + +typedef struct +{ + unsigned char *buf; + size_t length; +} rnd_buf_info; + +/** + * Info structure for the pseudo random function + * + * Key should be set at the start to a test-unique value. + * Do not forget endianness! + * State( v0, v1 ) should be set to zero. + */ +typedef struct +{ + uint32_t key[16]; + uint32_t v0, v1; +} rnd_pseudo_info; + +/** + * This function just returns data from rand(). + * Although predictable and often similar on multiple + * runs, this does not result in identical random on + * each run. So do not use this if the results of a + * test depend on the random data that is generated. + * + * rng_state shall be NULL. + */ +int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); + +/** + * This function only returns zeros + * + * rng_state shall be NULL. + */ +int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); + +/** + * This function returns random based on a buffer it receives. + * + * rng_state shall be a pointer to a rnd_buf_info structure. + * + * The number of bytes released from the buffer on each call to + * the random function is specified by per_call. (Can be between + * 1 and 4) + * + * After the buffer is empty it will return rand(); + */ +int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ); + +/** + * This function returns random based on a pseudo random function. + * This means the results should be identical on all systems. + * Pseudo random is based on the XTEA encryption algorithm to + * generate pseudorandom. + * + * rng_state shall be a pointer to a rnd_pseudo_info structure. + */ +int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ); + #endif /* TEST_RANDOM_H */ diff --git a/tests/src/random.c b/tests/src/random.c index f80a1c471..bb0df7a71 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -23,4 +23,95 @@ * This file is part of mbed TLS (https://tls.mbed.org) */ +#include #include +#include + +int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) +{ +#if !defined(__OpenBSD__) + size_t i; + + if( rng_state != NULL ) + rng_state = NULL; + + for( i = 0; i < len; ++i ) + output[i] = rand(); +#else + if( rng_state != NULL ) + rng_state = NULL; + + arc4random_buf( output, len ); +#endif /* !OpenBSD */ + + return( 0 ); +} + +int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) +{ + if( rng_state != NULL ) + rng_state = NULL; + + memset( output, 0, len ); + + return( 0 ); +} + +int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) +{ + rnd_buf_info *info = (rnd_buf_info *) rng_state; + size_t use_len; + + if( rng_state == NULL ) + return( rnd_std_rand( NULL, output, len ) ); + + use_len = len; + if( len > info->length ) + use_len = info->length; + + if( use_len ) + { + memcpy( output, info->buf, use_len ); + info->buf += use_len; + info->length -= use_len; + } + + if( len - use_len > 0 ) + return( rnd_std_rand( NULL, output + use_len, len - use_len ) ); + + return( 0 ); +} + +int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) +{ + rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; + uint32_t i, *k, sum, delta=0x9E3779B9; + unsigned char result[4], *out = output; + + if( rng_state == NULL ) + return( rnd_std_rand( NULL, output, len ) ); + + k = info->key; + + while( len > 0 ) + { + size_t use_len = ( len > 4 ) ? 4 : len; + sum = 0; + + for( i = 0; i < 32; i++ ) + { + info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) ) + + info->v1 ) ^ ( sum + k[sum & 3] ); + sum += delta; + info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) ) + + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] ); + } + + PUT_UINT32_BE( info->v0, result, 0 ); + memcpy( out, result, use_len ); + len -= use_len; + out += 4; + } + + return( 0 ); +} diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 926658216..a5285a3a6 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -487,144 +487,3 @@ static void close_output( FILE* out_stream ) fclose( out_stream ); } #endif /* __unix__ || __APPLE__ __MACH__ */ - -/** - * This function just returns data from rand(). - * Although predictable and often similar on multiple - * runs, this does not result in identical random on - * each run. So do not use this if the results of a - * test depend on the random data that is generated. - * - * rng_state shall be NULL. - */ -int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) -{ -#if !defined(__OpenBSD__) - size_t i; - - if( rng_state != NULL ) - rng_state = NULL; - - for( i = 0; i < len; ++i ) - output[i] = rand(); -#else - if( rng_state != NULL ) - rng_state = NULL; - - arc4random_buf( output, len ); -#endif /* !OpenBSD */ - - return( 0 ); -} - -/** - * This function only returns zeros - * - * rng_state shall be NULL. - */ -int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) -{ - if( rng_state != NULL ) - rng_state = NULL; - - memset( output, 0, len ); - - return( 0 ); -} - -typedef struct -{ - unsigned char *buf; - size_t length; -} rnd_buf_info; - -/** - * This function returns random based on a buffer it receives. - * - * rng_state shall be a pointer to a rnd_buf_info structure. - * - * The number of bytes released from the buffer on each call to - * the random function is specified by per_call. (Can be between - * 1 and 4) - * - * After the buffer is empty it will return rand(); - */ -int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) -{ - rnd_buf_info *info = (rnd_buf_info *) rng_state; - size_t use_len; - - if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); - - use_len = len; - if( len > info->length ) - use_len = info->length; - - if( use_len ) - { - memcpy( output, info->buf, use_len ); - info->buf += use_len; - info->length -= use_len; - } - - if( len - use_len > 0 ) - return( rnd_std_rand( NULL, output + use_len, len - use_len ) ); - - return( 0 ); -} - -/** - * Info structure for the pseudo random function - * - * Key should be set at the start to a test-unique value. - * Do not forget endianness! - * State( v0, v1 ) should be set to zero. - */ -typedef struct -{ - uint32_t key[16]; - uint32_t v0, v1; -} rnd_pseudo_info; - -/** - * This function returns random based on a pseudo random function. - * This means the results should be identical on all systems. - * Pseudo random is based on the XTEA encryption algorithm to - * generate pseudorandom. - * - * rng_state shall be a pointer to a rnd_pseudo_info structure. - */ -int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) -{ - rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; - uint32_t i, *k, sum, delta=0x9E3779B9; - unsigned char result[4], *out = output; - - if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); - - k = info->key; - - while( len > 0 ) - { - size_t use_len = ( len > 4 ) ? 4 : len; - sum = 0; - - for( i = 0; i < 32; i++ ) - { - info->v0 += ( ( ( info->v1 << 4 ) ^ ( info->v1 >> 5 ) ) - + info->v1 ) ^ ( sum + k[sum & 3] ); - sum += delta; - info->v1 += ( ( ( info->v0 << 4 ) ^ ( info->v0 >> 5 ) ) - + info->v0 ) ^ ( sum + k[( sum>>11 ) & 3] ); - } - - PUT_UINT32_BE( info->v0, result, 0 ); - memcpy( out, result, use_len ); - len -= use_len; - out += 4; - } - - return( 0 ); -} From e9c09f1efc6a141120214b1239dec600d4120127 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 8 Jun 2020 16:44:58 +0200 Subject: [PATCH 64/87] tests: Add mbedtls_test_ prefix to platform_* functions Add mbedtls_test_ prefix to platform_setup() and platform_teardown() test helper functions. Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 4 ++-- tests/src/helpers.c | 4 ++-- tests/suites/main_test.function | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 9194ada68..817353ad1 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -50,8 +50,8 @@ #include #include -int platform_setup( void ); -void platform_teardown( void ); +int mbedtls_test_platform_setup( void ); +void mbedtls_test_platform_teardown( void ); int unhexify( unsigned char *obuf, const char *ibuf ); void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); diff --git a/tests/src/helpers.c b/tests/src/helpers.c index b5ca1f8c1..dc022ff6d 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -24,7 +24,7 @@ static mbedtls_platform_context platform_ctx; #endif -int platform_setup( void ) +int mbedtls_test_platform_setup( void ) { int ret = 0; #if defined(MBEDTLS_PLATFORM_C) @@ -33,7 +33,7 @@ int platform_setup( void ) return( ret ); } -void platform_teardown( void ) +void mbedtls_test_platform_teardown( void ) { #if defined(MBEDTLS_PLATFORM_C) mbedtls_platform_teardown( &platform_ctx ); diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index ff4cf2015..af4b84e3b 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -261,7 +261,7 @@ $platform_code */ int main( int argc, const char *argv[] ) { - int ret = platform_setup(); + int ret = mbedtls_test_platform_setup(); if( ret != 0 ) { mbedtls_fprintf( stderr, @@ -271,6 +271,6 @@ int main( int argc, const char *argv[] ) } ret = execute_tests( argc, argv ); - platform_teardown(); + mbedtls_test_platform_teardown(); return( ret ); } From 72d628f7f5a6014ededd3bff5f32d6b2f2109821 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 8 Jun 2020 17:05:57 +0200 Subject: [PATCH 65/87] tests: Add mbedtls_test_ prefix to *hexify functions Add mbedtls_test_ prefix to hexify() and unhexify() test helper functions. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/(un|)hexify\>/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 6 ++- tests/src/helpers.c | 8 +-- tests/suites/host_test.function | 2 +- tests/suites/target_test.function | 4 +- tests/suites/test_suite_aes.function | 8 +-- tests/suites/test_suite_aria.function | 60 ++++++++++----------- tests/suites/test_suite_ccm.function | 24 ++++----- tests/suites/test_suite_chacha20.function | 14 ++--- tests/suites/test_suite_chachapoly.function | 24 ++++----- tests/suites/test_suite_cipher.function | 8 +-- tests/suites/test_suite_ecdh.function | 6 +-- tests/suites/test_suite_ecdsa.function | 8 +-- tests/suites/test_suite_hkdf.function | 12 ++--- tests/suites/test_suite_nist_kw.function | 12 ++--- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_poly1305.function | 12 ++--- 16 files changed, 107 insertions(+), 103 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 817353ad1..2d53cf9ea 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -53,8 +53,10 @@ int mbedtls_test_platform_setup( void ); void mbedtls_test_platform_teardown( void ); -int unhexify( unsigned char *obuf, const char *ibuf ); -void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ); +int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ); +void mbedtls_test_hexify( unsigned char *obuf, + const unsigned char *ibuf, + int len ); /** * Allocate and zeroize a buffer. diff --git a/tests/src/helpers.c b/tests/src/helpers.c index dc022ff6d..358f3e4ae 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -40,7 +40,7 @@ void mbedtls_test_platform_teardown( void ) #endif /* MBEDTLS_PLATFORM_C */ } -int unhexify( unsigned char *obuf, const char *ibuf ) +int mbedtls_test_unhexify( unsigned char *obuf, const char *ibuf ) { unsigned char c, c2; int len = strlen( ibuf ) / 2; @@ -74,7 +74,9 @@ int unhexify( unsigned char *obuf, const char *ibuf ) return len; } -void hexify( unsigned char *obuf, const unsigned char *ibuf, int len ) +void mbedtls_test_hexify( unsigned char *obuf, + const unsigned char *ibuf, + int len ) { unsigned char l, h; @@ -123,7 +125,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) obuf = mbedtls_calloc( 1, *olen ); TEST_HELPER_ASSERT( obuf != NULL ); - (void) unhexify( obuf, ibuf ); + (void) mbedtls_test_unhexify( obuf, ibuf ); return( obuf ); } diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index db65c0f24..77f146baa 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -277,7 +277,7 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store { if ( verify_string( &val ) == 0 ) { - *int_params_store = unhexify( (unsigned char *) val, val ); + *int_params_store = mbedtls_test_unhexify( (unsigned char *) val, val ); *out++ = val; *out++ = (char *)(int_params_store++); } diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function index 3d8895788..f7a9f0438 100644 --- a/tests/suites/target_test.function +++ b/tests/suites/target_test.function @@ -75,7 +75,7 @@ uint8_t receive_byte() c[1] = greentea_getc(); c[2] = '\0'; - TEST_HELPER_ASSERT( unhexify( &byte, c ) != 2 ); + TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, c ) != 2 ); return( byte ); } @@ -101,7 +101,7 @@ uint32_t receive_uint32() }; const uint8_t c[9] = { c_be[6], c_be[7], c_be[4], c_be[5], c_be[2], c_be[3], c_be[0], c_be[1], '\0' }; - TEST_HELPER_ASSERT( unhexify( (uint8_t*)&value, c ) != 8 ); + TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, c ) != 8 ); return( value ); } diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index da8c1e935..9734aa0d5 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -340,9 +340,9 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, TEST_ASSERT( strlen( hex_src_string ) <= ( 64 * 2 ) ); TEST_ASSERT( strlen( hex_dst_string ) <= ( 64 * 2 ) ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - in_buffer_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + in_buffer_len = mbedtls_test_unhexify( src_str, hex_src_string ); TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str, key_len * 8 ) == 0 ); src_str_next = src_str; @@ -352,7 +352,7 @@ void aes_encrypt_ofb( int fragment_size, char *hex_key_string, TEST_ASSERT( mbedtls_aes_crypt_ofb( &ctx, fragment_size, &iv_offset, iv_str, src_str_next, output ) == 0 ); - hexify( dst_str, output, fragment_size ); + mbedtls_test_hexify( dst_str, output, fragment_size ); TEST_ASSERT( strncmp( (char *) dst_str, hex_dst_string, ( 2 * fragment_size ) ) == 0 ); diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function index 7e35f154b..89de82f93 100644 --- a/tests/suites/test_suite_aria.function +++ b/tests/suites/test_suite_aria.function @@ -222,8 +222,8 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); TEST_ASSERT( mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ) == setkey_result ); @@ -234,7 +234,7 @@ void aria_encrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) == 0 ); } - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -261,8 +261,8 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); TEST_ASSERT( mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ) == setkey_result ); @@ -273,7 +273,7 @@ void aria_decrypt_ecb( char *hex_key_string, char *hex_src_string, TEST_ASSERT( mbedtls_aria_crypt_ecb( &ctx, src_str + i, output + i ) == 0 ); } - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -303,9 +303,9 @@ void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len, @@ -313,7 +313,7 @@ void aria_encrypt_cbc( char *hex_key_string, char *hex_iv_string, == cbc_result ); if( cbc_result == 0 ) { - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -343,9 +343,9 @@ void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_dec( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cbc( &ctx, MBEDTLS_ARIA_DECRYPT, data_len, @@ -353,7 +353,7 @@ void aria_decrypt_cbc( char *hex_key_string, char *hex_iv_string, == cbc_result ); if( cbc_result == 0 ) { - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); } @@ -384,16 +384,16 @@ void aria_encrypt_cfb128( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_ENCRYPT, data_len, &iv_offset, iv_str, src_str, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -423,16 +423,16 @@ void aria_decrypt_cfb128( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_cfb128( &ctx, MBEDTLS_ARIA_DECRYPT, data_len, &iv_offset, iv_str, src_str, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -463,15 +463,15 @@ void aria_encrypt_ctr( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, blk, src_str, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); @@ -502,15 +502,15 @@ void aria_decrypt_ctr( char *hex_key_string, char *hex_iv_string, memset( output, 0x00, sizeof( output ) ); mbedtls_aria_init( &ctx ); - key_len = unhexify( key_str, hex_key_string ); - unhexify( iv_str, hex_iv_string ); - data_len = unhexify( src_str, hex_src_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + mbedtls_test_unhexify( iv_str, hex_iv_string ); + data_len = mbedtls_test_unhexify( src_str, hex_src_string ); mbedtls_aria_setkey_enc( &ctx, key_str, key_len * 8 ); TEST_ASSERT( mbedtls_aria_crypt_ctr( &ctx, data_len, &iv_offset, iv_str, blk, src_str, output ) == result ); - hexify( dst_str, output, data_len ); + mbedtls_test_hexify( dst_str, output, data_len ); TEST_ASSERT( strcasecmp( (char *) dst_str, hex_dst_string ) == 0 ); diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 16f9f8e3b..2e374c0a5 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -218,12 +218,12 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, memset( source_address, 0x00, sizeof( source_address ) ); memset( frame_counter, 0x00, sizeof( frame_counter ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - add_len = unhexify( add, add_hex ); - result_len = unhexify( result, result_hex ); - source_address_len = unhexify( source_address, source_address_hex ); - frame_counter_len = unhexify( frame_counter, frame_counter_hex ); + key_len = mbedtls_test_unhexify( key, key_hex ); + msg_len = mbedtls_test_unhexify( msg, msg_hex ); + add_len = mbedtls_test_unhexify( add, add_hex ); + result_len = mbedtls_test_unhexify( result, result_hex ); + source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); + frame_counter_len = mbedtls_test_unhexify( frame_counter, frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; @@ -286,12 +286,12 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id, memset( frame_counter, 0x00, sizeof( frame_counter ) ); memset( tag, 0x00, sizeof( tag ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - add_len = unhexify( add, add_hex ); - result_len = unhexify( result, result_hex ); - source_address_len = unhexify( source_address, source_address_hex ); - frame_counter_len = unhexify( frame_counter, frame_counter_hex ); + key_len = mbedtls_test_unhexify( key, key_hex ); + msg_len = mbedtls_test_unhexify( msg, msg_hex ); + add_len = mbedtls_test_unhexify( add, add_hex ); + result_len = mbedtls_test_unhexify( result, result_hex ); + source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); + frame_counter_len = mbedtls_test_unhexify( frame_counter, frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function index 49b389c7f..48ac9755a 100644 --- a/tests/suites/test_suite_chacha20.function +++ b/tests/suites/test_suite_chacha20.function @@ -31,10 +31,10 @@ void chacha20_crypt( char *hex_key_string, memset( dst_str, 0x00, sizeof( dst_str ) ); memset( output, 0x00, sizeof( output ) ); - key_len = unhexify( key_str, hex_key_string ); - nonce_len = unhexify( nonce_str, hex_nonce_string ); - src_len = unhexify( src_str, hex_src_string ); - dst_len = unhexify( dst_str, hex_dst_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); + src_len = mbedtls_test_unhexify( src_str, hex_src_string ); + dst_len = mbedtls_test_unhexify( dst_str, hex_dst_string ); TEST_ASSERT( src_len == dst_len ); TEST_ASSERT( key_len == 32U ); @@ -45,7 +45,7 @@ void chacha20_crypt( char *hex_key_string, */ TEST_ASSERT( mbedtls_chacha20_crypt( key_str, nonce_str, counter, src_len, src_str, output ) == 0 ); - hexify( dst_str, output, src_len ); + mbedtls_test_hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); /* @@ -60,7 +60,7 @@ void chacha20_crypt( char *hex_key_string, memset( output, 0x00, sizeof( output ) ); TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len, src_str, output ) == 0 ); - hexify( dst_str, output, src_len ); + mbedtls_test_hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); /* @@ -75,7 +75,7 @@ void chacha20_crypt( char *hex_key_string, TEST_ASSERT( mbedtls_chacha20_update( &ctx, 1, src_str, output ) == 0 ); TEST_ASSERT( mbedtls_chacha20_update( &ctx, src_len - 1, src_str + 1, output + 1 ) == 0 ); - hexify( dst_str, output, src_len ); + mbedtls_test_hexify( dst_str, output, src_len ); TEST_ASSERT( strcmp( (char*) dst_str, hex_dst_string ) == 0 ); mbedtls_chacha20_free( &ctx ); diff --git a/tests/suites/test_suite_chachapoly.function b/tests/suites/test_suite_chachapoly.function index 8e56bf69a..aeaf1d74a 100644 --- a/tests/suites/test_suite_chachapoly.function +++ b/tests/suites/test_suite_chachapoly.function @@ -33,12 +33,12 @@ void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char memset( output_str, 0x00, sizeof( output_str ) ); memset( mac_str, 0x00, sizeof( mac_str ) ); - aad_len = unhexify( aad_str, hex_aad_string ); - input_len = unhexify( input_str, hex_input_string ); - output_len = unhexify( output_str, hex_output_string ); - key_len = unhexify( key_str, hex_key_string ); - nonce_len = unhexify( nonce_str, hex_nonce_string ); - mac_len = unhexify( mac_str, hex_mac_string ); + aad_len = mbedtls_test_unhexify( aad_str, hex_aad_string ); + input_len = mbedtls_test_unhexify( input_str, hex_input_string ); + output_len = mbedtls_test_unhexify( output_str, hex_output_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); + mac_len = mbedtls_test_unhexify( mac_str, hex_mac_string ); TEST_ASSERT( key_len == 32 ); TEST_ASSERT( nonce_len == 12 ); @@ -87,12 +87,12 @@ void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char memset( output_str, 0x00, sizeof( output_str ) ); memset( mac_str, 0x00, sizeof( mac_str ) ); - aad_len = unhexify( aad_str, hex_aad_string ); - input_len = unhexify( input_str, hex_input_string ); - output_len = unhexify( output_str, hex_output_string ); - key_len = unhexify( key_str, hex_key_string ); - nonce_len = unhexify( nonce_str, hex_nonce_string ); - mac_len = unhexify( mac_str, hex_mac_string ); + aad_len = mbedtls_test_unhexify( aad_str, hex_aad_string ); + input_len = mbedtls_test_unhexify( input_str, hex_input_string ); + output_len = mbedtls_test_unhexify( output_str, hex_output_string ); + key_len = mbedtls_test_unhexify( key_str, hex_key_string ); + nonce_len = mbedtls_test_unhexify( nonce_str, hex_nonce_string ); + mac_len = mbedtls_test_unhexify( mac_str, hex_mac_string ); TEST_ASSERT( key_len == 32 ); TEST_ASSERT( nonce_len == 12 ); diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 783407314..8b2956f94 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -1161,15 +1161,15 @@ void test_vec_crypt( int cipher_id, int operation, char *hex_key, TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, mbedtls_cipher_info_from_type( cipher_id ) ) ); - key_len = unhexify( key, hex_key ); - inputlen = unhexify( input, hex_input ); - resultlen = unhexify( result, hex_result ); + key_len = mbedtls_test_unhexify( key, hex_key ); + inputlen = mbedtls_test_unhexify( input, hex_input ); + resultlen = mbedtls_test_unhexify( result, hex_result ); TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) ); if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode ) TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) ); - iv_len = unhexify( iv, hex_iv ); + iv_len = mbedtls_test_unhexify( iv, hex_iv ); TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL, iv_len, input, inputlen, diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index d6bed7f4c..6d0a10efc 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -359,13 +359,13 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); - z_len = unhexify( z, z_str ); + z_len = mbedtls_test_unhexify( z, z_str ); rnd_info_A.buf = rnd_buf_A; - rnd_info_A.length = unhexify( rnd_buf_A, dA_str ); + rnd_info_A.length = mbedtls_test_unhexify( rnd_buf_A, dA_str ); rnd_info_B.buf = rnd_buf_B; - rnd_info_B.length = unhexify( rnd_buf_B, dB_str ); + rnd_info_B.length = mbedtls_test_unhexify( rnd_buf_B, dB_str ); /* The ECDH context is not guaranteed ot have an mbedtls_ecp_group structure * in every configuration, therefore we load it separately. */ diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 59c1c4907..4176b8164 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -420,9 +420,9 @@ void ecdsa_read_restart( int id, char *k_str, char *h_str, char *s_str, mbedtls_ecdsa_init( &ctx ); mbedtls_ecdsa_restart_init( &rs_ctx ); - hash_len = unhexify(hash, h_str); - sig_len = unhexify(sig, s_str); - pk_len = unhexify(pk, k_str); + hash_len = mbedtls_test_unhexify(hash, h_str); + sig_len = mbedtls_test_unhexify(sig, s_str); + pk_len = mbedtls_test_unhexify(pk, k_str); TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_binary( &ctx.grp, &ctx.Q, pk, pk_len ) == 0 ); @@ -494,7 +494,7 @@ void ecdsa_write_restart( int id, char *d_str, int md_alg, TEST_ASSERT( mbedtls_ecp_group_load( &ctx.grp, id ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &ctx.d, 16, d_str ) == 0 ); - slen_check = unhexify( sig_check, sig_str ); + slen_check = mbedtls_test_unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 3e8720734..c08d8f335 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -28,17 +28,17 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); - ikm_len = unhexify( ikm, hex_ikm_string ); - salt_len = unhexify( salt, hex_salt_string ); - info_len = unhexify( info, hex_info_string ); - okm_len = unhexify( expected_okm, hex_okm_string ); + ikm_len = mbedtls_test_unhexify( ikm, hex_ikm_string ); + salt_len = mbedtls_test_unhexify( salt, hex_salt_string ); + info_len = mbedtls_test_unhexify( info, hex_info_string ); + okm_len = mbedtls_test_unhexify( expected_okm, hex_okm_string ); ret = mbedtls_hkdf( md, salt, salt_len, ikm, ikm_len, info, info_len, okm, okm_len); TEST_ASSERT( ret == 0 ); - // Run hexify on it so that it looks nicer if the assertion fails - hexify( okm_hex, okm, okm_len ); + // Run mbedtls_test_hexify on it so that it looks nicer if the assertion fails + mbedtls_test_hexify( okm_hex, okm, okm_len ); TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_nist_kw.function b/tests/suites/test_suite_nist_kw.function index 9c34ea619..827c6903a 100644 --- a/tests/suites/test_suite_nist_kw.function +++ b/tests/suites/test_suite_nist_kw.function @@ -259,9 +259,9 @@ void mbedtls_nist_kw_wrap( int cipher_id, int mode, memset( msg, 0x00, sizeof( msg ) ); memset( result, '+', sizeof( result ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - result_len = unhexify( expected_result, result_hex ); + key_len = mbedtls_test_unhexify( key, key_hex ); + msg_len = mbedtls_test_unhexify( msg, msg_hex ); + result_len = mbedtls_test_unhexify( expected_result, result_hex ); output_len = sizeof( result ); TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 1 ) @@ -306,9 +306,9 @@ void mbedtls_nist_kw_unwrap( int cipher_id, int mode, memset( result, '+', sizeof( result ) ); memset( expected_result, 0x00, sizeof( expected_result ) ); - key_len = unhexify( key, key_hex ); - msg_len = unhexify( msg, msg_hex ); - result_len = unhexify( expected_result, result_hex ); + key_len = mbedtls_test_unhexify( key, key_hex ); + msg_len = mbedtls_test_unhexify( msg, msg_hex ); + result_len = mbedtls_test_unhexify( expected_result, result_hex ); output_len = sizeof( result ); TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 0 ) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 88f8e3bab..5a30f0f4d 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -841,7 +841,7 @@ void pk_sign_verify_restart( int pk_type, int grp_id, char *d_str, TEST_ASSERT( mbedtls_ecp_group_load( &mbedtls_pk_ec( pub )->grp, grp_id ) == 0 ); TEST_ASSERT( mbedtls_ecp_point_read_string( &mbedtls_pk_ec( pub )->Q, 16, QX_str, QY_str ) == 0 ); - slen_check = unhexify( sig_check, sig_str ); + slen_check = mbedtls_test_unhexify( sig_check, sig_str ); md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function index 066bb3942..eadb992fe 100644 --- a/tests/suites/test_suite_poly1305.function +++ b/tests/suites/test_suite_poly1305.function @@ -23,15 +23,15 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src memset( key, 0x00, sizeof( key ) ); memset( mac, 0x00, sizeof( mac ) ); - src_len = unhexify( src_str, hex_src_string ); - unhexify( key, hex_key_string ); + src_len = mbedtls_test_unhexify( src_str, hex_src_string ); + mbedtls_test_unhexify( key, hex_key_string ); /* * Test the integrated API */ TEST_ASSERT( mbedtls_poly1305_mac( key, src_str, src_len, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); /* @@ -45,7 +45,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); /* @@ -63,7 +63,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); } @@ -80,7 +80,7 @@ void mbedtls_poly1305( char *hex_key_string, char *hex_mac_string, char *hex_src TEST_ASSERT( mbedtls_poly1305_finish( &ctx, mac ) == 0 ); - hexify( mac_str, mac, 16 ); + mbedtls_test_hexify( mac_str, mac, 16 ); TEST_ASSERT( strcmp( (char *) mac_str, hex_mac_string ) == 0 ); } From ff31eab9381496a8808c9affdf48dbe526ced887 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 8 Jun 2020 17:20:59 +0200 Subject: [PATCH 66/87] tests: Reformating due to *hexify functions renaming Command to find the files in which lines have gone larger than 79 characters due to the renaming: grep '.