Commit graph

2505 commits

Author SHA1 Message Date
Andrzej Kurek 941962eb91 Add DTLS handshake tests for the mocked ssl test suite
Starting with TLS 1.1
2020-02-12 09:18:19 -05:00
Andrzej Kurek 15daf50b05 Parametrize the endpoint init and free to prepare for DTLS tests 2020-02-12 09:17:52 -05:00
Andrzej Kurek 1a44a159ef Change the order of endpoint initialization steps
Wrong order caused the `protected_record_size` to be of wrong size, hence
causing the server to receive a malformed message in case of a DTLS test.
2020-02-10 03:53:49 -05:00
Andrzej Kurek f46b9128b6 Change test queue errors to SSL_WANT_WRITE and SSL_WANT_READ
Simulate real behavior better, so that higher abstraction layers know when
the buffers are empty and full.
2020-02-10 03:53:49 -05:00
Piotr Nowicki c3fca5e876 Add tests with sending application data to test_suite_ssl 2020-02-07 09:14:04 +01:00
Manuel Pégourié-Gonnard 4d8c836cdc
Merge pull request #346 from gilles-peskine-arm/mpi_copy_shrink
Improve robustness and testing of mbedtls_mpi_copy
2020-02-06 09:52:01 +01:00
Janos Follath f317dc4918
Merge pull request #350 from gilles-peskine-arm/asn1-tests-parse_prefixes-trailing_garbage
test_suite_asn1parse: improve testing of trailing garbage in parse_prefixes
2020-02-05 15:40:22 +00:00
Jaeden Amero c64eb63aaa
Merge pull request #3021 from AndrzejKurek/handshake-tests
Handshake tests with mocked I/O callbacks
2020-02-05 13:50:20 +00:00
Andrzej Kurek cc5169ce32 Add a PSK test to the mocked ssl handshake tests 2020-02-05 07:26:19 -05:00
Gilles Peskine 5da20cc569
Merge pull request #3023 from gilles-peskine-arm/config-crypto
Add crypto-only preset configurations
2020-02-05 11:17:56 +01:00
Andrzej Kurek f40daa3f05 Add version & ciphersuite tests to ssl handshake
Add tests exercising various protocol versions and ciphersuites
in the mocked ssl handshake.
2020-02-04 09:00:01 -05:00
Gilles Peskine 2579675935 Merge remote-tracking branch 'upstream-public/development' into development
Files deleted by us: keep them deleted.

```
git rm $(git status -s | sed -n 's/^DU //p')
```

Individual files with conflicts:

* `README.md`: keep the crypto version.
* `doxygen/input/doc_mainpage.h`: keep the crypto version (with an obsolete Mbed Crypto version number).
* `include/mbedtls/error.h`:
    * `ERROR`: similar additions made through parallel commits, with only whitespace differences. Align with the tls version.
* `library/CMakeLists.txt`: keep the crypto version.
* `library/Makefile`: keep the crypto version.
* `scripts/generate_errors.pl`: keep the crypto version (the relevant changes were made through parallel commits).
* `tests/scripts/check-test-cases.py`:
    * `Results`: keep the crypto version, which has both the new argument to the constructor (added in crypto only) and the class docstring (added through parallel commits).
* `tests/suites/helpers.function`:
    * `ARRAY_LENGTH`, `ASSERT_ALLOC`: additions in the same location. Keep both, in indifferent order.
* `tests/suites/target_test.function`:
    * `receive_uint32`: keep the crypto version which has an additional bug fix. The tls changes made in tls are irrelevant after this bug fix.
* `visualc/VS2010/mbedTLS.vcxproj`: run `scripts/generate_visualc_files.pl`.

