We had only allocated 40 bytes for printing into, but we wanted to print 46
bytes. Update the buffer to be 47 bytes, which is large enough to hold what
we want to print plus a terminating null byte.
Simplify the test case "PSA export a slot after a failed import of an
EC keypair": use an invalid private value for the specified curve. Now
the dependencies match the test data, so this fixes curves.pl.
ssl_write_handshake_msg() includes the assertion that
`ssl->handshake != NULL` when handling a record which is
(a) a handshake message, and NOT
(b) a HelloRequest.
However, it later calls `ssl_append_flight()` for any
record different from a HelloRequest handshake record,
that is, records satisfying !(a) || !(b), instead of
(a) && !(b) as covered by the assertion (specifically,
CCS or Alert records).
Since `ssl_append_flight()` assumes that `ssl->handshake != NULL`,
this rightfully triggers static analyzer warnings.
This commit expands the scope of the assertion to check
that `ssl->handshake != NULL` for any record which is not
a HelloRequest.
Update some test data from the asymmetric_apis_coverage branch that
wasn't updated to the new format from the
psa-asymmetric-format-raw_private_key branch.
1. New test for testing bad order of hash function calls.
2. Removed test hash_update_bad_paths since it's test scenario
was moved to the new test.
3. Moved some scenarios from test hash_verify_bad_paths to
the new test.
1. Rename hash_bad_paths to hash_verify_bad_paths
2. Add test hash_update_bad_paths
3. Add test hash_finish_bad_paths
The different scenarios tested as part of hash_bad_paths are
moved to the relevant test.
Revert changes for checking whether `MBEDTLS_ECP_RESTARTABLE`
is defined, since it broke the CI. The context is used whether the
restartable feature is defined or not.
1. Checge to check for `MBEDTLS_ECP_RESTARTABLE` for all definitions
of `rs_ctx`.
2. Remove checks for `_ALT` when using `rs_ctx` as they cannot coexist
with the Restartable configuration.
The invocation of `compat.sh` that runs those tests was added in all.sh but
not here, resulting in our reported coverage figures being slightly lower than
what we actually test. Fixing that omission change the figures reported from:
Lines Tested : 19105 of 22623 84.4%
Functions Tested : 1392 of 1460 95.3%
to:
Lines Tested : 19126 of 22623 84.5%
Functions Tested : 1399 of 1460 95.8%
It requires `$OPENSSL_NEXT` to be set and point to an OpenSSL version in the
1.1.1 line or later.