\{80\}' \ `git diff-tree --no-commit-id --name-only -r HEAD` \ | grep hexify Signed-off-by: Ronald Cron --- tests/suites/host_test.function | 3 ++- tests/suites/test_suite_ccm.function | 12 ++++++++---- tests/suites/test_suite_hkdf.function | 5 ++++- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function index 77f146baa..c57fa0707 100644 --- a/tests/suites/host_test.function +++ b/tests/suites/host_test.function @@ -277,7 +277,8 @@ static int convert_params( size_t cnt , char ** params , int * int_params_store { if ( verify_string( &val ) == 0 ) { - *int_params_store = mbedtls_test_unhexify( (unsigned char *) val, val ); + *int_params_store = mbedtls_test_unhexify( + (unsigned char *) val, val ); *out++ = val; *out++ = (char *)(int_params_store++); } diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function index 2e374c0a5..01e1a173b 100644 --- a/tests/suites/test_suite_ccm.function +++ b/tests/suites/test_suite_ccm.function @@ -222,8 +222,10 @@ void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, msg_len = mbedtls_test_unhexify( msg, msg_hex ); add_len = mbedtls_test_unhexify( add, add_hex ); result_len = mbedtls_test_unhexify( result, result_hex ); - source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); - frame_counter_len = mbedtls_test_unhexify( frame_counter, frame_counter_hex ); + source_address_len = mbedtls_test_unhexify( source_address, + source_address_hex ); + frame_counter_len = mbedtls_test_unhexify( frame_counter, + frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; @@ -290,8 +292,10 @@ void mbedtls_ccm_star_auth_decrypt( int cipher_id, msg_len = mbedtls_test_unhexify( msg, msg_hex ); add_len = mbedtls_test_unhexify( add, add_hex ); result_len = mbedtls_test_unhexify( result, result_hex ); - source_address_len = mbedtls_test_unhexify( source_address, source_address_hex ); - frame_counter_len = mbedtls_test_unhexify( frame_counter, frame_counter_hex ); + source_address_len = mbedtls_test_unhexify( source_address, + source_address_hex ); + frame_counter_len = mbedtls_test_unhexify( frame_counter, + frame_counter_hex ); if( sec_level % 4 == 0) tag_len = 0; diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index c08d8f335..9781e7f28 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -37,7 +37,10 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, okm_len); TEST_ASSERT( ret == 0 ); - // Run mbedtls_test_hexify on it so that it looks nicer if the assertion fails + /* + * Run mbedtls_test_hexify on it so that it looks nicer if the assertion + * fails. + */ mbedtls_test_hexify( okm_hex, okm, okm_len ); TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) ); } From 690f3ebe92cb93f0437a3bfdcee84b61c5b377ca Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 10:42:18 +0200 Subject: [PATCH 67/87] tests: Add mbedtls_test_ prefix to zero_alloc() Add mbedtls_test_ prefix to zero_alloc() test helper function. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/zero_alloc/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 2 +- tests/src/helpers.c | 4 ++-- tests/suites/test_suite_aes.function | 4 ++-- tests/suites/test_suite_base64.function | 4 ++-- tests/suites/test_suite_pkcs5.function | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 2d53cf9ea..134e49b7d 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -65,7 +65,7 @@ void mbedtls_test_hexify( unsigned char *obuf, * * For convenience, dies if allocation fails. */ -unsigned char *zero_alloc( size_t len ); +unsigned char *mbedtls_test_zero_alloc( size_t len ); /** * Allocate and fill a buffer from hex data. diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 358f3e4ae..063ebcd68 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -100,7 +100,7 @@ void mbedtls_test_hexify( unsigned char *obuf, } } -unsigned char *zero_alloc( size_t len ) +unsigned char *mbedtls_test_zero_alloc( size_t len ) { void *p; size_t actual_len = ( len != 0 ) ? len : 1; @@ -120,7 +120,7 @@ unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) *olen = strlen( ibuf ) / 2; if( *olen == 0 ) - return( zero_alloc( *olen ) ); + return( mbedtls_test_zero_alloc( *olen ) ); obuf = mbedtls_calloc( 1, *olen ); TEST_HELPER_ASSERT( obuf != NULL ); diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 9734aa0d5..8fe0bda9b 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -129,7 +129,7 @@ void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string, dst = unhexify_alloc( hex_dst_string, &dst_len ); TEST_ASSERT( src_len == dst_len ); - output = zero_alloc( dst_len ); + output = mbedtls_test_zero_alloc( dst_len ); TEST_ASSERT( mbedtls_aes_xts_setkey_enc( &ctx, key, key_len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, src_len, @@ -172,7 +172,7 @@ void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string, dst = unhexify_alloc( hex_dst_string, &dst_len ); TEST_ASSERT( src_len == dst_len ); - output = zero_alloc( dst_len ); + output = mbedtls_test_zero_alloc( dst_len ); TEST_ASSERT( mbedtls_aes_xts_setkey_dec( &ctx, key, key_len * 8 ) == 0 ); TEST_ASSERT( mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_DECRYPT, src_len, diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function index 3a8bf430f..dc6ec153b 100644 --- a/tests/suites/test_suite_base64.function +++ b/tests/suites/test_suite_base64.function @@ -55,7 +55,7 @@ void base64_encode_hex( data_t * src, char * dst, int dst_buf_size, unsigned char *res = NULL; size_t len; - res = zero_alloc( dst_buf_size ); + res = mbedtls_test_zero_alloc( dst_buf_size ); TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result ); if( result == 0 ) @@ -76,7 +76,7 @@ void base64_decode_hex( char * src, data_t * dst, int dst_buf_size, unsigned char *res = NULL; size_t len; - res = zero_alloc( dst_buf_size ); + res = mbedtls_test_zero_alloc( dst_buf_size ); TEST_ASSERT( mbedtls_base64_decode( res, dst_buf_size, &len, (unsigned char *) src, strlen( src ) ) == result ); diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index 26f1d3331..ee894f134 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -43,7 +43,7 @@ void mbedtls_pkcs5_pbes2( int params_tag, data_t *params_hex, data_t *pw, params.p = params_hex->x; params.len = params_hex->len; - my_out = zero_alloc( ref_out->len ); + my_out = mbedtls_test_zero_alloc( ref_out->len ); my_ret = mbedtls_pkcs5_pbes2( ¶ms, MBEDTLS_PKCS5_DECRYPT, pw->x, pw->len, data->x, data->len, my_out ); From a256c7025fc3ed401159f7754674e65d0639dd8b Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 10:53:11 +0200 Subject: [PATCH 68/87] tests: Add mbedtls_test_ prefix to unhexify_alloc() Add mbedtls_test_ prefix to unhexify_alloc() test helper functions. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/unhexify_alloc\>/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 2 +- tests/src/helpers.c | 2 +- tests/suites/test_suite_aes.function | 16 ++++++++-------- tests/suites/test_suite_hkdf.function | 12 ++++++------ 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 134e49b7d..ad6b9d793 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -77,7 +77,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ); * * For convenience, dies if allocation fails. */ -unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ); +unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 063ebcd68..5f1250110 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -113,7 +113,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ) return( p ); } -unsigned char *unhexify_alloc( const char *ibuf, size_t *olen ) +unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) { unsigned char *obuf; diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 8fe0bda9b..887cee84d 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -119,14 +119,14 @@ void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string, mbedtls_aes_xts_init( &ctx ); - data_unit = unhexify_alloc( hex_data_unit_string, &data_unit_len ); + data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, &data_unit_len ); TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE ); - key = unhexify_alloc( hex_key_string, &key_len ); + key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len ); TEST_ASSERT( key_len % 2 == 0 ); - src = unhexify_alloc( hex_src_string, &src_len ); - dst = unhexify_alloc( hex_dst_string, &dst_len ); + src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len ); + dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len ); TEST_ASSERT( src_len == dst_len ); output = mbedtls_test_zero_alloc( dst_len ); @@ -162,14 +162,14 @@ void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string, mbedtls_aes_xts_init( &ctx ); - data_unit = unhexify_alloc( hex_data_unit_string, &data_unit_len ); + data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, &data_unit_len ); TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE ); - key = unhexify_alloc( hex_key_string, &key_len ); + key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len ); TEST_ASSERT( key_len % 2 == 0 ); - src = unhexify_alloc( hex_src_string, &src_len ); - dst = unhexify_alloc( hex_dst_string, &dst_len ); + src = mbedtls_test_unhexify_alloc( hex_src_string, &src_len ); + dst = mbedtls_test_unhexify_alloc( hex_dst_string, &dst_len ); TEST_ASSERT( src_len == dst_len ); output = mbedtls_test_zero_alloc( dst_len ); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index 9781e7f28..47e8ee63f 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -63,9 +63,9 @@ void test_hkdf_extract( int md_alg, char *hex_ikm_string, output_prk_len = mbedtls_md_get_size( md ); output_prk = mbedtls_calloc( 1, output_prk_len ); - ikm = unhexify_alloc( hex_ikm_string, &ikm_len ); - salt = unhexify_alloc( hex_salt_string, &salt_len ); - prk = unhexify_alloc( hex_prk_string, &prk_len ); + ikm = mbedtls_test_unhexify_alloc( hex_ikm_string, &ikm_len ); + salt = mbedtls_test_unhexify_alloc( hex_salt_string, &salt_len ); + prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len ); TEST_ASSERT( prk_len == output_prk_len ); ret = mbedtls_hkdf_extract( md, salt, salt_len, ikm, ikm_len, output_prk ); @@ -98,9 +98,9 @@ void test_hkdf_expand( int md_alg, char *hex_info_string, output_okm = mbedtls_calloc( OKM_LEN, 1 ); - prk = unhexify_alloc( hex_prk_string, &prk_len ); - info = unhexify_alloc( hex_info_string, &info_len ); - okm = unhexify_alloc( hex_okm_string, &okm_len ); + prk = mbedtls_test_unhexify_alloc( hex_prk_string, &prk_len ); + info = mbedtls_test_unhexify_alloc( hex_info_string, &info_len ); + okm = mbedtls_test_unhexify_alloc( hex_okm_string, &okm_len ); TEST_ASSERT( prk_len == mbedtls_md_get_size( md ) ); TEST_ASSERT( okm_len < OKM_LEN ); From f73ab008d2ab362b244cf5ecc2b277294e7735e4 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 10:57:28 +0200 Subject: [PATCH 69/87] tests: Reformating due to unhexify_alloc() renaming Command to find the files in which lines have gone larger than 79 characters due to the renaming: grep '.\{80\}' \ `git diff-tree --no-commit-id --name-only -r HEAD` \ | grep unhexify_alloc Signed-off-by: Ronald Cron --- tests/suites/test_suite_aes.function | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 887cee84d..c2b497813 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -119,7 +119,8 @@ void aes_encrypt_xts( char *hex_key_string, char *hex_data_unit_string, mbedtls_aes_xts_init( &ctx ); - data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, &data_unit_len ); + data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, + &data_unit_len ); TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE ); key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len ); @@ -162,7 +163,8 @@ void aes_decrypt_xts( char *hex_key_string, char *hex_data_unit_string, mbedtls_aes_xts_init( &ctx ); - data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, &data_unit_len ); + data_unit = mbedtls_test_unhexify_alloc( hex_data_unit_string, + &data_unit_len ); TEST_ASSERT( data_unit_len == AES_BLOCK_SIZE ); key = mbedtls_test_unhexify_alloc( hex_key_string, &key_len ); From de70b165a4e0638ddcf5498495d53608069181b7 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 11:03:08 +0200 Subject: [PATCH 70/87] tests: Add mbedtls_test_ prefix to hexcmp() Add mbedtls_test_ prefix to hexcmp() test helper function. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/hexcmp\>/,"mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/helpers.h | 3 ++- tests/src/helpers.c | 3 ++- tests/suites/test_suite_aes.function | 16 ++++++++-------- tests/suites/test_suite_arc4.function | 2 +- tests/suites/test_suite_blowfish.function | 14 +++++++------- tests/suites/test_suite_camellia.function | 12 ++++++------ tests/suites/test_suite_des.function | 16 ++++++++-------- tests/suites/test_suite_ecp.function | 2 +- tests/suites/test_suite_gcm.function | 6 +++--- tests/suites/test_suite_md.function | 20 ++++++++++---------- tests/suites/test_suite_mdx.function | 8 ++++---- tests/suites/test_suite_mpi.function | 6 +++--- tests/suites/test_suite_pkcs1_v15.function | 6 +++--- tests/suites/test_suite_pkcs1_v21.function | 6 +++--- tests/suites/test_suite_pkcs5.function | 2 +- tests/suites/test_suite_rsa.function | 20 ++++++++++---------- tests/suites/test_suite_shax.function | 10 +++++----- tests/suites/test_suite_ssl.function | 2 +- tests/suites/test_suite_xtea.function | 8 ++++---- 19 files changed, 82 insertions(+), 80 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index ad6b9d793..36b9e72e2 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -79,6 +79,7 @@ unsigned char *mbedtls_test_zero_alloc( size_t len ); */ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ); -int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ); +int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, + uint32_t a_len, uint32_t b_len ); #endif /* TEST_HELPERS_H */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 5f1250110..f0c27c3ff 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -130,7 +130,8 @@ unsigned char *mbedtls_test_unhexify_alloc( const char *ibuf, size_t *olen ) return( obuf ); } -int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len ) +int mbedtls_test_hexcmp( uint8_t * a, uint8_t * b, + uint32_t a_len, uint32_t b_len ) { int ret = 0; uint32_t i = 0; diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index c2b497813..677978d30 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -23,7 +23,7 @@ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); } exit: @@ -47,7 +47,7 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); } exit: @@ -72,7 +72,7 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -96,7 +96,7 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -243,7 +243,7 @@ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -265,7 +265,7 @@ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -286,7 +286,7 @@ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -307,7 +307,7 @@ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function index ae3b032b3..7f85df6a3 100644 --- a/tests/suites/test_suite_arc4.function +++ b/tests/suites/test_suite_arc4.function @@ -21,7 +21,7 @@ void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, mbedtls_arc4_setup(&ctx, key_str->x, key_str->len); TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 ); - TEST_ASSERT( hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_arc4_free( &ctx ); diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index 7a93cd139..d14555eec 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -181,7 +181,7 @@ void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); } exit: @@ -205,7 +205,7 @@ void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); } exit: @@ -231,7 +231,7 @@ void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -256,7 +256,7 @@ void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -280,7 +280,7 @@ void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -303,7 +303,7 @@ void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -327,7 +327,7 @@ void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 940834815..4a2d764f6 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -189,7 +189,7 @@ void camellia_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); } exit: @@ -213,7 +213,7 @@ void camellia_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); } exit: @@ -238,7 +238,7 @@ void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -263,7 +263,7 @@ void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -287,7 +287,7 @@ void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); @@ -310,7 +310,7 @@ void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index b5acb7b0f..4ba8a85ab 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -28,7 +28,7 @@ void des_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_enc( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -49,7 +49,7 @@ void des_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_dec( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -73,7 +73,7 @@ void des_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -98,7 +98,7 @@ void des_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -126,7 +126,7 @@ void des3_encrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -153,7 +153,7 @@ void des3_decrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -184,7 +184,7 @@ void des3_encrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: @@ -216,7 +216,7 @@ void des3_decrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 6385e7767..2cf84d791 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -806,7 +806,7 @@ void ecp_write_binary( int id, char * x, char * y, char * z, int format, if( ret == 0 ) { - TEST_ASSERT( hexcmp( buf, out->x, olen, out->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, out->x, olen, out->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 1fcb681b9..ea2c91d77 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -55,8 +55,8 @@ void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, { TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); - TEST_ASSERT( hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 ); } exit: @@ -94,7 +94,7 @@ void gcm_decrypt_and_verify( int cipher_id, data_t * key_str, { TEST_ASSERT( ret == 0 ); - TEST_ASSERT( hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 ); } } diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index 11cf88ae7..e2d9149d2 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -145,7 +145,7 @@ void md_text( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -167,7 +167,7 @@ void md_hex( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str->x, src_str->len, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -208,7 +208,7 @@ void md_text_multi( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len) == 0 ); /* Test clone */ @@ -216,7 +216,7 @@ void md_text_multi( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -255,14 +255,14 @@ void md_hex_multi( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -289,7 +289,7 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -321,7 +321,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); /* Test again, for reset() */ memset( output, 0x00, 100 ); @@ -331,7 +331,7 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -355,6 +355,6 @@ void mbedtls_md_file( char * text_md_name, char * filename, TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index 02004efa8..b6c8d8d62 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -20,7 +20,7 @@ void md2_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ) ; - TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -39,7 +39,7 @@ void md4_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -58,7 +58,7 @@ void md5_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -77,7 +77,7 @@ void ripemd160_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 43975cba0..a3afb9b6d 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -373,7 +373,7 @@ void mbedtls_mpi_write_binary( int radix_X, char * input_X, if( result == 0) { - TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); } exit: @@ -404,7 +404,7 @@ void mbedtls_mpi_write_binary_le( int radix_X, char * input_X, if( result == 0) { - TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); } exit: @@ -438,7 +438,7 @@ void mbedtls_mpi_read_file( int radix_X, char * input_file, TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 ); - TEST_ASSERT( hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 13fdf58f8..1f6597482 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -37,7 +37,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -87,7 +87,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 ); } } @@ -287,7 +287,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 7b8087b1c..c3ac92f00 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -37,7 +37,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -93,7 +93,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, sizeof( output ) ) == result ); if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); } } @@ -146,7 +146,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index ee894f134..c334a7a10 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -24,7 +24,7 @@ void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str, TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len, it_cnt, key_len, key ) == 0 ); - TEST_ASSERT( hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 9a3b5837c..bbe3638d7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -506,7 +506,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -586,7 +586,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, output ) == 0 ); - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); #if defined(MBEDTLS_PKCS1_V15) /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ @@ -608,7 +608,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, if( res == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } } #endif /* MBEDTLS_PKCS1_V15 */ @@ -714,7 +714,7 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -752,7 +752,7 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -800,7 +800,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); } exit: @@ -837,7 +837,7 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } /* And now with the copy */ @@ -852,7 +852,7 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -902,7 +902,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); } } @@ -919,7 +919,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index e621f49cd..358054eca 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -61,7 +61,7 @@ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -131,7 +131,7 @@ void sha224( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -145,7 +145,7 @@ void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -215,7 +215,7 @@ void sha384( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -229,7 +229,7 @@ void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 6b32ca344..639e8c370 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3424,7 +3424,7 @@ void ssl_tls_prf( int type, data_t * secret, data_t * random, if( exp_ret == 0 ) { - TEST_ASSERT( hexcmp( output, result_hex_str->x, + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, result_hex_str->len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function index a24a42065..f1926d644 100644 --- a/tests/suites/test_suite_xtea.function +++ b/tests/suites/test_suite_xtea.function @@ -20,7 +20,7 @@ void xtea_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -37,7 +37,7 @@ void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -55,7 +55,7 @@ void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -73,7 +73,7 @@ void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); } /* END_CASE */ From 2dbba9970835f21ddad3121329c996057c82f126 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 11:42:32 +0200 Subject: [PATCH 71/87] tests: Reformating due to hexcmp() renaming Command to find the files in which lines have gone larger than 79 characters due to the renaming: grep '.