Review of non-conflicting changes:

* `all.sh`: 1 change.
    * zlib test components: don't add them.
* `include/CMakeLists.txt`: 1 change.
    * `target_include_directories`: doesn't work as is (different target name). Don't take the change.
* All other non-conflicting changes: take them.
2020-02-03 18:52:36 +01:00
Gilles Peskine a9da093617 shrink tests: clearer description 2020-02-03 16:18:30 +01:00
Gilles Peskine 9a6ecee4de Move test functions from Lilliput to Blefuscu
We normally represent bignums in big-endian order and there is no
reason to deviate here.
2020-02-03 16:15:47 +01:00
Andrzej Kurek b29807413e Refactor certificates and keys in ssl handshake mock tests
Let the caller decide what certificates and keys are loaded (EC/RSA)
instead of loading both for the server, and an unspecified one 
for the client. Use only DER encoding.
2020-02-02 19:25:26 -05:00
Hanno Becker 199b709e53 ASN.1: Add ASN.1 SEQUENCE traversal API 2020-01-31 15:37:26 +00:00
Hanno Becker 12ae27dd0e ASN.1: Introduce helper function to free ASN.1 sequence 2020-01-31 15:37:26 +00:00
Gilles Peskine f4e672ec9e Add missing compilation guards in test suite
Fix the build when MBEDTLS_USE_PSA_CRYPTO is set but
MBEDTLS_X509_CSR_WRITE_C is not.
2020-01-31 14:22:10 +01:00
Gilles Peskine 7cfcb3fc03 Change the encoding of key types to have a parity bit
Change the encoding of key types, EC curve families and DH group
families to make the low-order bit a parity bit (with even parity).

This ensures that distinct key type values always have a Hamming
distance of at least 2, which makes it easier for implementations to
resist single bit flips.
2020-01-31 10:24:21 +01:00
Gilles Peskine 7d7c8dc8b0 Test parsing invalid key type in storage 2020-01-31 10:24:21 +01:00
Gilles Peskine f65ed6f254 Change key types to a 16-bit encoding
All key types now have an encoding on 32 bits where the bottom 16 bits
are zero. Change to using 16 bits only.

Keep 32 bits for key types in storage, but move the significant
half-word from the top to the bottom.

Likewise, change EC curve and DH group families from 32 bits out of
which the top 8 and bottom 16 bits are zero, to 8 bits only.

Reorder psa_core_key_attributes_t to avoid padding.
2020-01-31 10:24:21 +01:00
Gilles Peskine b87b719467 Remove old values of curve encodings
Remove the values of curve encodings that are based on the TLS registry
and include the curve size, keeping only the new encoding that merely
encodes a curve family in 8 bits.

Keep the old constant names as aliases for the new values and
deprecate the old names.
2020-01-31 10:24:21 +01:00
Gilles Peskine 80d26fb56f Switch psa_crypto tests to the new curve encoding 2020-01-31 10:24:21 +01:00
Gilles Peskine 89177e862b Convert USE_PSA_CRYPTO pk interface to the new PSA EC curve encoding 2020-01-31 10:15:32 +01:00
Gilles Peskine 33b1c69908 pk tests: USE_PSA_CRYPTO: test several curves 2020-01-31 10:15:32 +01:00
Gilles Peskine 85f47c9d69 pk tests: USE_PSA_CRYPTO: test attributes of the PSA key 2020-01-31 10:15:32 +01:00
Gilles Peskine 45c29ce4c0 Move size-specific curve/group constants to crypto_compat.h 2020-01-31 10:15:32 +01:00
Gilles Peskine 228abc5773 Define EC curve family constants
Define constants for ECC curve families and DH group families. These
constants have 0x0000 in the lower 16 bits of the key type.

Support these constants in the implementation and in the PSA metadata
tests.

Switch the slot management and secure element driver HAL tests to the
new curve encodings. This requires SE driver code to become slightly
more clever when figuring out the bit-size of an imported EC key since
it now needs to take the data size into account.

Switch some documentation to the new encodings.

Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
2020-01-31 10:15:32 +01:00
Gilles Peskine 025fccdc32 Change the encoding of EC curves and DH groups to include the size
Change the representation of psa_ecc_curve_t and psa_dh_group_t from
the IETF 16-bit encoding to a custom 24-bit encoding where the upper 8
bits represent a curve family and the lower 16 bits are the key size
in bits. Families are based on naming and mathematical similarity,
with sufficiently precise families that no two curves in a family have
the same bit size (for example SECP-R1 and SECP-R2 are two different
families).

