Write a simple unit test for mbedtls_ecp_muladd().
Add just one pair of test cases. One of them causes the argument to
fix_negative to have an argument with an all-bits-zero least
significant limb which briefly triggered a branch in Mbed TLS 2.26+.
See https://github.com/ARMmbed/mbedtls/issues/4296 and
https://github.com/ARMmbed/mbedtls/pull/4297.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Marked dirty memory ends up in the result buffer after encoding (due to
the input having been marked dirty), and then the final comparison
to make sure that we got what we expected was triggering the constant
flow checker.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
These tests validate that an entropy object can be reused and that
calling mbedtls_entropy_free() twice is ok.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
These tests are trivial except when compiling with MBEDTLS_THREADING_C
and a mutex implementation that are picky about matching each
mbedtls_mutex_init() with exactly one mbedtls_mutex_free().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Document the usage inside the library, and relate it with how it's
additionally used in the test code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Subtract the number of calls to mbedtls_mutex_free() from the number
of calls to mbedtls_mutex_init(). A mutex leak will manifest as a
positive result at the end of the test case.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
If the mutex usage verification framework is enabled and it detects a
mutex usage error, report this error and mark the test as failed.
This detects most usage errors, but not all cases of using
uninitialized memory (which is impossible in full generality) and not
leaks due to missing free (which will be handled in a subsequent commit).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Check that the source address and the frame counter have the expected
length. Otherwise, if the test data was invalid, the test code could
build nonsensical inputs, potentially overflowing the iv buffer.
The primary benefit of this change is that it also silences a warning
from compiling with `gcc-10 -O3` (observed with GCC 10.2.0 on
Linux/amd64). GCC unrolled the loops and complained about a buffer
overflow with warnings like:
```
suites/test_suite_ccm.function: In function 'test_mbedtls_ccm_star_auth_decrypt':
suites/test_suite_ccm.function:271:15: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=]
271 | iv[i] = source_address->x[i];
| ~~~~~~^~~~~~~~~~~~~~~~~~~~~~
suites/test_suite_ccm.function:254:19: note: at offset [13, 14] to object 'iv' with size 13 declared here
254 | unsigned char iv[13];
```
Just using memcpy instead of loops bypasses this warnings. The added
checks are a bonus.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When using pthread mutexes (MBEDTLS_THREADING_C and
MBEDTLS_THREADING_PTHREAD enabled), and when test hooks are
enabled (MBEDTLS_TEST_HOOKS), set up wrappers around the
mbedtls_mutex_xxx abstraction. In this commit, the wrapper functions
don't do anything yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Add test cases for mbedtls_mpi_sub_abs() where the second operand has
more limbs than the first operand (which, if the extra limbs are not
all zero, implies that the function returns
MBEDTLS_ERR_MPI_NEGATIVE_VALUE).
This exposes a buffer overflow (reported in #4042).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In order to remove large buffers from the stack, the der data is written
into the same buffer that the pem is eventually written into, however
although the pem data is zero terminated, there is now data left in the
buffer after the zero termination, which can cause
mbedtls_x509_crt_parse to fail to parse the same buffer if passed back
in. Patches also applied to mbedtls_pk_write_pubkey_pem, and
mbedtls_pk_write_key_pem, which use similar methods of writing der data
to the same buffer, and tests modified to hopefully catch any future
regression on this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
mbedtls_ctr_drbg_set_reseed_interval() and
mbedtls_hmac_drbg_set_reseed_interval() can now be called before
their seed functions and the reseed_interval value will persist.
Previously it would be overwritten with the default value.
*_drbg_reseed_interval is now set in init() and free().
mbedtls_ctr_drbg_free() and mbedtls_hmac_drbg_free() now
reset the drbg context to the state immediately after init().
Tests:
- Added test to check that DRBG reseeds when reseed_counter
reaches reseed_interval, if reseed_interval set before seed
and reseed_interval is less than MBEDTLS_*_DRBG_RESEED_INTERVAL.
Signed-off-by: gacquroff <gavina352@gmail.com>
Fixes an issue where configs that had `MBEDTLS_MPI_MAX_BITS` greater than 256
but smaller than the test that was running (792 bits) the test would fail
incorrectly.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Move dependancy on `MBEDTLS_MPI_MAX_BITS` to apply to the specific test cases
which will break when `MBEDTLS_MPI_MAX_BITS` is too small. This re-enables
previous tests that were turned off accidentally.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Previously `mbedtls_mpi_exp_mod` was tested with values that were over
`MBEDTLS_MPI_MAX_SIZE` in size. This is useful to do as some paths are only
taken when the exponent is large enough however, on builds where
`MBEDTLS_MPI_MAX_SIZE` is under the size of these test values.
This fix turns off these tests when `MBEDTLS_MPI_MAX_SIZE` is too small to
safely test (notably this is the case in config-thread.h).
Signed-off-by: Chris Jones <christopher.jones@arm.com>
In two test cases, the exponentiation computation was not being fully tested
as when A_bytes (the base) == N_bytes (the modulus) -> A = N. When this is the
case A is reduced to 0 and therefore the result of the computation will always
be 0.
This fixes that issue and therefore increases the test coverage to ensure
different computations are actually being run.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Reword test cases to be easier to read and understand.
Adds comments to better explain what the test is doing.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Add two further boundary tests for cases where both the exponent and modulus to
`mbedtls_mpi_exp_mod()` are `MBEDTLS_MPI_MAX_SIZE`, or longer, bytes long.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Adds test cases to ensure that `mbedtls_mpi_exp_mod` will return an error with
an exponent or modulus that is greater than `MBEDTLS_MPI_MAX_SIZE` in size.
Adds test cases to ensure that Diffie-Hellman will fail to make a key pair
(using `mbedtls_dhm_make_public`) when the prime modulus is greater than
`MBEDTLS_MPI_MAX_SIZE` in size.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Add a test case to ensure `mbedtls_mpi_exp_mod` fails when using a key size
larger than MBEDTLS_MPI_MAX_SIZE.
Add a test case to ensure that Diffie-Hellman operations fail when using a key
size larger than MBEDTLS_MPI_MAX_SIZE.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
Add missing tag check for algorithm parameters when comparing the
signature in the description part of the cert against the actual
signature whilst loading a certificate. This was found by a
certificate (created by fuzzing) that openssl would not verify, but
mbedtls would.
Regression test added (one of the client certs modified accordingly)
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
GCC 11 generated the warnings because the parameter `ret_buf`
was declared as `const char[10]`, but some of the arguments
provided in `run_test_snprintf` are shorter literals, like "".
Now the type of `ret_buf` is `const char *`.
Both implementations of `test_snprintf` were fixed.
Signed-off-by: Rodrigo Dias Correa <rodrigo@correas.us>
Positive tests: test that the RNG has the expected size, given that we
know how many leading zeros it has because we know how the function
consumes bytes and when the test RNG produces null bytes.
Negative tests: test that if the RNG is willing to emit less than the
number of wanted bytes, the function fails.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The test function mbedtls_mpi_lt_mpi_ct did not initialize ret in test
code. If there was a bug in library code whereby the library function
mbedtls_mpi_lt_mpi_ct() did not set ret when it should, we might have
missed it if ret happened to contain the expected value. So initialize
ret to a value that we never expect.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If test_fail is called multiple times in the same test case, report
the location of the first failure, not the last one.
With this change, you no longer need to take care in tests that use
auxiliary functions not to fail in the main function if the auxiliary
function has failed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