\{80\}' \ `git diff-tree --no-commit-id --name-only -r HEAD` \ | grep hexcmp Signed-off-by: Ronald Cron --- tests/suites/test_suite_aes.function | 28 ++++++++++++----- tests/suites/test_suite_arc4.function | 4 ++- tests/suites/test_suite_blowfish.function | 26 +++++++++++----- tests/suites/test_suite_camellia.function | 20 +++++++++---- tests/suites/test_suite_des.function | 28 ++++++++++++----- tests/suites/test_suite_gcm.function | 11 +++++-- tests/suites/test_suite_md.function | 35 +++++++++++++++------- tests/suites/test_suite_mdx.function | 16 +++++++--- tests/suites/test_suite_mpi.function | 9 ++++-- tests/suites/test_suite_pkcs1_v15.function | 10 +++++-- tests/suites/test_suite_pkcs1_v21.function | 10 +++++-- tests/suites/test_suite_pkcs5.function | 3 +- tests/suites/test_suite_rsa.function | 34 ++++++++++++++------- tests/suites/test_suite_shax.function | 15 ++++++---- tests/suites/test_suite_xtea.function | 14 ++++++--- 15 files changed, 187 insertions(+), 76 deletions(-) diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function index 677978d30..f1be3cec2 100644 --- a/tests/suites/test_suite_aes.function +++ b/tests/suites/test_suite_aes.function @@ -23,7 +23,8 @@ void aes_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); } exit: @@ -47,7 +48,8 @@ void aes_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); } exit: @@ -72,7 +74,9 @@ void aes_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -96,7 +100,9 @@ void aes_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -243,7 +249,8 @@ void aes_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -265,7 +272,8 @@ void aes_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -286,7 +294,9 @@ void aes_encrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); @@ -307,7 +317,9 @@ void aes_decrypt_cfb8( data_t * key_str, data_t * iv_str, mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_aes_free( &ctx ); diff --git a/tests/suites/test_suite_arc4.function b/tests/suites/test_suite_arc4.function index 7f85df6a3..9aa491382 100644 --- a/tests/suites/test_suite_arc4.function +++ b/tests/suites/test_suite_arc4.function @@ -21,7 +21,9 @@ void mbedtls_arc4_crypt( data_t * src_str, data_t * key_str, mbedtls_arc4_setup(&ctx, key_str->x, key_str->len); TEST_ASSERT( mbedtls_arc4_crypt(&ctx, src_str->len, src_str->x, dst_str ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( dst_str, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_arc4_free( &ctx ); diff --git a/tests/suites/test_suite_blowfish.function b/tests/suites/test_suite_blowfish.function index d14555eec..eb6891cad 100644 --- a/tests/suites/test_suite_blowfish.function +++ b/tests/suites/test_suite_blowfish.function @@ -181,7 +181,8 @@ void blowfish_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); } exit: @@ -205,7 +206,8 @@ void blowfish_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_blowfish_crypt_ecb( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); } exit: @@ -231,7 +233,9 @@ void blowfish_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -256,7 +260,9 @@ void blowfish_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -280,7 +286,9 @@ void blowfish_encrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_ENCRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -303,7 +311,9 @@ void blowfish_decrypt_cfb64( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_cfb64( &ctx, MBEDTLS_BLOWFISH_DECRYPT, src_str->len, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); @@ -327,7 +337,9 @@ void blowfish_encrypt_ctr( data_t * key_str, data_t * iv_str, mbedtls_blowfish_setkey( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_blowfish_crypt_ctr( &ctx, src_str->len, &iv_offset, iv_str->x, stream_str, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); exit: mbedtls_blowfish_free( &ctx ); diff --git a/tests/suites/test_suite_camellia.function b/tests/suites/test_suite_camellia.function index 4a2d764f6..4949feb88 100644 --- a/tests/suites/test_suite_camellia.function +++ b/tests/suites/test_suite_camellia.function @@ -189,7 +189,8 @@ void camellia_encrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); } exit: @@ -213,7 +214,8 @@ void camellia_decrypt_ecb( data_t * key_str, data_t * src_str, { TEST_ASSERT( mbedtls_camellia_crypt_ecb( &ctx, MBEDTLS_CAMELLIA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); } exit: @@ -238,7 +240,9 @@ void camellia_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -263,7 +267,9 @@ void camellia_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -287,7 +293,8 @@ void camellia_encrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); @@ -310,7 +317,8 @@ void camellia_decrypt_cfb128( data_t * key_str, data_t * iv_str, mbedtls_camellia_setkey_enc( &ctx, key_str->x, key_str->len * 8 ); TEST_ASSERT( mbedtls_camellia_crypt_cfb128( &ctx, MBEDTLS_CAMELLIA_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 16, hex_dst_string->len ) == 0 ); exit: mbedtls_camellia_free( &ctx ); diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function index 4ba8a85ab..625c87ab1 100644 --- a/tests/suites/test_suite_des.function +++ b/tests/suites/test_suite_des.function @@ -28,7 +28,8 @@ void des_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_enc( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -49,7 +50,8 @@ void des_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_des_setkey_dec( &ctx, key_str->x ); TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des_free( &ctx ); @@ -73,7 +75,9 @@ void des_encrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -98,7 +102,9 @@ void des_decrypt_cbc( data_t * key_str, data_t * iv_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -126,7 +132,8 @@ void des3_encrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -153,7 +160,8 @@ void des3_decrypt_ecb( int key_count, data_t * key_str, TEST_ASSERT( mbedtls_des3_crypt_ecb( &ctx, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); exit: mbedtls_des3_free( &ctx ); @@ -184,7 +192,9 @@ void des3_encrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: @@ -216,7 +226,9 @@ void des3_decrypt_cbc( int key_count, data_t * key_str, if( cbc_result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index ea2c91d77..b28d918ba 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -55,8 +55,11 @@ void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, { TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x, tag_len, hex_tag_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( tag_output, hex_tag_string->x, + tag_len, hex_tag_string->len ) == 0 ); } exit: @@ -94,7 +97,9 @@ void gcm_decrypt_and_verify( int cipher_id, data_t * key_str, { TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, pt_result->x, src_str->len, pt_result->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, pt_result->x, + src_str->len, + pt_result->len ) == 0 ); } } diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function index e2d9149d2..be5782902 100644 --- a/tests/suites/test_suite_md.function +++ b/tests/suites/test_suite_md.function @@ -145,7 +145,9 @@ void md_text( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md( md_info, src_str, strlen( (char *) src_str ), output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -168,7 +170,8 @@ void md_hex( char * text_md_name, data_t * src_str, TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -209,14 +212,17 @@ void md_text_multi( char * text_md_name, char * text_src_string, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, - mbedtls_md_get_size( md_info ), hex_hash_string->len) == 0 ); + mbedtls_md_get_size( md_info ), + hex_hash_string->len) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str + halfway, len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -255,14 +261,18 @@ void md_hex_multi( char * text_md_name, data_t * src_str, TEST_ASSERT ( 0 == mbedtls_md_update( &ctx, src_str->x + halfway, src_str->len - halfway) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); /* Test clone */ memset( output, 0x00, 100 ); TEST_ASSERT ( 0 == mbedtls_md_update( &ctx_copy, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_finish( &ctx_copy, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -289,7 +299,8 @@ void mbedtls_md_hmac( char * text_md_name, int trunc_size, TEST_ASSERT ( mbedtls_md_hmac( md_info, key_str->x, key_str->len, src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + trunc_size, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -321,7 +332,8 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + trunc_size, hex_hash_string->len ) == 0 ); /* Test again, for reset() */ memset( output, 0x00, 100 ); @@ -331,7 +343,8 @@ void md_hmac_multi( char * text_md_name, int trunc_size, data_t * key_str, TEST_ASSERT ( 0 == mbedtls_md_hmac_update( &ctx, src_str->x + halfway, src_str->len - halfway ) ); TEST_ASSERT ( 0 == mbedtls_md_hmac_finish( &ctx, output ) ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, trunc_size, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + trunc_size, hex_hash_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); @@ -355,6 +368,8 @@ void mbedtls_md_file( char * text_md_name, char * filename, TEST_ASSERT( mbedtls_md_file( md_info, filename, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, mbedtls_md_get_size( md_info ), hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + mbedtls_md_get_size( md_info ), + hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function index b6c8d8d62..ed2ae58b4 100644 --- a/tests/suites/test_suite_mdx.function +++ b/tests/suites/test_suite_mdx.function @@ -20,7 +20,9 @@ void md2_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md2_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ) ; - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + sizeof output, + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -39,7 +41,9 @@ void md4_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md4_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + sizeof output, + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -58,7 +62,9 @@ void md5_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_md5_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + sizeof output, + hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -77,7 +83,9 @@ void ripemd160_text( char * text_src_string, data_t * hex_hash_string ) ret = mbedtls_ripemd160_ret( src_str, strlen( (char *) src_str ), output ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, sizeof output, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + sizeof output, + hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index a3afb9b6d..895a08757 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -373,7 +373,8 @@ void mbedtls_mpi_write_binary( int radix_X, char * input_X, if( result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, + buflen, input_A->len ) == 0 ); } exit: @@ -404,7 +405,8 @@ void mbedtls_mpi_write_binary_le( int radix_X, char * input_X, if( result == 0) { - TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, + buflen, input_A->len ) == 0 ); } exit: @@ -438,7 +440,8 @@ void mbedtls_mpi_read_file( int radix_X, char * input_file, TEST_ASSERT( mbedtls_mpi_write_binary( &X, buf, buflen ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, buflen, input_A->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( buf, input_A->x, + buflen, input_A->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 1f6597482..d4f31f9b2 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -37,7 +37,8 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -87,7 +88,9 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + output_len, + result_hex_str->len) == 0 ); } } @@ -287,7 +290,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index c3ac92f00..86dfd5c4d 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -37,7 +37,8 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -93,7 +94,9 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, sizeof( output ) ) == result ); if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + output_len, + result_hex_str->len ) == 0 ); } } @@ -146,7 +149,8 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_pkcs5.function b/tests/suites/test_suite_pkcs5.function index c334a7a10..0b0c937cf 100644 --- a/tests/suites/test_suite_pkcs5.function +++ b/tests/suites/test_suite_pkcs5.function @@ -24,7 +24,8 @@ void pbkdf2_hmac( int hash, data_t * pw_str, data_t * salt_str, TEST_ASSERT( mbedtls_pkcs5_pbkdf2_hmac( &ctx, pw_str->x, pw_str->len, salt_str->x, salt_str->len, it_cnt, key_len, key ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x, key_len, result_key_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( key, result_key_string->x, + key_len, result_key_string->len ) == 0 ); exit: mbedtls_md_free( &ctx ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index bbe3638d7..59d688dd7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -506,7 +506,8 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -586,7 +587,8 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); #if defined(MBEDTLS_PKCS1_V15) /* For PKCS#1 v1.5, there is an alternative way to generate signatures */ @@ -608,7 +610,9 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, if( res == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, + result_hex_str->len ) == 0 ); } } #endif /* MBEDTLS_PKCS1_V15 */ @@ -714,7 +718,8 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -752,7 +757,8 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -800,7 +806,9 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, output_len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + output_len, + result_hex_str->len ) == 0 ); } exit: @@ -837,7 +845,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } /* And now with the copy */ @@ -852,7 +861,8 @@ void mbedtls_rsa_public( data_t * message_str, int mod, int radix_N, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, result_hex_str->len ) == 0 ); } exit: @@ -902,7 +912,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx.len, + result_hex_str->len ) == 0 ); } } @@ -919,7 +931,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, if( result == 0 ) { - TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, ctx2.len, result_hex_str->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, + ctx2.len, + result_hex_str->len ) == 0 ); } exit: diff --git a/tests/suites/test_suite_shax.function b/tests/suites/test_suite_shax.function index 358054eca..64280098c 100644 --- a/tests/suites/test_suite_shax.function +++ b/tests/suites/test_suite_shax.function @@ -61,7 +61,8 @@ void mbedtls_sha1( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha1_ret( src_str->x, src_str->len, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 20, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 20, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -131,7 +132,8 @@ void sha224( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 28, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 28, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -145,7 +147,8 @@ void mbedtls_sha256( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha256_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 32, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 32, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -215,7 +218,8 @@ void sha384( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 1 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 48, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 48, hex_hash_string->len ) == 0 ); } /* END_CASE */ @@ -229,7 +233,8 @@ void mbedtls_sha512( data_t * src_str, data_t * hex_hash_string ) TEST_ASSERT( mbedtls_sha512_ret( src_str->x, src_str->len, output, 0 ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, 64, hex_hash_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_hash_string->x, + 64, hex_hash_string->len ) == 0 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_xtea.function b/tests/suites/test_suite_xtea.function index f1926d644..f286e6735 100644 --- a/tests/suites/test_suite_xtea.function +++ b/tests/suites/test_suite_xtea.function @@ -20,7 +20,8 @@ void xtea_encrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -37,7 +38,8 @@ void xtea_decrypt_ecb( data_t * key_str, data_t * src_str, mbedtls_xtea_setup( &ctx, key_str->x ); TEST_ASSERT( mbedtls_xtea_crypt_ecb( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, 8, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + 8, hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -55,7 +57,9 @@ void xtea_encrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } /* END_CASE */ @@ -73,7 +77,9 @@ void xtea_decrypt_cbc( data_t * key_str, data_t * iv_str, TEST_ASSERT( mbedtls_xtea_crypt_cbc( &ctx, MBEDTLS_XTEA_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 ); - TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, src_str->len, hex_dst_string->len ) == 0 ); + TEST_ASSERT( mbedtls_test_hexcmp( output, hex_dst_string->x, + src_str->len, + hex_dst_string->len ) == 0 ); } /* END_CASE */ From 351f0eee205f5cc99407ca0b83b88d292a834e32 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 12:12:18 +0200 Subject: [PATCH 72/87] tests: Add mbedtls_test_ prefix to rnd_* symbols Add mbedtls_test_ prefix to rnd_buf_info and rnd_pseudo_info types, to rnd_std_rand(), rnd_zero_rand(), rnd_buffer_rand() and rnd_pseudo_rand() functions. Command to change *.function files: find . -name "*.function" -exec awk -i inplace \ '{sub(/rnd_(buf_info|pseudo_info|std_rand| \ zero_rand|buffer_rand|pseudo_rand)/, \ "mbedtls_test_&")}1' {} \; Signed-off-by: Ronald Cron --- tests/include/test/random.h | 20 +++-- tests/src/random.c | 28 ++++--- tests/suites/test_suite_ctr_drbg.function | 2 +- tests/suites/test_suite_dhm.function | 34 ++++----- tests/suites/test_suite_ecdh.function | 88 +++++++++++----------- tests/suites/test_suite_ecdsa.function | 64 ++++++++-------- tests/suites/test_suite_ecjpake.function | 18 ++--- tests/suites/test_suite_ecp.function | 72 +++++++++--------- tests/suites/test_suite_hmac_drbg.function | 2 +- tests/suites/test_suite_mpi.function | 10 +-- tests/suites/test_suite_pk.function | 88 +++++++++++----------- tests/suites/test_suite_pkcs1_v15.function | 24 +++--- tests/suites/test_suite_pkcs1_v21.function | 16 ++-- tests/suites/test_suite_rsa.function | 38 +++++----- tests/suites/test_suite_ssl.function | 8 +- tests/suites/test_suite_x509write.function | 26 +++---- 16 files changed, 278 insertions(+), 260 deletions(-) diff --git a/tests/include/test/random.h b/tests/include/test/random.h index c60803597..dfdefa688 100644 --- a/tests/include/test/random.h +++ b/tests/include/test/random.h @@ -39,7 +39,7 @@ typedef struct { unsigned char *buf; size_t length; -} rnd_buf_info; +} mbedtls_test_rnd_buf_info; /** * Info structure for the pseudo random function @@ -52,7 +52,7 @@ typedef struct { uint32_t key[16]; uint32_t v0, v1; -} rnd_pseudo_info; +} mbedtls_test_rnd_pseudo_info; /** * This function just returns data from rand(). @@ -63,14 +63,18 @@ typedef struct * * rng_state shall be NULL. */ -int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_std_rand( void *rng_state, + unsigned char *output, + size_t len ); /** * This function only returns zeros * * rng_state shall be NULL. */ -int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_zero_rand( void *rng_state, + unsigned char *output, + size_t len ); /** * This function returns random based on a buffer it receives. @@ -83,7 +87,9 @@ int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ); * * After the buffer is empty it will return rand(); */ -int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_buffer_rand( void *rng_state, + unsigned char *output, + size_t len ); /** * This function returns random based on a pseudo random function. @@ -93,6 +99,8 @@ int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ); * * rng_state shall be a pointer to a rnd_pseudo_info structure. */ -int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ); +int mbedtls_test_rnd_pseudo_rand( void *rng_state, + unsigned char *output, + size_t len ); #endif /* TEST_RANDOM_H */ diff --git a/tests/src/random.c b/tests/src/random.c index bb0df7a71..25fa4cf33 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -27,7 +27,9 @@ #include #include -int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_std_rand( void *rng_state, + unsigned char *output, + size_t len ) { #if !defined(__OpenBSD__) size_t i; @@ -47,7 +49,9 @@ int rnd_std_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_zero_rand( void *rng_state, + unsigned char *output, + size_t len ) { if( rng_state != NULL ) rng_state = NULL; @@ -57,13 +61,15 @@ int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len ) return( 0 ); } -int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_buffer_rand( void *rng_state, + unsigned char *output, + size_t len ) { - rnd_buf_info *info = (rnd_buf_info *) rng_state; + mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state; size_t use_len; if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); + return( mbedtls_test_rnd_std_rand( NULL, output, len ) ); use_len = len; if( len > info->length ) @@ -77,19 +83,23 @@ int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len ) } if( len - use_len > 0 ) - return( rnd_std_rand( NULL, output + use_len, len - use_len ) ); + return( mbedtls_test_rnd_std_rand( NULL, output + use_len, + len - use_len ) ); return( 0 ); } -int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) +int mbedtls_test_rnd_pseudo_rand( void *rng_state, + unsigned char *output, + size_t len ) { - rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state; + mbedtls_test_rnd_pseudo_info *info = + (mbedtls_test_rnd_pseudo_info *) rng_state; uint32_t i, *k, sum, delta=0x9E3779B9; unsigned char result[4], *out = output; if( rng_state == NULL ) - return( rnd_std_rand( NULL, output, len ) ); + return( mbedtls_test_rnd_std_rand( NULL, output, len ) ); k = info->key; diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index 8317c08c8..d8301bf95 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -316,7 +316,7 @@ void ctr_drbg_seed_file( char * path, int ret ) mbedtls_ctr_drbg_init( &ctx ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, rnd_std_rand, NULL, NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_rnd_std_rand, NULL, NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret ); TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index 8a05a38df..e00849a4e 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -36,17 +36,17 @@ void dhm_invalid_params( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_params( NULL, buflen, buf, &len, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_params( &ctx, buflen, NULL, &len, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_params( &ctx, buflen, buf, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_params( &ctx, buflen, @@ -69,12 +69,12 @@ void dhm_invalid_params( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_public( NULL, buflen, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_public( &ctx, buflen, NULL, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_make_public( &ctx, buflen, @@ -84,15 +84,15 @@ void dhm_invalid_params( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_calc_secret( NULL, buf, buflen, - &len, rnd_std_rand, + &len, mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_calc_secret( &ctx, NULL, buflen, - &len, rnd_std_rand, + &len, mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, mbedtls_dhm_calc_secret( &ctx, buf, buflen, - NULL, rnd_std_rand, + NULL, mbedtls_test_rnd_std_rand, NULL ) ); #if defined(MBEDTLS_ASN1_PARSE_C) @@ -130,7 +130,7 @@ void dhm_do_dhm( int radix_P, char *input_P, size_t sec_srv_len; size_t sec_cli_len; int x_size, i; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_dhm_init( &ctx_srv ); mbedtls_dhm_init( &ctx_cli ); @@ -138,7 +138,7 @@ void dhm_do_dhm( int radix_P, char *input_P, memset( pub_cli, 0x00, 1000 ); memset( sec_srv, 0x00, 1000 ); memset( sec_cli, 0x00, 1000 ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); /* * Set params @@ -151,7 +151,7 @@ void dhm_do_dhm( int radix_P, char *input_P, /* * First key exchange */ - TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == result ); + TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == result ); if ( result != 0 ) goto exit; @@ -159,10 +159,10 @@ void dhm_do_dhm( int radix_P, char *input_P, ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); @@ -173,7 +173,7 @@ void dhm_do_dhm( int radix_P, char *input_P, for( i = 0; i < 3; i++ ) { sec_srv_len = 1000; - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len != 0 ); @@ -185,15 +185,15 @@ void dhm_do_dhm( int radix_P, char *input_P, */ p = ske; - TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); ske[ske_len++] = 0; ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 6d0a10efc..4155a862b 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -19,7 +19,7 @@ exit: static int load_private_key( int grp_id, data_t *private_key, mbedtls_ecp_keypair *ecp, - rnd_pseudo_info *rnd_info ) + mbedtls_test_rnd_pseudo_info *rnd_info ) { int ok = 0; TEST_ASSERT( mbedtls_ecp_read_key( grp_id, ecp, @@ -29,7 +29,7 @@ static int load_private_key( int grp_id, data_t *private_key, /* Calculate the public key from the private key. */ TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, - &rnd_pseudo_rand, rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, rnd_info ) == 0 ); ok = 1; exit: return( ok ); @@ -72,29 +72,29 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( NULL, &m, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, NULL, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, &m, NULL, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, &m, &P, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( NULL, &m, &P, &m, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_setup( NULL, valid_grp ) ); @@ -102,15 +102,15 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_params( NULL, &olen, buf, buflen, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_params( &ctx, NULL, buf, buflen, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_params( &ctx, &olen, NULL, buflen, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_params( &ctx, &olen, buf, buflen, @@ -143,17 +143,17 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_public( NULL, &olen, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_public( &ctx, NULL, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_public( &ctx, &olen, NULL, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_make_public( &ctx, &olen, @@ -168,15 +168,15 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); exit: @@ -190,22 +190,22 @@ void ecdh_primitive_random( int id ) mbedtls_ecp_group grp; mbedtls_ecp_point qA, qB; mbedtls_mpi dA, dB, zA, zB; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &zA ); mbedtls_mpi_init( &zB ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &rnd_pseudo_rand, &rnd_info ) + TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &rnd_pseudo_rand, &rnd_info ) + TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 ); @@ -227,7 +227,7 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, mbedtls_ecp_group grp; mbedtls_ecp_point qA, qB; mbedtls_mpi dA, dB, zA, zB, check; - rnd_buf_info rnd_info_A, rnd_info_B; + mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &qA ); mbedtls_ecp_point_init( &qB ); @@ -269,7 +269,7 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, } TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, - rnd_buffer_rand, &rnd_info_A ) == 0 ); + mbedtls_test_rnd_buffer_rand, &rnd_info_A ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 ); @@ -277,7 +277,7 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 ); TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, - rnd_buffer_rand, &rnd_info_B ) == 0 ); + mbedtls_test_rnd_buffer_rand, &rnd_info_B ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 ); @@ -305,28 +305,28 @@ void ecdh_exchange( int id ) unsigned char buf[1000]; const unsigned char *vbuf; size_t len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; unsigned char res_buf[1000]; size_t res_len; mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecdh_setup( &srv, id ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000, NULL, NULL ) == 0 ); TEST_ASSERT( len == res_len ); @@ -351,7 +351,7 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, size_t z_len; unsigned char rnd_buf_A[MBEDTLS_ECP_MAX_BYTES]; unsigned char rnd_buf_B[MBEDTLS_ECP_MAX_BYTES]; - rnd_buf_info rnd_info_A, rnd_info_B; + mbedtls_test_rnd_buf_info rnd_info_A, rnd_info_B; int cnt_restart; mbedtls_ecp_group grp; @@ -393,7 +393,7 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, cnt_restart = 0; do { ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ), - rnd_buffer_rand, &rnd_info_A ); + mbedtls_test_rnd_buffer_rand, &rnd_info_A ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -411,7 +411,7 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, cnt_restart = 0; do { ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ), - rnd_buffer_rand, &rnd_info_B ); + mbedtls_test_rnd_buffer_rand, &rnd_info_B ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -470,26 +470,26 @@ void ecdh_exchange_legacy( int id ) const unsigned char *vbuf; size_t