As a consequence, the lower 16 bits of a key type value are always
either the key size or 0.
2020-01-31 10:15:32 +01:00
Gilles Peskine 4295e8b9c5 Rework PSA curve to mbedlts group id conversion
Don't rely on the bit size encoded in the PSA curve identifier, in
preparation for removing that.

For some inputs, the error code on EC key creation changes from
PSA_ERROR_INVALID_ARGUMENT to PSA_ERROR_NOT_SUPPORTED or vice versa.
There will be further such changes in subsequent commits.
2020-01-31 10:15:32 +01:00
Gilles Peskine 7bfcfac164 Change key type encodings to avoid bit 16
Key types are now encoded through a category in the upper 4 bits (bits
28-31) and a type-within-category in the next 11 bits (bits 17-27),
with bit 16 unused and bits 0-15 only used for the EC curve or DH
group.

For symmetric keys, bits 20-22 encode the block size (0x0=stream,
0x3=8B, 0x4=16B).
2020-01-31 10:15:32 +01:00
Piotr Nowicki 2a1f178d7c Add test for prescribed states of handshake with the custom IO callbacks 2020-01-31 10:06:04 +01:00
Gilles Peskine 88e08464f5 Add dedicated test cases for psa_hash_compare
psa_hash_compare is tested for good cases and invalid-signature cases
in hash_compute_compare. Also test invalid-argument cases. Also run a
few autonomous test cases with valid arguments.
2020-01-30 12:27:14 +01:00
Gilles Peskine 29eb80d26c Remove some spurious dependencies on MBEDTLS_SHA256_C 2020-01-30 12:27:14 +01:00
Gilles Peskine 7b8efaffaa Add missing dependencies on MBEDTLS_MD_C
The PSA implementations of deterministic ECDSA, of all RSA signatures
and of RSA OAEP use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine aead02cce9 Remove obsolete dependencies on MBEDTLS_MD_C
The PSA implementation of hash algorithms, HMAC algorithms and KDF
algorithms using HMAC no longer use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine 0a749c8fa3 Implement and test psa_hash_compute, psa_hash_compare 2020-01-30 12:27:12 +01:00
Jaeden Amero 79ef1d4e55
Merge pull request #2987 from AndrzejKurek/iotssl-2958-datagram-transport-simulated
Message transport mocks in ssl tests
2020-01-30 10:23:27 +00:00
Manuel Pégourié-Gonnard f712e163b0
Merge pull request #179 from mpg/sha512-no-sha384
Add option to build SHA-512 without SHA-384
2020-01-30 10:32:20 +01:00
Janos Follath 8b38978b85
Merge pull request #349 from gilles-peskine-arm/coverity-20200115-crypto
Fix minor defects found by Coverity
2020-01-29 15:05:11 +00:00
Janos Follath ba1150f822 Merge pull request #2995 from gilles-peskine-arm/coverity-20200115-tls into development 2020-01-29 14:51:24 +00:00
Jaeden Amero bfc73bcfd2
Merge pull request #2988 from piotr-now/iotssl-2954-custom-io-callbacks-to-ssl-unit-test
Changes in custom IO callbacks used in unit tests
2020-01-28 14:46:13 +00:00
Piotr Nowicki d796e19d3b Fix memory allocation fail in TCP mock socket
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
2020-01-28 13:04:21 +01:00
Piotr Nowicki 890b5ca330 Change non-blocking read/write in TCP mock socket
Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests
2020-01-22 14:15:17 +01:00
Piotr Nowicki fb437d72ef Fix segmentation fault in mbedtls_test_buffer
This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault
2020-01-22 13:25:36 +01:00
Andrzej Kurek bc483dea84 Add a message-based socket mock connection to the ssl tests
The connection will send/receive full messages.
2020-01-22 06:38:03 -05:00
Andrzej Kurek 13719cdae4 Add a message metadata queue in ssl tests
Add a metadata queue that will be used on top of the ring buffer callbacks.
Add normal and negative tests.
2020-01-22 06:36:39 -05:00
Andrzej Kurek f7774146b6 ssl test suite: enable dropping bytes from buffer
Add an option to not pass any buffer to mbedtls_test_buffer_get to drop data.
2020-01-22 06:34:59 -05:00
Gilles Peskine 95c893d17f More systematic handling of trailing garbage in parse_prefixes
Before, the string to parse may contain trailing garbage (there was
never more than one byte), and there was a separate argument
indicating the length of the content. Now, the string to parse is the
exact content, and the test code runs an extra test step with a
trailing byte added.
2020-01-21 21:29:37 +01:00
Gilles Peskine ef4183858a Document how tested prefix lengths are chosen 2020-01-21 21:29:37 +01:00
Gilles Peskine 9c673233bc Fix outcome file leak if execute_tests exits early
If there was a fatal error (bizarre behavior from the standard
library, or missing test data file), execute_tests did not close the
outcome file. Fix this.
2020-01-21 18:03:56 +01:00
Gilles Peskine 84984ae220 Add missing return code check on calls to mbedtls_md() 2020-01-21 16:52:08 +01:00
Gilles Peskine 9018b11302 Check that mbedtls_mpi_grow succeeds 2020-01-21 16:30:53 +01:00
Gilles Peskine 292672eb12 If ASSERT_ALLOC_WEAK fails, mark the test as skipped, not passed
This was the intended behavior of ASSERT_ALLOC_WEAK all along, but
skipping was not implemented yet when ASSERT_ALLOC_WEAK was
introduced.
2020-01-21 16:20:04 +01:00
Gilles Peskine 42a1acfd0e get_len_step: Fix end-of-buffer calculation when buffer_size==0
Fix get_len_step when buffer_size==0. The intent of this test is to
ensure (via static or runtime buffer overflow analysis) that
mbedtls_asn1_get_len does not attempt to access beyond the end of the
buffer. When buffer_size is 0 (reached from get_len when parsing a
1-byte buffer), the buffer is buf[1..1] because allocating a 0-byte
buffer might yield a null pointer rather than a valid pointer. In this
case the end of the buffer is p==buf+1, not buf+buffer_size which is
buf+0.