len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecdh_init( &srv ); mbedtls_ecdh_init( &cli ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &srv.grp, id ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 ); @@ -507,14 +507,14 @@ void ecdh_exchange_calc_secret( int grp_id, int ours_first, data_t *expected ) { - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_keypair our_key; mbedtls_ecp_keypair their_key; mbedtls_ecdh_context ecdh; unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES]; size_t shared_secret_length = 0; - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_ecdh_init( &ecdh ); mbedtls_ecp_keypair_init( &our_key ); mbedtls_ecp_keypair_init( &their_key ); @@ -545,7 +545,7 @@ void ecdh_exchange_calc_secret( int grp_id, &ecdh, &shared_secret_length, shared_secret, sizeof( shared_secret ), - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( shared_secret_length == expected->len ); TEST_ASSERT( memcmp( expected->x, shared_secret, shared_secret_length ) == 0 ); @@ -565,12 +565,12 @@ void ecdh_exchange_get_params_fail( int our_grp_id, int ours_first, int expected_ret ) { - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_keypair our_key; mbedtls_ecp_keypair their_key; mbedtls_ecdh_context ecdh; - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_ecdh_init( &ecdh ); mbedtls_ecp_keypair_init( &our_key ); mbedtls_ecp_keypair_init( &their_key ); diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 4176b8164..afee710e4 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -31,23 +31,23 @@ void ecdsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( NULL, &m, &m, &m, buf, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, NULL, &m, &m, buf, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, NULL, &m, buf, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, NULL, buf, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, &m, NULL, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, &m, buf, sizeof( buf ), @@ -58,27 +58,27 @@ void ecdsa_invalid_param( ) mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m, buf, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m, buf, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m, buf, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL, buf, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m, NULL, sizeof( buf ), valid_md, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -107,28 +107,28 @@ void ecdsa_invalid_param( ) valid_md, buf, sizeof( buf ), buf, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ), buf, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), NULL, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), buf, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -136,28 +136,28 @@ void ecdsa_invalid_param( ) valid_md, buf, sizeof( buf ), buf, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL, sizeof( buf ), buf, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, sizeof( buf ), NULL, &slen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, sizeof( buf ), buf, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -191,7 +191,7 @@ void ecdsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_genkey( NULL, valid_group, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_genkey( &ctx, valid_group, NULL, NULL ) ); @@ -213,23 +213,23 @@ void ecdsa_prim_random( int id ) mbedtls_ecp_group grp; mbedtls_ecp_point Q; mbedtls_mpi d, r, s; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; unsigned char buf[MBEDTLS_MD_MAX_SIZE]; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); mbedtls_mpi_init( &d ); mbedtls_mpi_init( &r ); mbedtls_mpi_init( &s ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( buf, 0, sizeof( buf ) ); /* prepare material for signature */ - TEST_ASSERT( rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 ); + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info ) + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); exit: @@ -248,7 +248,7 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str, mbedtls_ecp_group grp; mbedtls_ecp_point Q; mbedtls_mpi d, r, s, r_check, s_check; - rnd_buf_info rnd_info; + mbedtls_test_rnd_buf_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); @@ -276,7 +276,7 @@ void ecdsa_prim_test_vectors( int id, char * d_str, char * xQ_str, } TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash->x, hash->len, - rnd_buffer_rand, &rnd_info ) == result ); + mbedtls_test_rnd_buffer_rand, &rnd_info ) == result ); if ( result == 0) { @@ -332,7 +332,7 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, TEST_ASSERT( mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen, - md_alg, rnd_std_rand, NULL ) + md_alg, mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); @@ -349,26 +349,26 @@ exit: void ecdsa_write_read_random( int id ) { mbedtls_ecdsa_context ctx; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; unsigned char hash[32]; unsigned char sig[200]; size_t sig_len, i; mbedtls_ecdsa_init( &ctx ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( hash, 0, sizeof( hash ) ); memset( sig, 0x2a, sizeof( sig ) ); /* prepare material for signature */ - TEST_ASSERT( rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 ); + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 ); /* generate signing key */ - TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); /* generate and write signature, then read and verify it */ TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, hash, sizeof( hash ), - sig, &sig_len, &rnd_pseudo_rand, &rnd_info ) == 0 ); + sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len ) == 0 ); diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index 38f190de2..0c223a3b3 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -139,19 +139,19 @@ void ecjpake_invalid_param( ) mbedtls_ecjpake_write_round_one( NULL, buf, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_one( &ctx, NULL, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_one( &ctx, buf, len, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_one( &ctx, @@ -164,19 +164,19 @@ void ecjpake_invalid_param( ) mbedtls_ecjpake_write_round_two( NULL, buf, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_two( &ctx, NULL, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_two( &ctx, buf, len, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_write_round_two( &ctx, @@ -203,19 +203,19 @@ void ecjpake_invalid_param( ) mbedtls_ecjpake_derive_secret( NULL, buf, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_derive_secret( &ctx, NULL, len, &olen, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_derive_secret( &ctx, buf, len, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_derive_secret( &ctx, diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 2cf84d791..bed1bd7e3 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -69,12 +69,12 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_privkey( NULL, &m, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_privkey( &grp, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_privkey( &grp, @@ -222,29 +222,29 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( NULL, &P, &m, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, NULL, &m, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, &P, NULL, &P, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, &P, &m, NULL, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( NULL, &P, &m, &P, - rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P, - rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P, - rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL, - rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_muladd( NULL, &P, &m, &P, @@ -302,22 +302,22 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( NULL, &P, &m, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( &grp, NULL, &m, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( &grp, &P, NULL, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( &grp, &P, &m, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair_base( &grp, &P, @@ -328,17 +328,17 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( NULL, &m, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( &grp, NULL, &P, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( &grp, &m, NULL, - rnd_std_rand, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( &grp, @@ -348,7 +348,7 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_key( valid_group, NULL, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_key( valid_group, &kp, NULL, NULL ) ); @@ -576,12 +576,12 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, mbedtls_ecp_group grp; mbedtls_ecp_point R; mbedtls_mpi dA, xA, yA, dB, xB, yB, xZ, yZ; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &yA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xB ); mbedtls_mpi_init( &yB ); mbedtls_mpi_init( &xZ ); mbedtls_mpi_init( &yZ ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); @@ -597,7 +597,7 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, TEST_ASSERT( mbedtls_mpi_read_string( &yZ, 16, yZ_str ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yA ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); @@ -611,7 +611,7 @@ void ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yB ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &R, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xZ ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.Y, &yZ ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); @@ -630,13 +630,13 @@ void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex, mbedtls_ecp_group grp; mbedtls_ecp_point R; mbedtls_mpi dA, xA, dB, xB, xS; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &dA ); mbedtls_mpi_init( &xA ); mbedtls_mpi_init( &dB ); mbedtls_mpi_init( &xB ); mbedtls_mpi_init( &xS ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); @@ -649,12 +649,12 @@ void ecp_test_vec_x( int id, char * dA_hex, char * xA_hex, char * dB_hex, TEST_ASSERT( mbedtls_mpi_read_string( &xS, 16, xS_hex ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dA, &grp.G, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xA ) == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &dB, &R, - &rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &R ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R.X, &xS ) == 0 ); @@ -683,12 +683,12 @@ void ecp_test_mul( int id, data_t * n_hex, mbedtls_ecp_group grp; mbedtls_ecp_point P, nP, R; mbedtls_mpi n; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &R ); mbedtls_ecp_point_init( &P ); mbedtls_ecp_point_init( &nP ); mbedtls_mpi_init( &n ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); @@ -707,7 +707,7 @@ void ecp_test_mul( int id, data_t * n_hex, == 0 ); TEST_ASSERT( mbedtls_ecp_mul( &grp, &R, &n, &P, - &rnd_pseudo_rand, &rnd_info ) + &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == expected_ret ); if( expected_ret == 0 ) @@ -740,7 +740,7 @@ void ecp_test_mul_rng( int id, data_t * d_hex) TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 ); - TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &rnd_zero_rand, NULL ) + TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &mbedtls_test_rnd_zero_rand, NULL ) == MBEDTLS_ERR_ECP_RANDOM_FAILED ); exit: @@ -1052,16 +1052,16 @@ void mbedtls_ecp_gen_keypair( int id ) mbedtls_ecp_group grp; mbedtls_ecp_point Q; mbedtls_mpi d; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &Q ); mbedtls_mpi_init( &d ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &rnd_pseudo_rand, &rnd_info ) + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &Q ) == 0 ); @@ -1078,12 +1078,12 @@ exit: void mbedtls_ecp_gen_key( int id ) { mbedtls_ecp_keypair key; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_ecp_keypair_init( &key ); - memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &key.grp, &key.Q ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_privkey( &key.grp, &key.d ) == 0 ); diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index b526f4313..b84826697 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -129,7 +129,7 @@ void hmac_drbg_seed_file( int md_alg, char * path, int ret ) md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, rnd_std_rand, NULL, + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_rnd_std_rand, NULL, NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_write_seed_file( &ctx, path ) == ret ); diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 895a08757..02cd1a9ca 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -240,7 +240,7 @@ void mpi_invalid_param( ) mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_fill_random( NULL, 42, rnd_std_rand, + mbedtls_mpi_fill_random( NULL, 42, mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) ); @@ -1195,7 +1195,7 @@ void mbedtls_mpi_is_prime( int radix_X, char * input_X, int div_result ) mbedtls_mpi_init( &X ); TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == 0 ); - res = mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL ); + res = mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( res == div_result ); exit: @@ -1244,7 +1244,7 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) mbedtls_mpi_init( &X ); - my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, rnd_std_rand, NULL ); + my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( my_ret == ref_ret ); if( ref_ret == 0 ) @@ -1254,13 +1254,13 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) TEST_ASSERT( actual_bits >= (size_t) bits ); TEST_ASSERT( actual_bits <= (size_t) bits + 1 ); - TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL ) + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ) == 0 ); if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) { /* X = ( X - 1 ) / 2 */ TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, rnd_std_rand, NULL ) + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ) == 0 ); } } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5a30f0f4d..3d77a6ba7 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -49,7 +49,7 @@ static int pk_genkey( mbedtls_pk_context *pk, int parameter ) #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) if( mbedtls_pk_get_type( pk ) == MBEDTLS_PK_RSA ) return mbedtls_rsa_gen_key( mbedtls_pk_rsa( *pk ), - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, parameter, 3 ); #endif #if defined(MBEDTLS_ECP_C) @@ -63,7 +63,7 @@ static int pk_genkey( mbedtls_pk_context *pk, int parameter ) return( ret ); return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d, - &mbedtls_pk_ec( *pk )->Q, rnd_std_rand, NULL ); + &mbedtls_pk_ec( *pk )->Q, mbedtls_test_rnd_std_rand, NULL ); } #endif return( -1 ); @@ -75,7 +75,7 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, size_t output_max_len ) { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, - rnd_std_rand, NULL, mode, olen, + mbedtls_test_rnd_std_rand, NULL, mode, olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, @@ -85,7 +85,7 @@ int mbedtls_rsa_sign_func( void *ctx, { ((void) f_rng); ((void) p_rng); - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, rnd_std_rand, NULL, mode, + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, mbedtls_test_rnd_std_rand, NULL, mode, md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) @@ -235,7 +235,7 @@ void valid_parameters( ) MBEDTLS_MD_NONE, NULL, 0, buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -243,7 +243,7 @@ void valid_parameters( ) MBEDTLS_MD_NONE, NULL, 0, buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); @@ -251,7 +251,7 @@ void valid_parameters( ) MBEDTLS_MD_NONE, NULL, 0, buf, &len, - rnd_std_rand, NULL ) == + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_pk_verify_restartable( &pk, @@ -277,13 +277,13 @@ void valid_parameters( ) TEST_ASSERT( mbedtls_pk_encrypt( &pk, NULL, 0, NULL, &len, 0, - rnd_std_rand, NULL ) == + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_pk_decrypt( &pk, NULL, 0, NULL, &len, 0, - rnd_std_rand, NULL ) == + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #if defined(MBEDTLS_PK_PARSE_C) @@ -435,28 +435,28 @@ void invalid_parameters( ) MBEDTLS_MD_NONE, buf, sizeof( buf ), buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len, - rnd_std_rand, NULL, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, @@ -464,67 +464,67 @@ void invalid_parameters( ) MBEDTLS_MD_NONE, buf, sizeof( buf ), buf, &len, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), buf, &len, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len, - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), - rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_check_pair( NULL, &pk ) ); @@ -945,7 +945,7 @@ void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret ) TEST_ASSERT( mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, sig, &sig_len, - rnd_std_rand, NULL, rs_ctx ) == sign_ret ); + mbedtls_test_rnd_std_rand, NULL, rs_ctx ) == sign_ret ); if( sign_ret == 0 ) TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); else @@ -968,7 +968,7 @@ void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret ) } TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, - sig, &sig_len, rnd_std_rand, NULL ) == sign_ret ); + sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == sign_ret ); if( sign_ret == 0 ) TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); else @@ -1005,12 +1005,12 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, data_t * result, int ret ) { unsigned char output[300]; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_rsa_context *rsa; mbedtls_pk_context pk; size_t olen; - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( output, 0, sizeof( output ) ); @@ -1024,7 +1024,7 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, output, &olen, sizeof( output ), - rnd_pseudo_rand, &rnd_info ) == ret ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); TEST_ASSERT( olen == result->len ); TEST_ASSERT( memcmp( output, result->x, olen ) == 0 ); @@ -1040,7 +1040,7 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, char * input_E, data_t * clear, int ret ) { unsigned char output[256]; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, P, Q, E; mbedtls_rsa_context *rsa; mbedtls_pk_context pk; @@ -1050,7 +1050,7 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); /* init pk-rsa context */ @@ -1073,7 +1073,7 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, olen = 0; TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len, output, &olen, sizeof( output ), - rnd_pseudo_rand, &rnd_info ) == ret ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); if( ret == 0 ) { TEST_ASSERT( olen == clear->len ); @@ -1093,13 +1093,13 @@ void pk_ec_nocrypt( int type ) mbedtls_pk_context pk; unsigned char output[100]; unsigned char input[100]; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; size_t olen = 0; int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH; mbedtls_pk_init( &pk ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); memset( output, 0, sizeof( output ) ); memset( input, 0, sizeof( input ) ); @@ -1107,11 +1107,11 @@ void pk_ec_nocrypt( int type ) TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ), output, &olen, sizeof( output ), - rnd_pseudo_rand, &rnd_info ) == ret ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ), output, &olen, sizeof( output ), - rnd_pseudo_rand, &rnd_info ) == ret ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); exit: mbedtls_pk_free( &pk ); @@ -1146,7 +1146,7 @@ void pk_rsa_overflow( ) sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len, - rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); exit: mbedtls_pk_free( &pk ); @@ -1200,11 +1200,11 @@ void pk_rsa_alt( ) /* Test signature */ #if SIZE_MAX > UINT_MAX TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, - sig, &sig_len, rnd_std_rand, NULL ) == + sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* SIZE_MAX > UINT_MAX */ TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, - sig, &sig_len, rnd_std_rand, NULL ) == 0 ); + sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( sig_len == RSA_KEY_LEN ); TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, hash, sizeof hash, sig, sig_len ) == 0 ); @@ -1212,17 +1212,17 @@ void pk_rsa_alt( ) /* Test decrypt */ TEST_ASSERT( mbedtls_pk_encrypt( &rsa, msg, sizeof msg, ciph, &ciph_len, sizeof ciph, - rnd_std_rand, NULL ) == 0 ); + mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( mbedtls_pk_decrypt( &alt, ciph, ciph_len, test, &test_len, sizeof test, - rnd_std_rand, NULL ) == 0 ); + mbedtls_test_rnd_std_rand, NULL ) == 0 ); TEST_ASSERT( test_len == sizeof msg ); TEST_ASSERT( memcmp( test, msg, test_len ) == 0 ); /* Test forbidden operations */ TEST_ASSERT( mbedtls_pk_encrypt( &alt, msg, sizeof msg, ciph, &ciph_len, sizeof ciph, - rnd_std_rand, NULL ) == ret ); + mbedtls_test_rnd_std_rand, NULL ) == ret ); TEST_ASSERT( mbedtls_pk_verify( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig, sig_len ) == ret ); TEST_ASSERT( mbedtls_pk_debug( &alt, dbg_items ) == ret ); @@ -1267,7 +1267,7 @@ void pk_psa_sign( int grpid_arg, mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_gen_key( grpid, (mbedtls_ecp_keypair*) pk.pk_ctx, - rnd_std_rand, NULL ) == 0 ); + mbedtls_test_rnd_std_rand, NULL ) == 0 ); /* Export underlying public key for re-importing in a legacy context. */ ret = mbedtls_pk_write_pubkey_der( &pk, pkey_legacy, diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index d4f31f9b2..8d2192f46 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -16,7 +16,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, { unsigned char output[128]; mbedtls_rsa_context ctx; - rnd_buf_info info; + mbedtls_test_rnd_buf_info info; mbedtls_mpi N, E; info.buf = rnd_buf->x; @@ -34,7 +34,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, if( message_str->len == 0 ) message_str->x = NULL; - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -58,7 +58,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, unsigned char output[128]; mbedtls_rsa_context ctx; size_t output_len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, P, Q, E; ((void) seed); @@ -67,7 +67,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -81,11 +81,11 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, if( result_hex_str->len == 0 ) { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); } else { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -110,7 +110,7 @@ void pkcs1_v15_decode( int mode, { size_t expected_plaintext_length = expected_plaintext_length_arg; size_t output_size = output_size_arg; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi Nmpi, Empi, Pmpi, Qmpi; mbedtls_rsa_context ctx; static unsigned char N[128] = { @@ -176,7 +176,7 @@ void pkcs1_v15_decode( int mode, unsigned char final[128]; size_t output_length = 0x7EA0; - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_mpi_init( &Nmpi ); mbedtls_mpi_init( &Empi ); mbedtls_mpi_init( &Pmpi ); mbedtls_mpi_init( &Qmpi ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); @@ -196,12 +196,12 @@ void pkcs1_v15_decode( int mode, if( mode == MBEDTLS_RSA_PRIVATE ) TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 ); else - TEST_ASSERT( mbedtls_rsa_private( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, original, intermediate ) == 0 ); memcpy( final, default_content, sizeof( final ) ); TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, - &rnd_pseudo_rand, &rnd_info, + &mbedtls_test_rnd_pseudo_rand, &rnd_info, mode, &output_length, intermediate, @@ -260,7 +260,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, unsigned char output[128]; mbedtls_rsa_context ctx; mbedtls_mpi N, P, Q, E; - rnd_buf_info info; + mbedtls_test_rnd_buf_info info; info.buf = rnd_buf->x; info.length = rnd_buf->len; @@ -286,7 +286,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 86dfd5c4d..2b7d16fe7 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -16,7 +16,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, { unsigned char output[256]; mbedtls_rsa_context ctx; - rnd_buf_info info; + mbedtls_test_rnd_buf_info info; mbedtls_mpi N, E; info.buf = rnd_buf->x; @@ -34,7 +34,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, if( message_str->len == 0 ) message_str->x = NULL; - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -58,7 +58,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, unsigned char output[64]; mbedtls_rsa_context ctx; size_t output_len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, P, Q, E; ((void) seed); @@ -68,7 +68,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -82,13 +82,13 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, if( result_hex_str->len == 0 ) { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); } else { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, sizeof( output ) ) == result ); @@ -117,7 +117,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, unsigned char hash_result[MBEDTLS_MD_MAX_SIZE]; unsigned char output[256]; mbedtls_rsa_context ctx; - rnd_buf_info info; + mbedtls_test_rnd_buf_info info; mbedtls_mpi N, P, Q, E; info.buf = rnd_buf->x; @@ -144,7 +144,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 59d688dd7..4096e4d4d 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -67,7 +67,7 @@ void rsa_invalid_param( ) invalid_padding, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_gen_key( NULL, rnd_std_rand, + mbedtls_rsa_gen_key( NULL, mbedtls_test_rnd_std_rand, NULL, 0, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_gen_key( &ctx, NULL, @@ -476,7 +476,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, unsigned char output[256]; mbedtls_rsa_context ctx; mbedtls_mpi N, P, Q, E; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); @@ -484,7 +484,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, memset( hash_result, 0x00, sizeof( hash_result ) ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -500,7 +500,7 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); if( result == 0 ) @@ -561,14 +561,14 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, unsigned char output[256]; mbedtls_rsa_context ctx; mbedtls_mpi N, P, Q, E; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_rsa_init( &ctx, padding_mode, 0 ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -581,7 +581,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, hash_result->len, hash_result->x, output ) == 0 ); @@ -598,7 +598,7 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, memset( output, 0x00, sizeof( output) ); res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, - &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, + &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, hash_result->len, hash_result->x, output ); #if !defined(MBEDTLS_RSA_ALT) @@ -694,12 +694,12 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, { unsigned char output[256]; mbedtls_rsa_context ctx; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( output, 0x00, sizeof( output ) ); @@ -712,7 +712,7 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) @@ -751,7 +751,7 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, NULL, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); if( result == 0 ) @@ -778,7 +778,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, unsigned char output[32]; mbedtls_rsa_context ctx; size_t output_len; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; mbedtls_mpi N, P, Q, E; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); @@ -787,7 +787,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( output, 0x00, sizeof( output ) ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); @@ -802,7 +802,7 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, output_len = 0; - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result ); if( result == 0 ) { @@ -882,7 +882,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, unsigned char output[256]; mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ mbedtls_mpi N, P, Q, E; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; int i; mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); @@ -890,7 +890,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); - memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0, sizeof( mbedtls_test_rnd_pseudo_info ) ); TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); @@ -907,7 +907,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, for( i = 0; i < 3; i++ ) { memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_rsa_private( &ctx, rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand, &rnd_info, message_str->x, output ) == result ); if( result == 0 ) { @@ -926,7 +926,7 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_rsa_private( &ctx2, rnd_pseudo_rand, &rnd_info, + TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand, &rnd_info, message_str->x, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 639e8c370..1389e336d 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1174,8 +1174,8 @@ static int build_transforms( mbedtls_ssl_transform *t_in, unsigned char cid0[ SSL_CID_LEN_MIN ]; unsigned char cid1[ SSL_CID_LEN_MIN ]; - rnd_std_rand( NULL, cid0, sizeof( cid0 ) ); - rnd_std_rand( NULL, cid1, sizeof( cid1 ) ); + mbedtls_test_rnd_std_rand( NULL, cid0, sizeof( cid0 ) ); + mbedtls_test_rnd_std_rand( NULL, cid1, sizeof( cid1 ) ); #else ((void) cid0_len); ((void) cid1_len); @@ -3185,7 +3185,7 @@ void ssl_crypt_record( int cipher_type, int hash_id, /* Encrypt record */ ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, - rnd_std_rand, NULL ); + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); if( ret != 0 ) { @@ -3339,7 +3339,7 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, rnd_std_rand, NULL ); + ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, mbedtls_test_rnd_std_rand, NULL ); if( ( mode == 1 || mode == 2 ) && seen_success ) { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 0db2b0e94..a893b4e58 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -94,9 +94,9 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, int der_len = -1; FILE *f; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_pk_init( &key ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 ); @@ -111,7 +111,7 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -125,14 +125,14 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: @@ -153,10 +153,10 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, int ret; size_t pem_len = 0; const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1"; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; psa_crypto_init(); - memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type ); TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE ); @@ -175,7 +175,7 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1, - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -208,9 +208,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, size_t olen = 0, pem_len = 0; int der_len = -1; FILE *f; - rnd_pseudo_info rnd_info; + mbedtls_test_rnd_pseudo_info rnd_info; - memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); + memset( &rnd_info, 0x2a, sizeof( mbedtls_test_rnd_pseudo_info ) ); mbedtls_mpi_init( &serial ); mbedtls_pk_init( &subject_key ); @@ -269,7 +269,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, } ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -284,14 +284,14 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ), - rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: From 6c5bd7fd51208ef6e30331114e2e61a2c3e7c1a6 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 14:08:26 +0200 Subject: [PATCH 73/87] tests: Reformating due to rnd_* renaming Command to find the files in which lines have gone larger than 79 characters due to the renaming: grep '.\{80\}' \ `git diff-tree --no-commit-id --name-only -r HEAD` \ | grep "\ --- tests/suites/test_suite_ctr_drbg.function | 3 +- tests/suites/test_suite_dhm.function | 43 +++-- tests/suites/test_suite_ecdh.function | 132 +++++++------- tests/suites/test_suite_ecdsa.function | 145 ++++++++-------- tests/suites/test_suite_ecjpake.function | 95 ++++------ tests/suites/test_suite_ecp.function | 72 ++++---- tests/suites/test_suite_hmac_drbg.function | 5 +- tests/suites/test_suite_mpi.function | 16 +- tests/suites/test_suite_pk.function | 192 +++++++++------------ tests/suites/test_suite_pkcs1_v15.function | 37 ++-- tests/suites/test_suite_pkcs1_v21.function | 29 +++- tests/suites/test_suite_rsa.function | 52 +++--- tests/suites/test_suite_ssl.function | 3 +- tests/suites/test_suite_x509write.function | 13 +- 14 files changed, 435 insertions(+), 402 deletions(-) diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function index d8301bf95..5e4cd26b6 100644 --- a/tests/suites/test_suite_ctr_drbg.function +++ b/tests/suites/test_suite_ctr_drbg.function @@ -316,7 +316,8 @@ void ctr_drbg_seed_file( char * path, int ret ) mbedtls_ctr_drbg_init( &ctx ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_rnd_std_rand, NULL, NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctx, mbedtls_test_rnd_std_rand, + NULL, NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_ctr_drbg_write_seed_file( &ctx, path ) == ret ); TEST_ASSERT( mbedtls_ctr_drbg_update_seed_file( &ctx, path ) == ret ); diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function index e00849a4e..0a5c61757 100644 --- a/tests/suites/test_suite_dhm.function +++ b/tests/suites/test_suite_dhm.function @@ -83,16 +83,16 @@ void dhm_invalid_params( ) NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( NULL, buf, buflen, - &len, mbedtls_test_rnd_std_rand, + mbedtls_dhm_calc_secret( NULL, buf, buflen, &len, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( &ctx, NULL, buflen, - &len, mbedtls_test_rnd_std_rand, + mbedtls_dhm_calc_secret( &ctx, NULL, buflen, &len, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_DHM_BAD_INPUT_DATA, - mbedtls_dhm_calc_secret( &ctx, buf, buflen, - NULL, mbedtls_test_rnd_std_rand, + mbedtls_dhm_calc_secret( &ctx, buf, buflen, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); #if defined(MBEDTLS_ASN1_PARSE_C) @@ -151,7 +151,9 @@ void dhm_do_dhm( int radix_P, char *input_P, /* * First key exchange */ - TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == result ); + TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == result ); if ( result != 0 ) goto exit; @@ -159,10 +161,15 @@ void dhm_do_dhm( int radix_P, char *input_P, ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), + &sec_srv_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); @@ -173,7 +180,10 @@ void dhm_do_dhm( int radix_P, char *input_P, for( i = 0; i < 3; i++ ) { sec_srv_len = 1000; - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, + sizeof( sec_srv ), &sec_srv_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); TEST_ASSERT( sec_srv_len != 0 ); @@ -185,15 +195,22 @@ void dhm_do_dhm( int radix_P, char *input_P, */ p = ske; - TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_params( &ctx_srv, x_size, ske, &ske_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); ske[ske_len++] = 0; ske[ske_len++] = 0; TEST_ASSERT( mbedtls_dhm_read_params( &ctx_cli, &p, ske + ske_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_make_public( &ctx_cli, x_size, pub_cli, pub_cli_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_read_public( &ctx_srv, pub_cli, pub_cli_len ) == 0 ); - TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), &sec_srv_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_srv, sec_srv, sizeof( sec_srv ), + &sec_srv_len, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_dhm_calc_secret( &ctx_cli, sec_cli, sizeof( sec_cli ), &sec_cli_len, NULL, NULL ) == 0 ); TEST_ASSERT( sec_srv_len == sec_cli_len ); diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 4155a862b..0caf09121 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -29,7 +29,8 @@ static int load_private_key( int grp_id, data_t *private_key, /* Calculate the public key from the private key. */ TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, &ecp->grp.G, - &mbedtls_test_rnd_pseudo_rand, rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + rnd_info ) == 0 ); ok = 1; exit: return( ok ); @@ -72,49 +73,54 @@ void ecdh_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( NULL, &m, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, NULL, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, &m, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_gen_public( &grp, &m, &P, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( NULL, &m, &P, &m, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, NULL, &P, &m, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, &m, NULL, &m, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_compute_shared( &grp, &m, &P, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_setup( NULL, valid_grp ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( NULL, &olen, - buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_ecdh_make_params( NULL, &olen, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( &ctx, NULL, - buf, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_ecdh_make_params( &ctx, NULL, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( &ctx, &olen, - NULL, buflen, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_ecdh_make_params( &ctx, &olen, NULL, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_params( &ctx, &olen, - buf, buflen, - NULL, NULL ) ); + mbedtls_ecdh_make_params( &ctx, &olen, buf, buflen, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_read_params( NULL, @@ -141,25 +147,19 @@ void ecdh_invalid_param( ) invalid_side ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( NULL, &olen, - buf, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_make_public( NULL, &olen, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( &ctx, NULL, - buf, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_make_public( &ctx, NULL, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( &ctx, &olen, - NULL, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_make_public( &ctx, &olen, NULL, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_make_public( &ctx, &olen, - buf, buflen, - NULL, - NULL ) ); + mbedtls_ecdh_make_public( &ctx, &olen, buf, buflen, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdh_read_public( NULL, buf, buflen ) ); @@ -167,17 +167,16 @@ void ecdh_invalid_param( ) mbedtls_ecdh_read_public( &ctx, NULL, buflen ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_calc_secret( NULL, &olen, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_calc_secret( &ctx, NULL, buf, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdh_calc_secret( &ctx, &olen, NULL, buflen, + mbedtls_test_rnd_std_rand, NULL ) ); exit: return; @@ -200,12 +199,15 @@ void ecdh_primitive_random( int id ) TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) - == 0 ); - TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) - == 0 ); + TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zA, &qB, &dA, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_compute_shared( &grp, &zB, &qA, &dB, NULL, NULL ) == 0 ); @@ -269,7 +271,8 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, } TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA, - mbedtls_test_rnd_buffer_rand, &rnd_info_A ) == 0 ); + mbedtls_test_rnd_buffer_rand, + &rnd_info_A ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 ); @@ -277,7 +280,8 @@ void ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str, TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.Y, &check ) == 0 ); TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB, - mbedtls_test_rnd_buffer_rand, &rnd_info_B ) == 0 ); + mbedtls_test_rnd_buffer_rand, + &rnd_info_B ) == 0 ); TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) ); TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 ); @@ -317,16 +321,19 @@ void ecdh_exchange( int id ) memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &res_len, res_buf, 1000, NULL, NULL ) == 0 ); TEST_ASSERT( len == res_len ); @@ -393,7 +400,8 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, cnt_restart = 0; do { ret = mbedtls_ecdh_make_params( &srv, &len, buf, sizeof( buf ), - mbedtls_test_rnd_buffer_rand, &rnd_info_A ); + mbedtls_test_rnd_buffer_rand, + &rnd_info_A ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -411,7 +419,8 @@ void ecdh_restart( int id, char *dA_str, char *dB_str, char *z_str, cnt_restart = 0; do { ret = mbedtls_ecdh_make_public( &cli, &len, buf, sizeof( buf ), - mbedtls_test_rnd_buffer_rand, &rnd_info_B ); + mbedtls_test_rnd_buffer_rand, + &rnd_info_B ); } while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart ); TEST_ASSERT( ret == 0 ); @@ -480,16 +489,19 @@ void ecdh_exchange_legacy( int id ) memset( buf, 0x00, sizeof( buf ) ); vbuf = buf; TEST_ASSERT( mbedtls_ecdh_make_params( &srv, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_params( &cli, &vbuf, buf + len ) == 0 ); memset( buf, 0x00, sizeof( buf ) ); TEST_ASSERT( mbedtls_ecdh_make_public( &cli, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_read_public( &srv, buf, len ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &srv, &len, buf, 1000, - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdh_calc_secret( &cli, &len, buf, 1000, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &srv.z, &cli.z ) == 0 ); diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index afee710e4..76f72e249 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -31,23 +31,28 @@ void ecdsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( NULL, &m, &m, &m, buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, NULL, &m, &m, buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, NULL, &m, buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, NULL, buf, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, &m, NULL, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign( &grp, &m, &m, &m, buf, sizeof( buf ), @@ -58,27 +63,32 @@ void ecdsa_invalid_param( ) mbedtls_ecdsa_sign_det_ext( NULL, &m, &m, &m, buf, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, NULL, &m, &m, buf, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, NULL, &m, buf, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, NULL, buf, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_sign_det_ext( &grp, &m, &m, &m, NULL, sizeof( buf ), valid_md, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); #endif /* MBEDTLS_ECDSA_DETERMINISTIC */ TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, @@ -103,62 +113,48 @@ void ecdsa_invalid_param( ) &P, &m, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( NULL, - valid_md, - buf, sizeof( buf ), - buf, &slen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( &ctx, - valid_md, - NULL, sizeof( buf ), - buf, &slen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( &ctx, - valid_md, - buf, sizeof( buf ), - NULL, &slen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature( &ctx, - valid_md, - buf, sizeof( buf ), - buf, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecdsa_write_signature( NULL, valid_md, buf, sizeof( buf ), + buf, &slen, mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( NULL, - valid_md, - buf, sizeof( buf ), - buf, &slen, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); + mbedtls_ecdsa_write_signature( &ctx, valid_md, NULL, sizeof( buf ), + buf, &slen, mbedtls_test_rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( &ctx, - valid_md, - NULL, sizeof( buf ), - buf, &slen, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); + mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), + NULL, &slen, mbedtls_test_rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( &ctx, - valid_md, - buf, sizeof( buf ), - NULL, &slen, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); + mbedtls_ecdsa_write_signature( &ctx, valid_md, buf, sizeof( buf ), + buf, NULL, mbedtls_test_rnd_std_rand, + NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecdsa_write_signature_restartable( &ctx, - valid_md, - buf, sizeof( buf ), - buf, NULL, - mbedtls_test_rnd_std_rand, - NULL, NULL ) ); + mbedtls_ecdsa_write_signature_restartable( NULL, valid_md, buf, + sizeof( buf ), buf, &slen, + mbedtls_test_rnd_std_rand, + NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, NULL, + sizeof( buf ), buf, &slen, + mbedtls_test_rnd_std_rand, + NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, + sizeof( buf ), NULL, &slen, + mbedtls_test_rnd_std_rand, + NULL, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecdsa_write_signature_restartable( &ctx, valid_md, buf, + sizeof( buf ), buf, NULL, + mbedtls_test_rnd_std_rand, + NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_read_signature( NULL, @@ -191,7 +187,8 @@ void ecdsa_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_genkey( NULL, valid_group, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecdsa_genkey( &ctx, valid_group, NULL, NULL ) ); @@ -223,13 +220,16 @@ void ecdsa_prim_random( int id ) memset( buf, 0, sizeof( buf ) ); /* prepare material for signature */ - TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, buf, sizeof( buf ) ) == 0 ); + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, + buf, sizeof( buf ) ) == 0 ); TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) - == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, buf, sizeof( buf ), - &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_verify( &grp, buf, sizeof( buf ), &Q, &r, &s ) == 0 ); exit: @@ -332,7 +332,8 @@ void ecdsa_det_test_vectors( int id, char * d_str, int md_alg, char * msg, TEST_ASSERT( mbedtls_ecdsa_sign_det_ext( &grp, &r, &s, &d, hash, hlen, - md_alg, mbedtls_test_rnd_std_rand, NULL ) + md_alg, mbedtls_test_rnd_std_rand, + NULL ) == 0 ); TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); @@ -360,15 +361,19 @@ void ecdsa_write_read_random( int id ) memset( sig, 0x2a, sizeof( sig ) ); /* prepare material for signature */ - TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, hash, sizeof( hash ) ) == 0 ); + TEST_ASSERT( mbedtls_test_rnd_pseudo_rand( &rnd_info, + hash, sizeof( hash ) ) == 0 ); /* generate signing key */ - TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_genkey( &ctx, id, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); /* generate and write signature, then read and verify it */ TEST_ASSERT( mbedtls_ecdsa_write_signature( &ctx, MBEDTLS_MD_SHA256, hash, sizeof( hash ), - sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + sig, &sig_len, &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecdsa_read_signature( &ctx, hash, sizeof( hash ), sig, sig_len ) == 0 ); diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function index 0c223a3b3..ab672a8dc 100644 --- a/tests/suites/test_suite_ecjpake.function +++ b/tests/suites/test_suite_ecjpake.function @@ -136,54 +136,33 @@ void ecjpake_invalid_param( ) mbedtls_ecjpake_check( NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( NULL, - buf, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( &ctx, - NULL, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( &ctx, - buf, len, - NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_one( &ctx, - buf, len, - &olen, - NULL, - NULL ) ); + mbedtls_ecjpake_write_round_one( NULL, buf, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( NULL, - buf, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_write_round_one( &ctx, NULL, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( &ctx, - NULL, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_write_round_one( &ctx, buf, len, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( &ctx, - buf, len, - NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_write_round_one( &ctx, buf, len, &olen, NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_write_round_two( &ctx, - buf, len, - &olen, - NULL, - NULL ) ); + mbedtls_ecjpake_write_round_two( NULL, buf, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( &ctx, NULL, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( &ctx, buf, len, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + mbedtls_ecjpake_write_round_two( &ctx, buf, len, &olen, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecjpake_read_round_one( NULL, @@ -200,29 +179,19 @@ void ecjpake_invalid_param( ) NULL, len ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( NULL, - buf, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_derive_secret( NULL, buf, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( &ctx, - NULL, len, - &olen, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_derive_secret( &ctx, NULL, len, &olen, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( &ctx, - buf, len, - NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecjpake_derive_secret( &ctx, buf, len, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecjpake_derive_secret( &ctx, - buf, len, - &olen, - NULL, - NULL ) ); + mbedtls_ecjpake_derive_secret( &ctx, buf, len, &olen, NULL, NULL ) ); exit: return; diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index bed1bd7e3..07b3eea76 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -222,29 +222,37 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( NULL, &P, &m, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, NULL, &m, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, &P, NULL, &P, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul( &grp, &P, &m, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( NULL, &P, &m, &P, - mbedtls_test_rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, + NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, NULL, &m, &P, - mbedtls_test_rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, + NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, &P, NULL, &P, - mbedtls_test_rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, + NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_mul_restartable( &grp, &P, &m, NULL, - mbedtls_test_rnd_std_rand, NULL , NULL ) ); + mbedtls_test_rnd_std_rand, + NULL , NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_muladd( NULL, &P, &m, &P, @@ -300,30 +308,23 @@ void ecp_invalid_param( ) mbedtls_ecp_check_privkey( &grp, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( NULL, &P, - &m, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecp_gen_keypair_base( NULL, &P, &m, &P, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, NULL, - &m, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecp_gen_keypair_base( &grp, NULL, &m, &P, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, &P, - NULL, &P, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecp_gen_keypair_base( &grp, &P, NULL, &P, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, &P, - &m, NULL, - mbedtls_test_rnd_std_rand, - NULL ) ); + mbedtls_ecp_gen_keypair_base( &grp, &P, &m, NULL, + mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, - mbedtls_ecp_gen_keypair_base( &grp, &P, - &m, &P, - NULL, - NULL ) ); + mbedtls_ecp_gen_keypair_base( &grp, &P, &m, &P, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_keypair( NULL, @@ -348,7 +349,8 @@ void ecp_invalid_param( ) TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_key( valid_group, NULL, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_test_rnd_std_rand, + NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, mbedtls_ecp_gen_key( valid_group, &kp, NULL, NULL ) ); @@ -740,7 +742,8 @@ void ecp_test_mul_rng( int id, data_t * d_hex) TEST_ASSERT( mbedtls_mpi_read_binary( &d, d_hex->x, d_hex->len ) == 0 ); - TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, &mbedtls_test_rnd_zero_rand, NULL ) + TEST_ASSERT( mbedtls_ecp_mul( &grp, &Q, &d, &grp.G, + &mbedtls_test_rnd_zero_rand, NULL ) == MBEDTLS_ERR_ECP_RANDOM_FAILED ); exit: @@ -1061,8 +1064,9 @@ void mbedtls_ecp_gen_keypair( int id ) TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 ); - TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) - == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_keypair( &grp, &d, &Q, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &Q ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_privkey( &grp, &d ) == 0 ); @@ -1083,7 +1087,9 @@ void mbedtls_ecp_gen_key( int id ) mbedtls_ecp_keypair_init( &key ); memset( &rnd_info, 0x00, sizeof( mbedtls_test_rnd_pseudo_info ) ); - TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, &mbedtls_test_rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( mbedtls_ecp_gen_key( id, &key, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_pubkey( &key.grp, &key.Q ) == 0 ); TEST_ASSERT( mbedtls_ecp_check_privkey( &key.grp, &key.d ) == 0 ); diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function index b84826697..512eeb89c 100644 --- a/tests/suites/test_suite_hmac_drbg.function +++ b/tests/suites/test_suite_hmac_drbg.function @@ -129,8 +129,9 @@ void hmac_drbg_seed_file( int md_alg, char * path, int ret ) md_info = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md_info != NULL ); - TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, mbedtls_test_rnd_std_rand, NULL, - NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_hmac_drbg_seed( &ctx, md_info, + mbedtls_test_rnd_std_rand, NULL, + NULL, 0 ) == 0 ); TEST_ASSERT( mbedtls_hmac_drbg_write_seed_file( &ctx, path ) == ret ); TEST_ASSERT( mbedtls_hmac_drbg_update_seed_file( &ctx, path ) == ret ); diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index 02cd1a9ca..e54aaffe6 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -240,7 +240,8 @@ void mpi_invalid_param( ) mbedtls_mpi_exp_mod( &X, &X, &X, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, - mbedtls_mpi_fill_random( NULL, 42, mbedtls_test_rnd_std_rand, + mbedtls_mpi_fill_random( NULL, 42, + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_MPI_BAD_INPUT_DATA, mbedtls_mpi_fill_random( &X, 42, NULL, NULL ) ); @@ -1244,7 +1245,8 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) mbedtls_mpi_init( &X ); - my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, mbedtls_test_rnd_std_rand, NULL ); + my_ret = mbedtls_mpi_gen_prime( &X, bits, flags, + mbedtls_test_rnd_std_rand, NULL ); TEST_ASSERT( my_ret == ref_ret ); if( ref_ret == 0 ) @@ -1254,14 +1256,16 @@ void mbedtls_mpi_gen_prime( int bits, int flags, int ref_ret ) TEST_ASSERT( actual_bits >= (size_t) bits ); TEST_ASSERT( actual_bits <= (size_t) bits + 1 ); - TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ) - == 0 ); + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, + mbedtls_test_rnd_std_rand, + NULL ) == 0 ); if( flags & MBEDTLS_MPI_GEN_PRIME_FLAG_DH ) { /* X = ( X - 1 ) / 2 */ TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, mbedtls_test_rnd_std_rand, NULL ) - == 0 ); + TEST_ASSERT( mbedtls_mpi_is_prime_ext( &X, 40, + mbedtls_test_rnd_std_rand, + NULL ) == 0 ); } } diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 