The test passed because calling mbedtls_asn1_get_len(&p,end,...) with
end < p happens to work, but this is not guaranteed.
2020-01-21 16:12:07 +01:00
Janos Follath 2e9f108fbd Bump version to Mbed TLS 2.20.0 2020-01-21 14:08:26 +00:00
Gilles Peskine 7428b45126 Better coverage for copy and swap
Cover more cases: different signs, different zeronesses, repeated
argument.
2020-01-20 21:01:51 +01:00
Gilles Peskine 72d7609f82 Bignum copy/shrink: More precise test case descriptions 2020-01-20 17:19:03 +01:00
Janos Follath 83f33d33eb Bump version to Mbed TLS 2.20.0 2020-01-20 14:52:29 +00:00
Janos Follath d27a88438f Merge branch 'development' into development-restricted 2020-01-15 15:55:11 +00:00
Manuel Pégourié-Gonnard 86a39bdbc5 Improve readability of test dependencies
- Always put MBEDTLS_SHA512_NO_SHA384 immediately after MBEDTLS_SHA512_C
- Remove duplicate occurrences of MBEDTLS_SHA512_NO_SHA384 on the same line
2020-01-07 10:24:17 +01:00
Manuel Pégourié-Gonnard 6ba5a3fc57 Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
Gilles Peskine 180850a229
Merge pull request #291 from gilles-peskine-arm/ctr_drbg-test_aes_128
Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2019-12-20 10:43:44 +01:00
Gilles Peskine 7a1925c453 Add a few EC public key import/export test cases
Test a Brainpool curve and a curve whose bit size is not a multiple of 8.
2019-12-12 09:00:27 +01:00
Gilles Peskine f8210f2bd5 Test the block size for symmetric keys
Also insist on their category.

Fix a missing implementation of PSA_BLOCK_CIPHER_BLOCK_SIZE for
ChaCha20.
2019-12-12 09:00:27 +01:00
Gilles Peskine 92f2da9d67 More precise descriptions for format and parse tests 2019-12-12 09:00:27 +01:00
Gilles Peskine fb745bf618 Fix memory failure handling in test_format_storage_data_check
Fail the test instead of crashing if a memory allocation fails.