3d77a6ba7..dbc52e5d0 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -62,8 +62,10 @@ static int pk_genkey( mbedtls_pk_context *pk, int parameter ) parameter ) ) != 0 ) return( ret ); - return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, &mbedtls_pk_ec( *pk )->d, - &mbedtls_pk_ec( *pk )->Q, mbedtls_test_rnd_std_rand, NULL ); + return mbedtls_ecp_gen_keypair( &mbedtls_pk_ec( *pk )->grp, + &mbedtls_pk_ec( *pk )->d, + &mbedtls_pk_ec( *pk )->Q, + mbedtls_test_rnd_std_rand, NULL ); } #endif return( -1 ); @@ -75,8 +77,8 @@ int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, size_t output_max_len ) { return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, - mbedtls_test_rnd_std_rand, NULL, mode, olen, - input, output, output_max_len ) ); + mbedtls_test_rnd_std_rand, NULL, mode, + olen, input, output, output_max_len ) ); } int mbedtls_rsa_sign_func( void *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, @@ -85,8 +87,9 @@ int mbedtls_rsa_sign_func( void *ctx, { ((void) f_rng); ((void) p_rng); - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, mbedtls_test_rnd_std_rand, NULL, mode, - md_alg, hashlen, hash, sig ) ); + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, + mbedtls_test_rnd_std_rand, NULL, mode, + md_alg, hashlen, hash, sig ) ); } size_t mbedtls_rsa_key_len_func( void *ctx ) { @@ -431,100 +434,71 @@ void invalid_parameters( ) NULL, sizeof( buf ) ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( NULL, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - buf, &len, - mbedtls_test_rnd_std_rand, NULL, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( &pk, - MBEDTLS_MD_NONE, - NULL, sizeof( buf ), - buf, &len, - mbedtls_test_rnd_std_rand, NULL, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( &pk, - valid_md, - NULL, 0, - buf, &len, - mbedtls_test_rnd_std_rand, NULL, - NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign_restartable( &pk, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - NULL, &len, - mbedtls_test_rnd_std_rand, NULL, - NULL ) ); + mbedtls_pk_sign_restartable( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ), + buf, &len, mbedtls_test_rnd_std_rand, + NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( NULL, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - buf, &len, - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( &pk, - MBEDTLS_MD_NONE, - NULL, sizeof( buf ), - buf, &len, - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( &pk, - valid_md, - NULL, 0, - buf, &len, - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_sign( &pk, - MBEDTLS_MD_NONE, - buf, sizeof( buf ), - NULL, &len, - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), + buf, &len, mbedtls_test_rnd_std_rand, + NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( NULL, - buf, sizeof( buf ), - buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( &pk, - NULL, sizeof( buf ), - buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( &pk, - buf, sizeof( buf ), - NULL, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); - TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_decrypt( &pk, - buf, sizeof( buf ), - buf, NULL, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign_restartable( &pk, valid_md, NULL, 0, buf, &len, + mbedtls_test_rnd_std_rand, NULL, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( NULL, - buf, sizeof( buf ), - buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign_restartable( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), + NULL, &len, mbedtls_test_rnd_std_rand, + NULL, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( &pk, - NULL, sizeof( buf ), - buf, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign( NULL, MBEDTLS_MD_NONE, buf, sizeof( buf ), + buf, &len, mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( &pk, - buf, sizeof( buf ), - NULL, &len, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, sizeof( buf ), + buf, &len, mbedtls_test_rnd_std_rand, NULL ) ); + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, - mbedtls_pk_encrypt( &pk, - buf, sizeof( buf ), - buf, NULL, sizeof( buf ), - mbedtls_test_rnd_std_rand, NULL ) ); + mbedtls_pk_sign( &pk, valid_md, NULL, 0, buf, &len, + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, buf, sizeof( buf ), NULL, &len, + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_decrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( NULL, buf, sizeof( buf ), buf, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( &pk, NULL, sizeof( buf ), buf, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), NULL, &len, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); + + TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, + mbedtls_pk_encrypt( &pk, buf, sizeof( buf ), buf, NULL, sizeof( buf ), + mbedtls_test_rnd_std_rand, NULL ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_PK_BAD_INPUT_DATA, mbedtls_pk_check_pair( NULL, &pk ) ); @@ -968,7 +942,9 @@ void pk_sign_verify( int type, int parameter, int sign_ret, int verify_ret ) } TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_SHA256, hash, sizeof hash, - sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == sign_ret ); + sig, &sig_len, + mbedtls_test_rnd_std_rand, + NULL ) == sign_ret ); if( sign_ret == 0 ) TEST_ASSERT( sig_len <= MBEDTLS_PK_SIGNATURE_MAX_SIZE ); else @@ -1023,8 +999,8 @@ void pk_rsa_encrypt_test_vec( data_t * message, int mod, int radix_N, TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); TEST_ASSERT( mbedtls_pk_encrypt( &pk, message->x, message->len, - output, &olen, sizeof( output ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + output, &olen, sizeof( output ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); TEST_ASSERT( olen == result->len ); TEST_ASSERT( memcmp( output, result->x, olen ) == 0 ); @@ -1072,8 +1048,8 @@ void pk_rsa_decrypt_test_vec( data_t * cipher, int mod, int radix_P, memset( output, 0, sizeof( output ) ); olen = 0; TEST_ASSERT( mbedtls_pk_decrypt( &pk, cipher->x, cipher->len, - output, &olen, sizeof( output ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + output, &olen, sizeof( output ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); if( ret == 0 ) { TEST_ASSERT( olen == clear->len ); @@ -1106,12 +1082,12 @@ void pk_ec_nocrypt( int type ) TEST_ASSERT( mbedtls_pk_setup( &pk, mbedtls_pk_info_from_type( type ) ) == 0 ); TEST_ASSERT( mbedtls_pk_encrypt( &pk, input, sizeof( input ), - output, &olen, sizeof( output ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + output, &olen, sizeof( output ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); TEST_ASSERT( mbedtls_pk_decrypt( &pk, input, sizeof( input ), - output, &olen, sizeof( output ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); + output, &olen, sizeof( output ), + mbedtls_test_rnd_pseudo_rand, &rnd_info ) == ret ); exit: mbedtls_pk_free( &pk ); @@ -1145,8 +1121,9 @@ void pk_rsa_overflow( ) TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, sig_len ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); - TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, &sig_len, - mbedtls_test_rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, hash, hash_len, sig, + &sig_len, mbedtls_test_rnd_std_rand, NULL ) + == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); exit: mbedtls_pk_free( &pk ); @@ -1199,12 +1176,13 @@ void pk_rsa_alt( ) /* Test signature */ #if SIZE_MAX > UINT_MAX - TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, - sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == - MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, SIZE_MAX, sig, + &sig_len, mbedtls_test_rnd_std_rand, NULL ) + == MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* SIZE_MAX > UINT_MAX */ - TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, - sig, &sig_len, mbedtls_test_rnd_std_rand, NULL ) == 0 ); + TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig, + &sig_len, mbedtls_test_rnd_std_rand, NULL ) + == 0 ); TEST_ASSERT( sig_len == RSA_KEY_LEN ); TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE, hash, sizeof hash, sig, sig_len ) == 0 ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 8d2192f46..8a4218090 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -34,7 +34,12 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char * input_N, if( message_str->len == 0 ) message_str->x = NULL; - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, + &mbedtls_test_rnd_buffer_rand, + &info, MBEDTLS_RSA_PUBLIC, + message_str->len, message_str->x, + output ) == result ); + if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -81,11 +86,20 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char * input_P, if( result_hex_str->len == 0 ) { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, NULL, 0 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, + MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, + NULL, 0 ) == result ); } else { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, 1000 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, + output, 1000 ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -196,16 +210,15 @@ void pkcs1_v15_decode( int mode, if( mode == MBEDTLS_RSA_PRIVATE ) TEST_ASSERT( mbedtls_rsa_public( &ctx, original, intermediate ) == 0 ); else - TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - original, intermediate ) == 0 ); + TEST_ASSERT( mbedtls_rsa_private( &ctx, &mbedtls_test_rnd_pseudo_rand, + &rnd_info, original, + intermediate ) == 0 ); memcpy( final, default_content, sizeof( final ) ); TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, - &mbedtls_test_rnd_pseudo_rand, &rnd_info, - mode, - &output_length, - intermediate, - final, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, mode, &output_length, + intermediate, final, output_size ) == expected_result ); if( expected_result == 0 ) { @@ -286,7 +299,9 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char * input_P, int radix_Q, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, + &info, MBEDTLS_RSA_PRIVATE, digest, + 0, hash_result, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 2b7d16fe7..c9e91c87c 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -34,7 +34,11 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char * input_N, if( message_str->len == 0 ) message_str->x = NULL; - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PUBLIC, message_str->len, message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, + &mbedtls_test_rnd_buffer_rand, + &info, MBEDTLS_RSA_PUBLIC, + message_str->len, message_str->x, + output ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -82,15 +86,21 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char * input_P, if( result_hex_str->len == 0 ) { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, - message_str->x, NULL, 0 ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, + MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, + NULL, 0 ) == result ); } else { - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, &output_len, - message_str->x, output, + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, + MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, + output, sizeof( output ) ) == result ); if( result == 0 ) { @@ -144,8 +154,9 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char * input_P, int radix_Q, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, - digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_buffer_rand, + &info, MBEDTLS_RSA_PRIVATE, digest, 0, + hash_result, output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 4096e4d4d..90335dbc7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -67,7 +67,8 @@ void rsa_invalid_param( ) invalid_padding, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, - mbedtls_rsa_gen_key( NULL, mbedtls_test_rnd_std_rand, + mbedtls_rsa_gen_key( NULL, + mbedtls_test_rnd_std_rand, NULL, 0, 0 ) ); TEST_INVALID_PARAM_RET( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, mbedtls_rsa_gen_key( &ctx, NULL, @@ -500,9 +501,9 @@ void mbedtls_rsa_pkcs1_sign( data_t * message_str, int padding_mode, if( mbedtls_md_info_from_type( digest ) != NULL ) TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str->x, message_str->len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, digest, 0, - hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PRIVATE, digest, + 0, hash_result, output ) == result ); if( result == 0 ) { @@ -581,10 +582,10 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, - hash_result->len, hash_result->x, - output ) == 0 ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PRIVATE, + MBEDTLS_MD_NONE, hash_result->len, + hash_result->x, output ) == 0 ); TEST_ASSERT( mbedtls_test_hexcmp( output, result_hex_str->x, @@ -598,8 +599,9 @@ void rsa_pkcs1_sign_raw( data_t * hash_result, memset( output, 0x00, sizeof( output) ); res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, - &mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, - hash_result->len, hash_result->x, output ); + &mbedtls_test_rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, hash_result->len, + hash_result->x, output ); #if !defined(MBEDTLS_RSA_ALT) TEST_ASSERT( res == 0 ); @@ -712,9 +714,11 @@ void mbedtls_rsa_pkcs1_encrypt( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_pseudo_rand, &rnd_info, - MBEDTLS_RSA_PUBLIC, message_str->len, - message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, + &mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PUBLIC, + message_str->len, message_str->x, + output ) == result ); if( result == 0 ) { @@ -751,9 +755,10 @@ void rsa_pkcs1_encrypt_bad_rng( data_t * message_str, int padding_mode, TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, NULL, - MBEDTLS_RSA_PUBLIC, message_str->len, - message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &mbedtls_test_rnd_zero_rand, + NULL, MBEDTLS_RSA_PUBLIC, + message_str->len, message_str->x, + output ) == result ); if( result == 0 ) { @@ -802,7 +807,10 @@ void mbedtls_rsa_pkcs1_decrypt( data_t * message_str, int padding_mode, output_len = 0; - TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, &output_len, message_str->x, output, max_output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_decrypt( &ctx, mbedtls_test_rnd_pseudo_rand, + &rnd_info, MBEDTLS_RSA_PRIVATE, + &output_len, message_str->x, output, + max_output ) == result ); if( result == 0 ) { @@ -907,8 +915,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, for( i = 0; i < 3; i++ ) { memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand, &rnd_info, - message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_test_rnd_pseudo_rand, + &rnd_info, message_str->x, + output ) == result ); if( result == 0 ) { @@ -926,8 +935,9 @@ void mbedtls_rsa_private( data_t * message_str, int mod, int radix_P, TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx2 ) == 0 ); memset( output, 0x00, sizeof( output ) ); - TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand, &rnd_info, - message_str->x, output ) == result ); + TEST_ASSERT( mbedtls_rsa_private( &ctx2, mbedtls_test_rnd_pseudo_rand, + &rnd_info, message_str->x, + output ) == result ); if( result == 0 ) { diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 1389e336d..9c6a57a86 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3339,7 +3339,8 @@ void ssl_crypt_record_small( int cipher_type, int hash_id, rec_backup = rec; /* Encrypt record */ - ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, mbedtls_test_rnd_std_rand, NULL ); + ret = mbedtls_ssl_encrypt_buf( &ssl, t_enc, &rec, + mbedtls_test_rnd_std_rand, NULL ); if( ( mode == 1 || mode == 2 ) && seen_success ) { diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index a893b4e58..be9e0ae52 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -111,7 +111,7 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -125,14 +125,15 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, + &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: @@ -175,7 +176,8 @@ void x509_csr_check_opaque( char *key_file, int md_type, int key_usage, TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1, - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, &rnd_info ); + TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); @@ -284,7 +286,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), - mbedtls_test_rnd_pseudo_rand, &rnd_info ); + mbedtls_test_rnd_pseudo_rand, + &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) From ff1825ec19feebf90c2d7d45f1dfa2dbfe63cf9e Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Wed, 10 Jun 2020 14:52:21 +0200 Subject: [PATCH 74/87] Add changelog entry Signed-off-by: Ronald Cron --- ChangeLog.d/tests-common-code.txt | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ChangeLog.d/tests-common-code.txt diff --git a/ChangeLog.d/tests-common-code.txt b/ChangeLog.d/tests-common-code.txt new file mode 100644 index 000000000..0af2da526 --- /dev/null +++ b/ChangeLog.d/tests-common-code.txt @@ -0,0 +1,5 @@ +Changes + * The unit tests now rely on header files in tests/include/test and source + files in tests/src. When building with make or cmake, the files in + tests/src are compiled and the resulting object linked into each test + executable. From 65d8c2651d89ff2d0e9a5a35f95d2c9b45e54046 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 4 Jun 2019 13:05:36 +0300 Subject: [PATCH 75/87] Show failure in ssl-opts.sh when key export fails 1. When `ssl_server2` export key functionality fails, don't exit the server, but reset it, to have the server recover for next connection. 2. Add text filters for `export keys functionality` test in ssl-opt.sh to check for additional output, to verify if the export suceeded. This was discovered in the `ssl-opt.sh` script, where the server exited, before the test tried to kill the server priocess, resulting in a `kill: No such process` message. Fixes #2662 Signed-off-by: Ron Eldor --- programs/ssl/ssl_server2.c | 4 ++-- tests/ssl-opt.sh | 6 +++++- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 5dd18715f..3fd065ef0 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3718,7 +3718,7 @@ handshake: { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", (unsigned int) -ret ); - goto exit; + goto reset; } mbedtls_printf( " EAP-TLS key material is:" ); @@ -3739,7 +3739,7 @@ handshake: { mbedtls_printf( " failed\n ! mbedtls_ssl_tls_prf returned -0x%x\n\n", (unsigned int) -ret ); - goto exit; + goto reset; } mbedtls_printf( " EAP-TLS IV is:" ); diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index df3f53b3b..3c185e068 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -9141,7 +9141,11 @@ run_test "export keys functionality" \ -s "exported ivlen is " \ -c "exported maclen is " \ -c "exported keylen is " \ - -c "exported ivlen is " + -c "exported ivlen is " \ + -c "EAP-TLS key material is:"\ + -s "EAP-TLS key material is:"\ + -c "EAP-TLS IV is:" \ + -s "EAP-TLS IV is:" # Test heap memory usage after handshake requires_config_enabled MBEDTLS_MEMORY_DEBUG From 700ee44545b5557b0bf6472290819afda805c6f4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 26 May 2020 00:33:31 +0200 Subject: [PATCH 76/87] Add missing copyright dates to scripts and sources MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To find any files with a missing copyright declaration, use the following script: # ======================== #!/bin/sh # Find files with copyright declarations, and list their file extensions exts=$(grep -Ril --exclude-dir .git --exclude-dir 3rdparty\ --exclude-dir programs/fuzz 'Copyright.*Arm' | sed ' s/.*\/// s/.*\./*./ s/.*/-name "&"/ ' | sort -u | sed -n ' :l N $!bl s/\n/ -o /gp ') # Find files with file extensions that ususally include copyright extensions, # but don't include a copyright declaration themselves. eval "find\ '(' -path './.git' -o -path './3rdparty' -o -path './programs/fuzz' ')' -prune\ -o ! -path './tests/data_files/format_pkcs12.fmt'\ ! -path './programs/psa/psa_constant_names_generated.c'\ '(' $exts ')' -print" | xargs grep -Li 'Copyright.*Arm' # ======================== Signed-off-by: Bence Szépkúti --- programs/psa/crypto_examples.c | 6 ++++++ programs/psa/key_ladder_demo.sh | 5 +++++ programs/psa/psa_constant_names.c | 6 ++++++ programs/test/udp_proxy_wrapper.sh | 4 ++++ scripts/apidoc_full.sh | 4 ++++ scripts/ecc-heap.sh | 4 ++++ scripts/generate_errors.pl | 4 ++++ scripts/generate_features.pl | 3 +++ scripts/generate_psa_constants.py | 4 ++++ scripts/generate_query_config.pl | 4 ++++ scripts/generate_visualc_files.pl | 4 ++++ scripts/massif_max.pl | 4 ++++ scripts/memory.sh | 4 ++++ scripts/tmp_ignore_makefiles.sh | 4 ++++ tests/data_files/dir-maxpath/long.sh | 4 ++++ tests/data_files/print_c.pl | 5 +++++ tests/scripts/check-doxy-blocks.pl | 4 ++++ tests/scripts/doxygen.sh | 4 ++++ tests/scripts/gen_ctr_drbg.pl | 4 ++++ tests/scripts/gen_gcm_decrypt.pl | 4 ++++ tests/scripts/gen_gcm_encrypt.pl | 4 ++++ tests/scripts/gen_pkcs1_v21_sign_verify.pl | 3 +++ tests/scripts/generate-afl-tests.sh | 4 ++++ tests/scripts/list-enum-consts.pl | 4 ++++ tests/scripts/list-identifiers.sh | 4 ++++ tests/scripts/list-macros.sh | 4 ++++ tests/scripts/list-symbols.sh | 4 ++++ tests/scripts/psa_collect_statuses.py | 4 ++++ tests/scripts/recursion.pl | 4 ++++ tests/scripts/tcp_client.pl | 4 ++++ tests/scripts/test_psa_constant_names.py | 4 ++++ 31 files changed, 128 insertions(+) diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index f156b7b26..88e34d1fd 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -1,3 +1,9 @@ +/* + * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + #include "psa/crypto.h" #include #include diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index 2cec945f5..3ffbd8b01 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -1,4 +1,9 @@ #!/bin/sh +# +# Copyright (C) 2018, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + set -e -u program="${0%/*}"/key_ladder_demo diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index d8ffd46cf..e22791c4a 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -1,3 +1,9 @@ +/* + * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved + * + * This file is part of mbed TLS (https://tls.mbed.org) + */ + #include #include #include diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 29033d5d1..85f4423d3 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -1,6 +1,10 @@ #!/bin/sh # -*-sh-basic-offset: 4-*- # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] +# +# Copyright (C) 2017, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -u diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh index dfe117710..a8e48455b 100755 --- a/scripts/apidoc_full.sh +++ b/scripts/apidoc_full.sh @@ -6,6 +6,10 @@ # # /!\ This must not be a Makefile target, as it would create a race condition # when multiple targets are invoked in the same parallel build. +# +# Copyright (C) 2016, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh index 69777a62c..3231f7c94 100755 --- a/scripts/ecc-heap.sh +++ b/scripts/ecc-heap.sh @@ -6,6 +6,10 @@ # Usage (preferably on a 32-bit platform): # cmake -D CMAKE_BUILD_TYPE=Release . # scripts/ecc-heap.sh | tee ecc-heap.log +# +# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 150e10e46..81e5c468d 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -4,6 +4,10 @@ # # Usage: ./generate_errors.pl or scripts/generate_errors.pl without arguments, # or generate_errors.pl include_dir data_dir error_file +# +# Copyright (C) 2011-2020, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index 1bd82ca2a..3c049915e 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -1,5 +1,8 @@ #!/usr/bin/env perl # +# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 175cd9ffc..9fbccd333 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -11,6 +11,10 @@ file is written: * OUTPUT_FILE_DIR passed: writes to OUTPUT_FILE_DIR/ """ +# Copyright (C) 2018-2020, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + import os import re import sys diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index d94fdad62..26778d3bf 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -15,6 +15,10 @@ # function by using the template in scripts/data_files/query_config.fmt. # # Usage: ./scripts/generate_query_config.pl without arguments +# +# Copyright (C) 2018-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 1f67055e6..268597074 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -5,6 +5,10 @@ # # Must be run from mbedTLS root or scripts directory. # Takes no argument. +# +# Copyright (C) 2013-2020, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl index 4e3342a2c..f7fa919b4 100755 --- a/scripts/massif_max.pl +++ b/scripts/massif_max.pl @@ -1,6 +1,10 @@ #!/usr/bin/env perl # Parse a massif.out.xxx file and output peak total memory usage +# +# Copyright (C) 2014, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/scripts/memory.sh b/scripts/memory.sh index c415f92d5..513549598 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -5,6 +5,10 @@ # # Use different build options for measuring executable size and memory usage, # since for memory we want debug information. +# +# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh index df9450e14..543e44abc 100755 --- a/scripts/tmp_ignore_makefiles.sh +++ b/scripts/tmp_ignore_makefiles.sh @@ -2,6 +2,10 @@ # Temporarily (de)ignore Makefiles generated by CMake to allow easier # git development +# +# Copyright (C) 2014, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) IGNORE="" diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh index 22f3bf548..19794980f 100755 --- a/tests/data_files/dir-maxpath/long.sh +++ b/tests/data_files/dir-maxpath/long.sh @@ -1,4 +1,8 @@ #!/bin/sh +# +# Copyright (C) 2017, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl index d0ec13705..af8a2c1b4 100755 --- a/tests/data_files/print_c.pl +++ b/tests/data_files/print_c.pl @@ -1,4 +1,9 @@ #!/usr/bin/env perl +# +# Copyright (C) 2017, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + use strict; use warnings; diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl index 496769992..70fab6896 100755 --- a/tests/scripts/check-doxy-blocks.pl +++ b/tests/scripts/check-doxy-blocks.pl @@ -7,6 +7,10 @@ # sed -e '/EXTRACT/s/YES/NO/' doxygen/mbedtls.doxyfile | doxygen - # but that would warn about any undocumented item, while our goal is to find # items that are documented, but not marked as such by mistake. +# +# Copyright (C) 2012-2016, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index e7758c9e8..4fb8b7f1b 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -1,6 +1,10 @@ #!/bin/sh # Make sure the doxygen documentation builds without warnings +# +# Copyright (C) 2016, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) # Abort on errors (and uninitiliased variables) set -eu diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index 3c074be19..624da22e5 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -3,6 +3,10 @@ # Based on NIST CTR_DRBG.rsp validation file # Only uses AES-256-CTR cases that use a Derivation function # and concats nonce and personalization for initialization. +# +# Copyright (C) 2011, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl index 03809cb94..1739c9b06 100755 --- a/tests/scripts/gen_gcm_decrypt.pl +++ b/tests/scripts/gen_gcm_decrypt.pl @@ -2,6 +2,10 @@ # # Based on NIST gcmDecryptxxx.rsp validation files # Only first 3 of every set used for compile time saving +# +# Copyright (C) 2012-2013, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl index 29ec677da..602d85aa4 100755 --- a/tests/scripts/gen_gcm_encrypt.pl +++ b/tests/scripts/gen_gcm_encrypt.pl @@ -2,6 +2,10 @@ # # Based on NIST gcmEncryptIntIVxxx.rsp validation files # Only first 3 of every set used for compile time saving +# +# Copyright (C) 2012-2013, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index 110cb4b07..fbdf751a8 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -1,5 +1,8 @@ #!/usr/bin/env perl # +# Copyright (C) 2011-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use strict; diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index cbc2f5906..6cd3f6140 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -7,6 +7,10 @@ # Usage: generate-afl-tests.sh # - should be the path to one of the test suite files # such as 'test_suite_mpi.data' +# +# Copyright (C) 2016, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) # Abort on errors set -e diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl index e59517b88..d60a0fb16 100755 --- a/tests/scripts/list-enum-consts.pl +++ b/tests/scripts/list-enum-consts.pl @@ -1,4 +1,8 @@ #!/usr/bin/env perl +# +# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index 24e74043b..c48c249cc 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -5,6 +5,10 @@ # Outputs the line count of the file to stdout. # # Usage: list-identifiers.sh [ -i | --internal ] +# +# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh index 3540b8e52..17107aaeb 100755 --- a/tests/scripts/list-macros.sh +++ b/tests/scripts/list-macros.sh @@ -1,4 +1,8 @@ #!/bin/sh +# +# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index 1c348a79c..004912479 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -1,4 +1,8 @@ #!/bin/sh +# +# Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index e38beeac3..78b5c19ac 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -12,6 +12,10 @@ The build command is "make -DRECORD_PSA_STATUS_COVERAGE_LOG", which is only supported with make (as opposed to CMake or other build methods). """ +# Copyright (C) 2019, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + import argparse import os import subprocess diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl index 431e59211..c80666ec8 100755 --- a/tests/scripts/recursion.pl +++ b/tests/scripts/recursion.pl @@ -7,6 +7,10 @@ # an unbounded way, those functions should use interation instead. # # Typical usage: scripts/recursion.pl library/*.c +# +# Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl index 11cbf1b1b..eb531a585 100755 --- a/tests/scripts/tcp_client.pl +++ b/tests/scripts/tcp_client.pl @@ -4,6 +4,10 @@ # Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1 # DATA: hex-encoded data to send to the server # RESPONSE: regexp that must match the server's response +# +# Copyright (C) 2017, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) use warnings; use strict; diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 2c9f058ea..4497dad57 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -7,6 +7,10 @@ Return 0 if all test cases pass, 1 if the output was not always as expected, or 1 (with a Python backtrace) if there was an operational error. """ +# Copyright (C) 2018-2020, Arm Limited, All Rights Reserved +# +# This file is part of Mbed TLS (https://tls.mbed.org) + import argparse from collections import namedtuple import itertools From c7da1fe3812ce0d3ee0e351e67118d46af540519 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Tue, 26 May 2020 01:54:15 +0200 Subject: [PATCH 77/87] Add Apache-2.0 headers to all scripts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit was generated using the following script: # ======================== #!/bin/sh # Find scripts find -path './.git' -prune -o '(' -name '*.gdb' -o -name '*.pl' -o -name '*.py' -o -name '*.sh' ')' -print | xargs sed -i ' # Remove Mbed TLS declaration if it occurs before the copyright line 1,/Copyright.*Arm/I { /This file is part of/,$ { /Copyright.*Arm/I! d } } # Convert non-standard header in scripts/abi_check.py to the format used in the other scripts /"""/,/"""/ { # Cut copyright declaration /Copyright.*Arm/I { h N d } # Paste copyright declaration /"""/ { x /./ { s/^/# / # Add # x # Replace orignal buffer with Copyright declaration p # Print original buffer, insert newline i\ s/.*// # Clear original buffer } x } } /Copyright.*Arm/I { # Print copyright declaration p # Read the two lines immediately following the copyright declaration N N # Insert Apache header if it is missing /SPDX/! { i\ # SPDX-License-Identifier: Apache-2.0\ #\ # Licensed under the Apache License, Version 2.0 (the "License"); you may\ # not use this file except in compliance with the License.\ # You may obtain a copy of the License at\ #\ # http://www.apache.org/licenses/LICENSE-2.0\ #\ # Unless required by applicable law or agreed to in writing, software\ # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\ # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\ # See the License for the specific language governing permissions and\ # limitations under the License. # Insert Mbed TLS declaration if it is missing /This file is part of/! i\ #\ # This file is part of Mbed TLS (https://tls.mbed.org) } # Clear copyright declaration from buffer D } ' # ======================== Signed-off-by: Bence Szépkúti --- programs/psa/key_ladder_demo.sh | 13 +++++++++++++ programs/test/udp_proxy_wrapper.sh | 13 +++++++++++++ scripts/abi_check.py | 21 +++++++++++++++++---- scripts/apidoc_full.sh | 13 +++++++++++++ scripts/bump_version.sh | 17 +++++++++++++++-- scripts/ecc-heap.sh | 13 +++++++++++++ scripts/footprint.sh | 17 +++++++++++++++-- scripts/generate_errors.pl | 13 +++++++++++++ scripts/generate_features.pl | 13 +++++++++++++ scripts/generate_psa_constants.py | 13 +++++++++++++ scripts/generate_query_config.pl | 13 +++++++++++++ scripts/generate_visualc_files.pl | 13 +++++++++++++ scripts/massif_max.pl | 13 +++++++++++++ scripts/memory.sh | 13 +++++++++++++ scripts/output_env.sh | 17 +++++++++++++++-- scripts/rename.pl | 17 +++++++++++++++-- scripts/tmp_ignore_makefiles.sh | 13 +++++++++++++ tests/compat.sh | 17 +++++++++++++++-- tests/context-info.sh | 17 +++++++++++++++-- tests/data_files/dir-maxpath/long.sh | 13 +++++++++++++ tests/data_files/print_c.pl | 13 +++++++++++++ tests/git-scripts/pre-push.sh | 17 +++++++++++++++-- tests/scripts/all.sh | 17 +++++++++++++++-- tests/scripts/basic-build-test.sh | 17 +++++++++++++++-- tests/scripts/check-doxy-blocks.pl | 13 +++++++++++++ tests/scripts/check-files.py | 16 +++++++++++++++- tests/scripts/check-generated-files.sh | 17 +++++++++++++++-- tests/scripts/check-names.sh | 17 +++++++++++++++-- tests/scripts/check-python-files.sh | 17 +++++++++++++++-- tests/scripts/curves.pl | 15 +++++++++++++++ tests/scripts/depends-hashes.pl | 15 +++++++++++++++ tests/scripts/depends-pkalgs.pl | 15 +++++++++++++++ tests/scripts/doxygen.sh | 13 +++++++++++++ tests/scripts/gen_ctr_drbg.pl | 13 +++++++++++++ tests/scripts/gen_gcm_decrypt.pl | 13 +++++++++++++ tests/scripts/gen_gcm_encrypt.pl | 13 +++++++++++++ tests/scripts/gen_pkcs1_v21_sign_verify.pl | 13 +++++++++++++ tests/scripts/generate-afl-tests.sh | 13 +++++++++++++ tests/scripts/key-exchanges.pl | 15 +++++++++++++++ tests/scripts/list-enum-consts.pl | 13 +++++++++++++ tests/scripts/list-identifiers.sh | 13 +++++++++++++ tests/scripts/list-macros.sh | 13 +++++++++++++ tests/scripts/list-symbols.sh | 13 +++++++++++++ tests/scripts/psa_collect_statuses.py | 13 +++++++++++++ tests/scripts/recursion.pl | 13 +++++++++++++ tests/scripts/run-test-suites.pl | 17 +++++++++++++++-- tests/scripts/tcp_client.pl | 13 +++++++++++++ tests/scripts/test-ref-configs.pl | 17 +++++++++++++++-- tests/scripts/test_psa_constant_names.py | 13 +++++++++++++ tests/scripts/test_zeroize.gdb | 17 +++++++++++++++-- tests/scripts/travis-log-failure.sh | 17 +++++++++++++++-- tests/ssl-opt.sh | 17 +++++++++++++++-- 52 files changed, 724 insertions(+), 39 deletions(-) diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh index 3ffbd8b01..fc2ef336f 100755 --- a/programs/psa/key_ladder_demo.sh +++ b/programs/psa/key_ladder_demo.sh @@ -1,6 +1,19 @@ #!/bin/sh # # Copyright (C) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/programs/test/udp_proxy_wrapper.sh b/programs/test/udp_proxy_wrapper.sh index 85f4423d3..cfc269a61 100755 --- a/programs/test/udp_proxy_wrapper.sh +++ b/programs/test/udp_proxy_wrapper.sh @@ -3,6 +3,19 @@ # Usage: udp_proxy_wrapper.sh [PROXY_PARAM...] -- [SERVER_PARAM...] # # Copyright (C) 2017, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/abi_check.py b/scripts/abi_check.py index c2aca501d..b8fc9b800 100755 --- a/scripts/abi_check.py +++ b/scripts/abi_check.py @@ -1,9 +1,5 @@ #!/usr/bin/env python3 """ -This file is part of Mbed TLS (https://tls.mbed.org) - -Copyright (c) 2018, Arm Limited, All Rights Reserved - Purpose This script is a small wrapper around the abi-compliance-checker and @@ -15,6 +11,23 @@ Returns 0 on success, 1 on ABI/API non-compliance, and 2 if there is an error while running the script. Note: must be run from Mbed TLS root. """ +# Copyright (c) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) + import os import sys import traceback diff --git a/scripts/apidoc_full.sh b/scripts/apidoc_full.sh index a8e48455b..f270bf4a8 100755 --- a/scripts/apidoc_full.sh +++ b/scripts/apidoc_full.sh @@ -8,6 +8,19 @@ # when multiple targets are invoked in the same parallel build. # # Copyright (C) 2016, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh index cf875c88d..88e3a46ee 100755 --- a/scripts/bump_version.sh +++ b/scripts/bump_version.sh @@ -1,8 +1,21 @@ #!/bin/bash # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2012-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/scripts/ecc-heap.sh b/scripts/ecc-heap.sh index 3231f7c94..1a2a6d141 100755 --- a/scripts/ecc-heap.sh +++ b/scripts/ecc-heap.sh @@ -8,6 +8,19 @@ # scripts/ecc-heap.sh | tee ecc-heap.log # # Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/footprint.sh b/scripts/footprint.sh index 961a0d60b..de7b68fc4 100755 --- a/scripts/footprint.sh +++ b/scripts/footprint.sh @@ -1,8 +1,21 @@ #!/bin/sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 81e5c468d..f3814f475 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -6,6 +6,19 @@ # or generate_errors.pl include_dir data_dir error_file # # Copyright (C) 2011-2020, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl index 3c049915e..e60bb88fb 100755 --- a/scripts/generate_features.pl +++ b/scripts/generate_features.pl @@ -1,6 +1,19 @@ #!/usr/bin/env perl # # Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/generate_psa_constants.py b/scripts/generate_psa_constants.py index 9fbccd333..3d2e6815a 100755 --- a/scripts/generate_psa_constants.py +++ b/scripts/generate_psa_constants.py @@ -12,6 +12,19 @@ file is written: """ # Copyright (C) 2018-2020, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl index 26778d3bf..c9ef83801 100755 --- a/scripts/generate_query_config.pl +++ b/scripts/generate_query_config.pl @@ -17,6 +17,19 @@ # Usage: ./scripts/generate_query_config.pl without arguments # # Copyright (C) 2018-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl index 268597074..d72d19dad 100755 --- a/scripts/generate_visualc_files.pl +++ b/scripts/generate_visualc_files.pl @@ -7,6 +7,19 @@ # Takes no argument. # # Copyright (C) 2013-2020, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/massif_max.pl b/scripts/massif_max.pl index f7fa919b4..f5d870f5a 100755 --- a/scripts/massif_max.pl +++ b/scripts/massif_max.pl @@ -3,6 +3,19 @@ # Parse a massif.out.xxx file and output peak total memory usage # # Copyright (C) 2014, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/memory.sh b/scripts/memory.sh index 513549598..15693a0af 100755 --- a/scripts/memory.sh +++ b/scripts/memory.sh @@ -7,6 +7,19 @@ # since for memory we want debug information. # # Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/scripts/output_env.sh b/scripts/output_env.sh index 35452795d..0044a222a 100755 --- a/scripts/output_env.sh +++ b/scripts/output_env.sh @@ -2,9 +2,22 @@ # output_env.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/scripts/rename.pl b/scripts/rename.pl index fb428098c..1e8dbf4f7 100755 --- a/scripts/rename.pl +++ b/scripts/rename.pl @@ -1,8 +1,21 @@ #!/usr/bin/env perl # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2015-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/scripts/tmp_ignore_makefiles.sh b/scripts/tmp_ignore_makefiles.sh index 543e44abc..1a165408e 100755 --- a/scripts/tmp_ignore_makefiles.sh +++ b/scripts/tmp_ignore_makefiles.sh @@ -4,6 +4,19 @@ # git development # # Copyright (C) 2014, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/compat.sh b/tests/compat.sh index 54bc0b7d1..6aa35d21a 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -2,9 +2,22 @@ # compat.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2012-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/context-info.sh b/tests/context-info.sh index 78aeb70f7..344dd4ea9 100755 --- a/tests/context-info.sh +++ b/tests/context-info.sh @@ -2,9 +2,22 @@ # context-info.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2012-2020, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # This program is intended for testing the ssl_context_info program # diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh index 19794980f..60813d823 100755 --- a/tests/data_files/dir-maxpath/long.sh +++ b/tests/data_files/dir-maxpath/long.sh @@ -1,6 +1,19 @@ #!/bin/sh # # Copyright (C) 2017, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl index af8a2c1b4..4c15be2d3 100755 --- a/tests/data_files/print_c.pl +++ b/tests/data_files/print_c.pl @@ -1,6 +1,19 @@ #!/usr/bin/env perl # # Copyright (C) 2017, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh index 86edf5a30..d3b462996 100755 --- a/tests/git-scripts/pre-push.sh +++ b/tests/git-scripts/pre-push.sh @@ -1,9 +1,22 @@ #!/bin/sh # pre-push.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d911d493a..865c73d42 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2,9 +2,22 @@ # all.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2014-2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 0be870587..4fb924784 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -2,9 +2,22 @@ # basic-build-tests.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl index 70fab6896..c4746541c 100755 --- a/tests/scripts/check-doxy-blocks.pl +++ b/tests/scripts/check-doxy-blocks.pl @@ -9,6 +9,19 @@ # items that are documented, but not marked as such by mistake. # # Copyright (C) 2012-2016, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 62b526ab9..1cef2d5f1 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -1,7 +1,21 @@ #!/usr/bin/env python3 -# This file is part of Mbed TLS (https://tls.mbed.org) # Copyright (c) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) """ This script checks the current state of the source code for minor issues, diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index f41e465c3..e39b66182 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -1,8 +1,21 @@ #! /usr/bin/env sh -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2018, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index dc097ee8e..e2019ccad 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -1,8 +1,21 @@ #!/bin/sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2015-2019, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) set -eu diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index cd18518ca..c5597f16e 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -1,8 +1,21 @@ #! /usr/bin/env sh -# This file is part of Mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose: # diff --git a/tests/scripts/curves.pl b/tests/scripts/curves.pl index 8119a46e6..cd6ea0d9a 100755 --- a/tests/scripts/curves.pl +++ b/tests/scripts/curves.pl @@ -3,6 +3,21 @@ # curves.pl # # Copyright (c) 2014-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/depends-hashes.pl b/tests/scripts/depends-hashes.pl index 898ae497c..08d99ab83 100755 --- a/tests/scripts/depends-hashes.pl +++ b/tests/scripts/depends-hashes.pl @@ -3,6 +3,21 @@ # depends-hashes.pl # # Copyright (c) 2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/depends-pkalgs.pl b/tests/scripts/depends-pkalgs.pl index 0cc01f241..1577fee38 100755 --- a/tests/scripts/depends-pkalgs.pl +++ b/tests/scripts/depends-pkalgs.pl @@ -3,6 +3,21 @@ # depends-pkalgs.pl # # Copyright (c) 2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh index 4fb8b7f1b..ed8a9ef2a 100755 --- a/tests/scripts/doxygen.sh +++ b/tests/scripts/doxygen.sh @@ -3,6 +3,19 @@ # Make sure the doxygen documentation builds without warnings # # Copyright (C) 2016, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/gen_ctr_drbg.pl b/tests/scripts/gen_ctr_drbg.pl index 624da22e5..715eac358 100755 --- a/tests/scripts/gen_ctr_drbg.pl +++ b/tests/scripts/gen_ctr_drbg.pl @@ -5,6 +5,19 @@ # and concats nonce and personalization for initialization. # # Copyright (C) 2011, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/gen_gcm_decrypt.pl b/tests/scripts/gen_gcm_decrypt.pl index 1739c9b06..6e4cb1fbb 100755 --- a/tests/scripts/gen_gcm_decrypt.pl +++ b/tests/scripts/gen_gcm_decrypt.pl @@ -4,6 +4,19 @@ # Only first 3 of every set used for compile time saving # # Copyright (C) 2012-2013, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/gen_gcm_encrypt.pl b/tests/scripts/gen_gcm_encrypt.pl index 602d85aa4..c58f3f1ee 100755 --- a/tests/scripts/gen_gcm_encrypt.pl +++ b/tests/scripts/gen_gcm_encrypt.pl @@ -4,6 +4,19 @@ # Only first 3 of every set used for compile time saving # # Copyright (C) 2012-2013, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/gen_pkcs1_v21_sign_verify.pl b/tests/scripts/gen_pkcs1_v21_sign_verify.pl index fbdf751a8..bbdeb8bbb 100755 --- a/tests/scripts/gen_pkcs1_v21_sign_verify.pl +++ b/tests/scripts/gen_pkcs1_v21_sign_verify.pl @@ -1,6 +1,19 @@ #!/usr/bin/env perl # # Copyright (C) 2011-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh index 6cd3f6140..e3ae01550 100755 --- a/tests/scripts/generate-afl-tests.sh +++ b/tests/scripts/generate-afl-tests.sh @@ -9,6 +9,19 @@ # such as 'test_suite_mpi.data' # # Copyright (C) 2016, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/key-exchanges.pl b/tests/scripts/key-exchanges.pl index 851de1b36..be9567f52 100755 --- a/tests/scripts/key-exchanges.pl +++ b/tests/scripts/key-exchanges.pl @@ -3,6 +3,21 @@ # key-exchanges.pl # # Copyright (c) 2015-2017, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/list-enum-consts.pl b/tests/scripts/list-enum-consts.pl index d60a0fb16..46de3039d 100755 --- a/tests/scripts/list-enum-consts.pl +++ b/tests/scripts/list-enum-consts.pl @@ -1,6 +1,19 @@ #!/usr/bin/env perl # # Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index c48c249cc..128455221 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -7,6 +7,19 @@ # Usage: list-identifiers.sh [ -i | --internal ] # # Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/list-macros.sh b/tests/scripts/list-macros.sh index 17107aaeb..786aef925 100755 --- a/tests/scripts/list-macros.sh +++ b/tests/scripts/list-macros.sh @@ -1,6 +1,19 @@ #!/bin/sh # # Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index 004912479..f4c20b24c 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -1,6 +1,19 @@ #!/bin/sh # # Copyright (C) 2015-2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py index 78b5c19ac..767323687 100755 --- a/tests/scripts/psa_collect_statuses.py +++ b/tests/scripts/psa_collect_statuses.py @@ -13,6 +13,19 @@ only supported with make (as opposed to CMake or other build methods). """ # Copyright (C) 2019, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/recursion.pl b/tests/scripts/recursion.pl index c80666ec8..693703132 100755 --- a/tests/scripts/recursion.pl +++ b/tests/scripts/recursion.pl @@ -9,6 +9,19 @@ # Typical usage: scripts/recursion.pl library/*.c # # Copyright (C) 2014-2015, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index d06badd23..45823c0a0 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -2,9 +2,22 @@ # run-test-suites.pl # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2015-2018, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) =head1 SYNOPSIS diff --git a/tests/scripts/tcp_client.pl b/tests/scripts/tcp_client.pl index eb531a585..6e576d63f 100755 --- a/tests/scripts/tcp_client.pl +++ b/tests/scripts/tcp_client.pl @@ -6,6 +6,19 @@ # RESPONSE: regexp that must match the server's response # # Copyright (C) 2017, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/test-ref-configs.pl b/tests/scripts/test-ref-configs.pl index e33aca7dd..0e36dd617 100755 --- a/tests/scripts/test-ref-configs.pl +++ b/tests/scripts/test-ref-configs.pl @@ -2,9 +2,22 @@ # test-ref-configs.pl # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2013-2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/test_psa_constant_names.py b/tests/scripts/test_psa_constant_names.py index 4497dad57..2d6e3826e 100755 --- a/tests/scripts/test_psa_constant_names.py +++ b/tests/scripts/test_psa_constant_names.py @@ -8,6 +8,19 @@ or 1 (with a Python backtrace) if there was an operational error. """ # Copyright (C) 2018-2020, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. # # This file is part of Mbed TLS (https://tls.mbed.org) diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 8164acb9b..43fde759c 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -1,8 +1,21 @@ # test_zeroize.gdb # -# This file is part of Mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2018, Arm Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/scripts/travis-log-failure.sh b/tests/scripts/travis-log-failure.sh index 9866ca7da..c6de12ca9 100755 --- a/tests/scripts/travis-log-failure.sh +++ b/tests/scripts/travis-log-failure.sh @@ -2,9 +2,22 @@ # travis-log-failure.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index df3f53b3b..74e2056f0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2,9 +2,22 @@ # ssl-opt.sh # -# This file is part of mbed TLS (https://tls.mbed.org) -# # Copyright (c) 2016, ARM Limited, All Rights Reserved +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# This file is part of Mbed TLS (https://tls.mbed.org) # # Purpose # From 6a81eb610699688cc093ec51f24ac7e39bd81233 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Mon, 15 Jun 2020 16:21:33 +0100 Subject: [PATCH 78/87] Remove Dangerous Parameter Passing Another coverity bug - #350039 When this test discovers a key of the wrong type, it still throws it through the export function in order to check that it too will detect this as a not permitted action. For the buffer and buffer length arguments it passes in a local pointer (which will most likely be NULL), and the sizeof that pointer, as it knows that they will never be used. Coverity rightly (imho) flagged this as suspicious - if we are going to pass in incorrect parameters, at least make them obviously incorrect, and ones that will not potentially cause errors if the code later changes. There is, for example safety checks for zero length buffer, but less protection for an insufficiently sized one. Signed-off-by: Paul Elliott --- tests/suites/test_suite_psa_crypto_slot_management.function | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function index a9c7f0459..3a14b1211 100644 --- a/tests/suites/test_suite_psa_crypto_slot_management.function +++ b/tests/suites/test_suite_psa_crypto_slot_management.function @@ -270,7 +270,7 @@ void persistent_slot_lifecycle( int lifetime_arg, int id_arg, else { TEST_EQUAL( psa_export_key( handle, - reexported, sizeof( reexported ), + NULL, 0, &reexported_length ), PSA_ERROR_NOT_PERMITTED ); } From 869746577a00d6fab26ff0e7e76887f5bc726158 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= Date: Mon, 15 Jun 2020 11:59:37 +0200 Subject: [PATCH 79/87] Add Apache-2.0 headers to all source files MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also normalize the first line of the copyright headers. This commit was generated using the following script: # ======================== #!/bin/sh # Find scripts find -path './.git' -prune -o '(' -name '*.c' -o -name '*.cpp' -o -name '*.fmt' -o -name '*.h' ')' -print | xargs sed -i ' # Normalize the first line of the copyright headers (no text on the first line of a block comment) /^\/\*.*Copyright.*Arm/I { i\ /* s/^\// / } /Copyright.*Arm/I { # Print copyright declaration p # Read the two lines immediately following the copyright declaration N N # Insert Apache header if it is missing /SPDX/! i\ * SPDX-License-Identifier: Apache-2.0\ *\ * Licensed under the Apache License, Version 2.0 (the "License"); you may\ * not use this file except in compliance with the License.\ * You may obtain a copy of the License at\ *\ * http://www.apache.org/licenses/LICENSE-2.0\ *\ * Unless required by applicable law or agreed to in writing, software\ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT\ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\ * See the License for the specific language governing permissions and\ * limitations under the License. # Clear copyright declaration from buffer D } ' # ======================== Signed-off-by: Bence Szépkúti --- include/mbedtls/aes.h | 3 ++- include/mbedtls/aria.h | 3 ++- include/mbedtls/chacha20.h | 3 ++- include/mbedtls/chachapoly.h | 3 ++- include/mbedtls/poly1305.h | 3 ++- library/psa_crypto.c | 3 ++- library/psa_crypto_core.h | 3 ++- library/psa_crypto_its.h | 3 ++- library/psa_crypto_se.c | 3 ++- library/psa_crypto_se.h | 3 ++- library/psa_crypto_service_integration.h | 3 ++- library/psa_crypto_slot_management.c | 3 ++- library/psa_crypto_slot_management.h | 3 ++- library/psa_crypto_storage.c | 3 ++- library/psa_its_file.c | 3 ++- programs/psa/crypto_examples.c | 13 +++++++++++++ programs/psa/key_ladder_demo.c | 3 ++- programs/psa/psa_constant_names.c | 13 +++++++++++++ tests/include/test/helpers.h | 3 ++- tests/include/test/macros.h | 3 ++- tests/include/test/psa_crypto_helpers.h | 3 ++- tests/include/test/psa_helpers.h | 3 ++- tests/include/test/random.h | 3 ++- tests/src/helpers.c | 3 ++- tests/src/random.c | 3 ++- 25 files changed, 72 insertions(+), 23 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 63c0f672b..151affdb2 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -20,7 +20,8 @@ * . */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h index a72a8c22a..f99e76fb6 100644 --- a/include/mbedtls/aria.h +++ b/include/mbedtls/aria.h @@ -9,7 +9,8 @@ * Korean, but see http://210.104.33.10/ARIA/index-e.html in English) * and also described by the IETF in RFC 5794. */ -/* Copyright (C) 2006-2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2006-2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h index 243ae63af..696d400ea 100644 --- a/include/mbedtls/chacha20.h +++ b/include/mbedtls/chacha20.h @@ -12,7 +12,8 @@ * \author Daniel King */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h index 3d842ef19..97f1c58c0 100644 --- a/include/mbedtls/chachapoly.h +++ b/include/mbedtls/chachapoly.h @@ -12,7 +12,8 @@ * \author Daniel King */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h index 05866a2da..4a3e35448 100644 --- a/include/mbedtls/poly1305.h +++ b/include/mbedtls/poly1305.h @@ -12,7 +12,8 @@ * \author Daniel King */ -/* Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. +/* + * Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved. * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 69323184d..3dc3b8673 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -1,7 +1,8 @@ /* * PSA crypto layer on top of Mbed TLS crypto */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h index edf3ab603..ef40f7994 100644 --- a/library/psa_crypto_core.h +++ b/library/psa_crypto_core.h @@ -1,7 +1,8 @@ /* * PSA crypto core internal interfaces */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_its.h b/library/psa_crypto_its.h index 380978760..e2b7466bc 100644 --- a/library/psa_crypto_its.h +++ b/library/psa_crypto_its.h @@ -1,7 +1,8 @@ /** \file psa_crypto_its.h * \brief Interface of trusted storage that crypto is built on. */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c index 087c768f4..53a260007 100644 --- a/library/psa_crypto_se.c +++ b/library/psa_crypto_se.c @@ -1,7 +1,8 @@ /* * PSA crypto support for secure element drivers */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h index c1450656c..3c29b1289 100644 --- a/library/psa_crypto_se.h +++ b/library/psa_crypto_se.h @@ -1,7 +1,8 @@ /* * PSA crypto support for secure element drivers */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_service_integration.h b/library/psa_crypto_service_integration.h index 938bfe1de..c129c8ee2 100644 --- a/library/psa_crypto_service_integration.h +++ b/library/psa_crypto_service_integration.h @@ -1,4 +1,5 @@ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_slot_management.c b/library/psa_crypto_slot_management.c index 6cd6a1135..8ffb5a0e1 100644 --- a/library/psa_crypto_slot_management.c +++ b/library/psa_crypto_slot_management.c @@ -1,7 +1,8 @@ /* * PSA crypto layer on top of Mbed TLS crypto */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_slot_management.h b/library/psa_crypto_slot_management.h index 472253dd9..6cb02f5b2 100644 --- a/library/psa_crypto_slot_management.h +++ b/library/psa_crypto_slot_management.h @@ -1,7 +1,8 @@ /* * PSA crypto layer on top of Mbed TLS crypto */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_crypto_storage.c b/library/psa_crypto_storage.c index fa1214c86..f12fe0034 100644 --- a/library/psa_crypto_storage.c +++ b/library/psa_crypto_storage.c @@ -1,7 +1,8 @@ /* * PSA persistent key storage */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/library/psa_its_file.c b/library/psa_its_file.c index 0935b2780..86e2c42a9 100644 --- a/library/psa_its_file.c +++ b/library/psa_its_file.c @@ -1,7 +1,8 @@ /* * PSA ITS simulator over stdio files. */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/programs/psa/crypto_examples.c b/programs/psa/crypto_examples.c index 88e34d1fd..97beb0eb4 100644 --- a/programs/psa/crypto_examples.c +++ b/programs/psa/crypto_examples.c @@ -1,5 +1,18 @@ /* * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) */ diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c index 1dbbc8145..b633f7578 100644 --- a/programs/psa/key_ladder_demo.c +++ b/programs/psa/key_ladder_demo.c @@ -30,7 +30,8 @@ * `key_ladder_demo.sh` for an example run. */ -/* Copyright (C) 2018, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2018, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/programs/psa/psa_constant_names.c b/programs/psa/psa_constant_names.c index e22791c4a..964e7b347 100644 --- a/programs/psa/psa_constant_names.c +++ b/programs/psa/psa_constant_names.c @@ -1,5 +1,18 @@ /* * Copyright (C) 2018-2019, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. * * This file is part of mbed TLS (https://tls.mbed.org) */ diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 36b9e72e2..36ec8e687 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -5,7 +5,8 @@ * purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h index 25f831208..aaf13add0 100644 --- a/tests/include/test/macros.h +++ b/tests/include/test/macros.h @@ -4,7 +4,8 @@ * \brief This file contains generic macros for the purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 1dd608433..8cd361fb6 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -1,7 +1,8 @@ /* * Helper functions for tests that use the PSA Crypto API. */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h index 79f683707..352ae67ae 100644 --- a/tests/include/test/psa_helpers.h +++ b/tests/include/test/psa_helpers.h @@ -1,7 +1,8 @@ /* * Helper functions for tests that use any PSA API. */ -/* Copyright (C) 2019, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2019, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/include/test/random.h b/tests/include/test/random.h index dfdefa688..e085f16b5 100644 --- a/tests/include/test/random.h +++ b/tests/include/test/random.h @@ -5,7 +5,8 @@ * random numbers for the purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/src/helpers.c b/tests/src/helpers.c index f0c27c3ff..08d88a5dc 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -1,4 +1,5 @@ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may diff --git a/tests/src/random.c b/tests/src/random.c index 25fa4cf33..3345f78be 100644 --- a/tests/src/random.c +++ b/tests/src/random.c @@ -5,7 +5,8 @@ * for the purpose of testing. */ -/* Copyright (C) 2020, ARM Limited, All Rights Reserved +/* + * Copyright (C) 2020, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 * * Licensed under the Apache License, Version 2.0 (the "License"); you may From b657783269058f10d6e6c2e32067e5200f7af77a Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Mon, 8 Jun 2020 07:08:03 -0400 Subject: [PATCH 80/87] Update iv and len context pointers manually when reallocating buffers These fields might be shifted accordingly in `ssl_parse_record_header()` when receiving a connection with CID, so they require a manual update after calling the generic `mbedtls_ssl_reset_in_out_pointers()`. This commit also adds a regression test which is run by all.sh. Signed-off-by: Andrzej Kurek --- ChangeLog.d/bugfix_PR3405 | 5 +++++ library/ssl_tls.c | 31 ++++++++++++++++++++++++------- tests/ssl-opt.sh | 26 ++++++++++++++++++++++++++ 3 files changed, 55 insertions(+), 7 deletions(-) create mode 100644 ChangeLog.d/bugfix_PR3405 diff --git a/ChangeLog.d/bugfix_PR3405 b/ChangeLog.d/bugfix_PR3405 new file mode 100644 index 000000000..73c57c081 --- /dev/null +++ b/ChangeLog.d/bugfix_PR3405 @@ -0,0 +1,5 @@ +Bugfix + * Update iv and len context pointers manually when reallocating buffers + using the MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH feature. This caused issues + when receiving a connection with CID, when these fields were shifted + in ssl_parse_record_header(). diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 30c917bb1..a202bd838 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3686,11 +3686,13 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) /* If the buffers are too small - reallocate */ { int modified = 0; - size_t written_in = 0; - size_t written_out = 0; + size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; + size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; if( ssl->in_buf != NULL ) { written_in = ssl->in_msg - ssl->in_buf; + iv_offset_in = ssl->in_iv - ssl->in_buf; + len_offset_in = ssl->in_len - ssl->in_buf; if( ssl->in_buf_len < MBEDTLS_SSL_IN_BUFFER_LEN ) { if( resize_buffer( &ssl->in_buf, MBEDTLS_SSL_IN_BUFFER_LEN, @@ -3709,6 +3711,8 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) if( ssl->out_buf != NULL ) { written_out = ssl->out_msg - ssl->out_buf; + iv_offset_out = ssl->out_iv - ssl->out_buf; + len_offset_out = ssl->out_len - ssl->out_buf; if( ssl->out_buf_len < MBEDTLS_SSL_OUT_BUFFER_LEN ) { if( resize_buffer( &ssl->out_buf, MBEDTLS_SSL_OUT_BUFFER_LEN, @@ -3728,9 +3732,14 @@ static int ssl_handshake_init( mbedtls_ssl_context *ssl ) /* Update pointers here to avoid doing it twice. */ mbedtls_ssl_reset_in_out_pointers( ssl ); /* Fields below might not be properly updated with record - * splitting, so they are manually updated here. */ + * splitting or with CID, so they are manually updated here. */ ssl->out_msg = ssl->out_buf + written_out; + ssl->out_len = ssl->out_buf + len_offset_out; + ssl->out_iv = ssl->out_buf + iv_offset_out; + ssl->in_msg = ssl->in_buf + written_in; + ssl->in_len = ssl->in_buf + len_offset_in; + ssl->in_iv = ssl->in_buf + iv_offset_in; } } #endif @@ -5960,14 +5969,15 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) { int modified = 0; uint32_t buf_len = mbedtls_ssl_get_input_buflen( ssl ); - size_t written_in = 0; - size_t written_out = 0; + size_t written_in = 0, iv_offset_in = 0, len_offset_in = 0; + size_t written_out = 0, iv_offset_out = 0, len_offset_out = 0; if( ssl->in_buf != NULL ) { written_in = ssl->in_msg - ssl->in_buf; + iv_offset_in = ssl->in_iv - ssl->in_buf; + len_offset_in = ssl->in_len - ssl->in_buf; if( ssl->in_buf_len > buf_len && ssl->in_left < buf_len ) { - written_in = ssl->in_msg - ssl->in_buf; if( resize_buffer( &ssl->in_buf, buf_len, &ssl->in_buf_len ) != 0 ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "input buffer resizing failed - out of memory" ) ); @@ -5985,6 +5995,8 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) if(ssl->out_buf != NULL ) { written_out = ssl->out_msg - ssl->out_buf; + iv_offset_out = ssl->out_iv - ssl->out_buf; + len_offset_out = ssl->out_len - ssl->out_buf; if( ssl->out_buf_len > mbedtls_ssl_get_output_buflen( ssl ) && ssl->out_left < buf_len ) { @@ -6004,9 +6016,14 @@ void mbedtls_ssl_handshake_free( mbedtls_ssl_context *ssl ) /* Update pointers here to avoid doing it twice. */ mbedtls_ssl_reset_in_out_pointers( ssl ); /* Fields below might not be properly updated with record - * splitting, so they are manually updated here. */ + * splitting or with CID, so they are manually updated here. */ ssl->out_msg = ssl->out_buf + written_out; + ssl->out_len = ssl->out_buf + len_offset_out; + ssl->out_iv = ssl->out_buf + iv_offset_out; + ssl->in_msg = ssl->in_buf + written_in; + ssl->in_len = ssl->in_buf + len_offset_in; + ssl->in_iv = ssl->in_buf + iv_offset_in; } } #endif diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index df3f53b3b..2c95549a9 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2201,6 +2201,32 @@ run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" -c "ignoring unexpected CID" \ -s "ignoring unexpected CID" +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH +run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \ + "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ + "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \ + 0 \ + -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ + -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ + -s "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(initial handshake) Use of Connection ID has been negotiated" \ + -s "Reallocating in_buf" \ + -s "Reallocating out_buf" + +requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID +requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH +run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \ + "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ + "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \ + 0 \ + -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ + -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ + -s "(initial handshake) Use of Connection ID has been negotiated" \ + -c "(initial handshake) Use of Connection ID has been negotiated" \ + -s "Reallocating in_buf" \ + -s "Reallocating out_buf" + # Tests for Encrypt-then-MAC extension run_test "Encrypt then MAC: default" \ From c84b1e6aa042b9e877ba30ac6dcba759a72d5aa2 Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Sat, 13 Jun 2020 11:08:16 +0200 Subject: [PATCH 81/87] Pass "certificate policies" extension to callback Pass the "certificate policies" extension to the callback supplied to mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported policies. This allows the callback to fully replicate the behaviour of the deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION configuration. Signed-off-by: Nicola Di Lieto --- .../pass-unsupported-policies-to-callback.txt | 4 + include/mbedtls/x509_crt.h | 8 +- library/x509_crt.c | 10 ++- tests/suites/test_suite_x509parse.data | 16 ++++ tests/suites/test_suite_x509parse.function | 84 +++++++++++++++++-- 5 files changed, 114 insertions(+), 8 deletions(-) create mode 100644 ChangeLog.d/pass-unsupported-policies-to-callback.txt diff --git a/ChangeLog.d/pass-unsupported-policies-to-callback.txt b/ChangeLog.d/pass-unsupported-policies-to-callback.txt new file mode 100644 index 000000000..d139b4c18 --- /dev/null +++ b/ChangeLog.d/pass-unsupported-policies-to-callback.txt @@ -0,0 +1,4 @@ +Features + * Pass the "certificate policies" extension to the callback supplied to + mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported + policies (#3419). diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 9a9b397d9..038d2114e 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -308,7 +308,9 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * * Callbacks of this type are passed to and used by the * mbedtls_x509_crt_parse_der_with_ext_cb() routine when - * it encounters an unsupported extension. + * it encounters either an unsupported extension or a + * "certificate policies" extension containing any + * unsupported certificate policies. * * \param p_ctx An opaque context passed to the callback. * \param crt The certificate being parsed. @@ -360,7 +362,9 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, * mbedtls_x509_crt_parse_der(), and/or * mbedtls_x509_crt_parse_der_nocopy() * but it calls the callback with every unsupported - * certificate extension. + * certificate extension and additionally the + * "certificate policies" extension if it contains any + * unsupported certificate policies. * The callback must return a negative error code if it * does not know how to handle such an extension. * When the callback fails to parse a critical extension diff --git a/library/x509_crt.c b/library/x509_crt.c index ee3b48dc9..04822e8ab 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -894,7 +894,7 @@ static int x509_get_crt_ext( unsigned char **p, { int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; size_t len; - unsigned char *end_ext_data, *end_ext_octet; + unsigned char *end_ext_data, *start_ext_octet, *end_ext_octet; if( *p == end ) return( 0 ); @@ -940,6 +940,7 @@ static int x509_get_crt_ext( unsigned char **p, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + start_ext_octet = *p; end_ext_octet = *p + len; if( end_ext_octet != end_ext_data ) @@ -1025,6 +1026,13 @@ static int x509_get_crt_ext( unsigned char **p, if( ( ret = x509_get_certificate_policies( p, end_ext_octet, &crt->certificate_policies ) ) != 0 ) { + /* Give the callback (if any) a chance to handle the extension + * if it contains unsupported policies */ + if( ret == MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE && cb != NULL && + cb( p_ctx, crt, &extn_oid, is_critical, + start_ext_octet, end_ext_octet ) == 0 ) + break; + #if !defined(MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION) if( is_critical ) return( ret ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 0ba3b2c75..d5f538b22 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2032,6 +2032,22 @@ X509 CRT ASN1 (Unsupported non critical extension not recognized by callback) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crt_cb:"308203353082021da00302010202104d3ebbb8a870f9c78c55a8a7e12fd516300d06092a864886f70d01010b05003010310e300c06035504030c0564756d6d79301e170d3230303432383137343234335a170d3230303632373137343234335a3010310e300c06035504030c0564756d6d7930820122300d06092a864886f70d01010105000382010f003082010a0282010100a51b75b3f7da2d60ea1b0fc077f0dbb2bbb6fe1b474028368af8dc2664672896efff171033b0aede0b323a89d5c6db4d517404bc97b65264e41b9e9e86a6f40ace652498d4b3b859544d1bacfd7f86325503eed046f517406545c0ffb5560f83446dedce0fcafcc41ac8495488a6aa912ae45192ef7e3efa20d0f7403b0baa62c7e2e5404c620c5793623132aa20f624f08d88fbf0985af39433f5a24d0b908e5219d8ba6a404d3ee8418203b62a40c8eb18837354d50281a6a2bf5012e505c419482787b7a81e5935613ceea0c6d93e86f76282b6aa406fb3a1796c56b32e8a22afc3f7a3c9daa8f0e2846ff0d50abfc862a52f6cf0aaece6066c860376f3ed0203010001a3818a308187300c0603551d13040530030101ff30130603551d110101ff04093007820564756d6d79301206082b0601050507011e0101000403040100300e0603551d0f0101ff040403020184301d0603551d0e04160414e6e451ec8d19d9677b2d272a9d73b939fa2d915a301f0603551d23041830168014e6e451ec8d19d9677b2d272a9d73b939fa2d915a300d06092a864886f70d01010b0500038201010056d06047b7f48683e2347ca726997d9700b4f2cf1d8bc0ef17addac8445d38ffd7f8079055ead878b6a74c8384d0e30150c8990aa74f59cda6ebcb49465d8991ffa16a4c927a26e4639d1875a3ac396c7455c7eda40dbe66054a03d27f961c15e86bd5b06db6b26572977bcda93453b6b6a88ef96b31996a7bd17323525b33050d28deec9c33a3f9765a11fb99d0e222bd39a6db3a788474c9ca347377688f837d42f5841667bffcbe6b473e6f229f286a0829963e591a99aa7f67e9d20c36ccd2ac84cb85b7a8b3396a6cbe59a573ffff726f373197c230de5c92a52c5bc87e29c20bdf6e89609764a60c649022aabd768f3557661b083ae00e6afc8a5bf2ed":"cert. version \: 3\nserial number \: 4D\:3E\:BB\:B8\:A8\:70\:F9\:C7\:8C\:55\:A8\:A7\:E1\:2F\:D5\:16\nissuer name \: CN=dummy\nsubject name \: CN=dummy\nissued on \: 2020-04-28 17\:42\:43\nexpires on \: 2020-06-27 17\:42\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\nsubject alt name \:\n dNSName \: dummy\nkey usage \: Digital Signature, Key Cert Sign\n":0 +X509 CRT ASN1 (Unsupported critical policy recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 + +X509 CRT ASN1 (Unsupported critical policy not recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060100300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + +X509 CRT ASN1 (Unsupported non critical policy recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 + +X509 CRT ASN1 (Unsupported non critical policy not recognized by callback) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt_cb:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":0 + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 54e515673..a72532f01 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -303,17 +303,91 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san, } int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, - int critical, const unsigned char *p, const unsigned char *end ) + int critical, const unsigned char *cp, const unsigned char *end ) { ( void ) crt; - ( void ) p; + ( void ) cp; ( void ) end; ( void ) critical; mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx; - if( new_oid == NULL || new_oid->tag != oid->tag || new_oid->len != oid->len || - memcmp(new_oid->p, oid->p, oid->len) != 0 ) + if( oid->tag == MBEDTLS_ASN1_OID && + MBEDTLS_OID_CMP( MBEDTLS_OID_CERTIFICATE_POLICIES, oid ) == 0 ) + { + /* Handle unknown certificate policy */ + int ret, parse_ret = 0; + size_t len; + unsigned char **p = (unsigned char **)&cp; + + /* Get main sequence tag */ + ret = mbedtls_asn1_get_tag( p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); + if( ret != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + if( *p + len != end ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + /* + * Cannot be an empty sequence. + */ + if( len == 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + while( *p < end ) + { + const unsigned char *policy_end; + + /* + * Get the policy sequence + */ + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + policy_end = *p + len; + + if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, + MBEDTLS_ASN1_OID ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + + if( len != 1 || *p[0] != 1 ) + parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; + + *p += len; + + /* + * If there is an optional qualifier, then *p < policy_end + * Check the Qualifier len to verify it doesn't exceed policy_end. + */ + if( *p < policy_end ) + { + if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + /* + * Skip the optional policy qualifiers. + */ + *p += len; + } + + if( *p != policy_end ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + } + + if( *p != end ) + return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + + return( parse_ret ); + } + else if( new_oid != NULL && new_oid->tag == oid->tag && new_oid->len == oid->len && + memcmp( new_oid->p, oid->p, oid->len ) == 0 ) + return( 0 ); + else return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); - return( 0 ); } #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* END_HEADER */ From b77fad8ebe60d5eb2966e4ab20de51c1770d2a1a Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Wed, 17 Jun 2020 17:57:36 +0200 Subject: [PATCH 82/87] test_suite_x509parse.function improvement as suggested in https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r441433697 also removed two no longer necessary void casts Signed-off-by: Nicola Di Lieto --- tests/suites/test_suite_x509parse.function | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index a72532f01..9cac2ec54 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -306,8 +306,6 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf int critical, const unsigned char *cp, const unsigned char *end ) { ( void ) crt; - ( void ) cp; - ( void ) end; ( void ) critical; mbedtls_x509_buf *new_oid = (mbedtls_x509_buf *)p_ctx; if( oid->tag == MBEDTLS_ASN1_OID && @@ -352,6 +350,9 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf MBEDTLS_ASN1_OID ) ) != 0 ) return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + /* + * Recognize exclusively the policy with OID 1 + */ if( len != 1 || *p[0] != 1 ) parse_ret = MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE; From f4d9f21b9b9b39715b708599af8d5fd2bdd1495b Mon Sep 17 00:00:00 2001 From: nia Date: Fri, 19 Jun 2020 16:14:27 +0100 Subject: [PATCH 83/87] entropy: Rename sysctl_wrapper to sysctl_arnd_wrapper Signed-off-by: nia --- library/entropy_poll.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 203034eb4..69d06af48 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -129,7 +129,7 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #if defined(KERN_ARND) #define HAVE_SYSCTL_ARND -static int sysctl_wrapper ( void *buf, size_t buflen ) +static int sysctl_arnd_wrapper( void *buf, size_t buflen ) { int name[2]; size_t len; @@ -177,7 +177,7 @@ int mbedtls_platform_entropy_poll( void *data, #if defined(HAVE_SYSCTL_ARND) ((void) file); ((void) read_len); - if( sysctl_wrapper( output, len ) == -1 ) + if( sysctl_arnd_wrapper( output, len ) == -1 ) return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED ); *olen = len; return( 0 ); From 5430447a6efcac2f43120ea162e53e08b606386a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 22 Jun 2020 10:11:47 +0200 Subject: [PATCH 84/87] Adjust comments about SEED synchronisation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Pégourié-Gonnard --- tests/scripts/all.sh | 6 +++++- tests/scripts/basic-build-test.sh | 5 ++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 00bf997f5..a22f7b960 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -123,7 +123,11 @@ pre_initialize_variables () { KEEP_GOING=0 # Seed value used with the --release-test option. - # !!! Keep this in sync with SEED in basic-build-test.sh !!! + # + # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if + # both values are kept in sync. If you change the value here because it + # breaks some tests, you'll definitely want to change it in + # basic-build-test.sh as well. RELEASE_SEED=1 : ${MBEDTLS_TEST_OUTCOME_FILE=} diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index f91b14466..8d71bbaea 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -44,7 +44,10 @@ fi : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} # Used to make ssl-opt.sh deterministic. -# !!! Keep this in sync with RELEASE_SEED in all.sh !!! +# +# See also RELEASE_SEED in all.sh. Debugging is easier if both values are kept +# in sync. If you change the value here because it breaks some tests, you'll +# definitely want to change it in all.sh as well. : ${SEED:=1} export SEED From 511bc8c57b2f1e89cce28440fa97cf49860646be Mon Sep 17 00:00:00 2001 From: Nicola Di Lieto Date: Tue, 23 Jun 2020 00:15:28 +0200 Subject: [PATCH 85/87] add comment about potential future extension as requested, see https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r443836568 Signed-off-by: Nicola Di Lieto --- include/mbedtls/x509_crt.h | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 038d2114e..ab0d0cdbc 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -311,6 +311,8 @@ int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain, * it encounters either an unsupported extension or a * "certificate policies" extension containing any * unsupported certificate policies. + * Future versions of the library may invoke the callback + * in other cases, if and when the need arises. * * \param p_ctx An opaque context passed to the callback. * \param crt The certificate being parsed. @@ -372,6 +374,8 @@ typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx, * When the callback fails to parse a non critical extension * mbedtls_x509_crt_parse_der_with_ext_cb() simply skips * the extension and continues parsing. + * Future versions of the library may invoke the callback + * in other cases, if and when the need arises. * * \return \c 0 if successful. * \return A negative error code on failure. From e3fdcfa45cfec2f38fe27bacd5470a4bf8c77bc1 Mon Sep 17 00:00:00 2001 From: nia Date: Tue, 23 Jun 2020 21:03:01 +0100 Subject: [PATCH 86/87] entropy: Avoid arithmetic on void pointer Signed-off-by: nia --- library/entropy_poll.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index 69d06af48..aaff26f48 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -131,6 +131,7 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) static int sysctl_arnd_wrapper( void *buf, size_t buflen ) { + unsigned char *output = buf; int name[2]; size_t len; @@ -140,10 +141,10 @@ static int sysctl_arnd_wrapper( void *buf, size_t buflen ) while( buflen > 0 ) { len = buflen > 256 ? 256 : buflen; - if( sysctl(name, 2, buf, &len, NULL, 0) == -1 ) + if( sysctl(name, 2, output, &len, NULL, 0) == -1 ) return( -1 ); buflen -= len; - buf += len; + output += len; } return( 0 ); } From 8373c86628bbde28ed7dadf32e7dec80e7045aa2 Mon Sep 17 00:00:00 2001 From: nia Date: Wed, 24 Jun 2020 17:15:02 +0100 Subject: [PATCH 87/87] entropy: Adjust parameter type of internal function to avoid a cast Signed-off-by: nia --- library/entropy_poll.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/library/entropy_poll.c b/library/entropy_poll.c index aaff26f48..dc621836e 100644 --- a/library/entropy_poll.c +++ b/library/entropy_poll.c @@ -129,9 +129,8 @@ static int getrandom_wrapper( void *buf, size_t buflen, unsigned int flags ) #if defined(KERN_ARND) #define HAVE_SYSCTL_ARND -static int sysctl_arnd_wrapper( void *buf, size_t buflen ) +static int sysctl_arnd_wrapper( unsigned char *buf, size_t buflen ) { - unsigned char *output = buf; int name[2]; size_t len; @@ -141,10 +140,10 @@ static int sysctl_arnd_wrapper( void *buf, size_t buflen ) while( buflen > 0 ) { len = buflen > 256 ? 256 : buflen; - if( sysctl(name, 2, output, &len, NULL, 0) == -1 ) + if( sysctl(name, 2, buf, &len, NULL, 0) == -1 ) return( -1 ); buflen -= len; - output += len; + buf += len; } return( 0 ); }