Free memory even if the test fails.
2019-12-12 09:00:26 +01:00
Gilles Peskine 667c111416 Sanity checks for key attributes in exercise_key 2019-12-12 09:00:26 +01:00
Janos Follath c673c2cd44 Break up the ssl_mock_tcp unit test
Break the test up to three different tests for the sake of
better readability and maintainability.
2019-12-09 09:10:21 +00:00
Janos Follath 3766ba50de Add non-blocking mock TCP callbacks to SSL tests 2019-12-09 09:10:21 +00:00
Janos Follath 031827feba Add mbedtls_mock_socket to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This socket implementation uses
two ring buffers to mock the transport layer.
2019-12-09 09:10:14 +00:00
Gilles Peskine 81f7909497
Merge pull request #325 from gilles-peskine-arm/psa-sign_hash
Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash
2019-12-06 10:10:14 +01:00
Janos Follath 6264e66ba4 Add mbedtls_test_buffer to SSL unit tests
In a unit test we want to avoid accessing the network. To test the
handshake in the unit test suite we need to implement a connection
between the server and the client. This ring buffer implementation will
serve as the said connection.
2019-12-06 07:23:49 +00:00
Gilles Peskine 2ff02c361e Document MBEDTLS_TEST_DEPRECATED 2019-11-29 12:17:21 +01:00
Gilles Peskine 895242be1c Add negative test cases for deprecated aliases
Catch more potential plumbing errors such as not returning the right
value or not writing to an output parameter.
2019-11-29 12:15:40 +01:00
Janos Follath 512fe9673f Fix test assert macro calls
The assert() macro in test is not available anymore. It is superseeded
by TEST_HELPER_ASSERT().
2019-11-29 10:13:32 +00:00
Gilles Peskine 6608e71032 Change ASSERT_ALLOC to take a size in elements, not bytes
`ASSERT_ALLOC(p, length)` now allocates `length` elements, i.e.
`length * sizeof(*p)` bytes.
2019-11-29 10:13:32 +00:00
Gilles Peskine 28405300ee New macro ASSERT_ALLOC to allocate memory in tests
The new macro ASSERT_ALLOC allocates memory with mbedtls_calloc and
fails the test if the allocation fails. It outputs a null pointer if
the requested size is 0. It is meant to replace existing calls to
mbedtls_calloc.
2019-11-29 10:13:32 +00:00
Gilles Peskine 7bb1a7e0bf
Merge pull request #307 from msopiha-linaro/development
Add ASN.1 ENUMERATED tag support
2019-11-28 10:20:18 +01:00
Gilles Peskine 06c28890c9 Add test function for effective key attributes
We're going to create some edge cases where the attributes of a key
are not bitwise identical to the attributes passed during creation.
Have a test function ready for that.
2019-11-26 19:14:18 +01:00
Gilles Peskine 0627f98779 Add tests of deprecated PSA functions
Test psa_asymmetric_sign and psa_asymmetric_verify.
2019-11-26 19:14:07 +01:00
Gilles Peskine 841b14be02 Add tests of deprecated PSA macros
When MBEDTLS_TEST_DEPRECATED is defined, run some additional tests to
validate deprecated PSA macros. We don't need to test deprecated
features extensively, but we should at least ensure that they don't
break the build.

Add some code to component_build_deprecated in all.sh to run these
tests with MBEDTLS_DEPRECATED_WARNING enabled. The tests are also
executed when MBEDTLS_DEPRECATED_WARNING and
MBEDTLS_DEPRECATED_REMOVED are both disabled.
2019-11-26 19:12:35 +01:00
Gilles Peskine 1a96049e30 Make the key_policy test function more flexible 2019-11-26 19:08:55 +01:00
Gilles Peskine b951fd9330
Merge pull request #310 from gilles-peskine-arm/memory_buffer_alloc-fatal-pass
Clarify test descriptions in test_suite_memory_buffer_alloc
2019-11-26 18:52:24 +01:00
Gilles Peskine 8f4df81506
Merge pull request #293 from gilles-peskine-arm/entropy-min
Always gather MBEDTLS_ENTROPY_BLOCK_SIZE bytes of entropy
2019-11-26 18:43:45 +01:00
Gilles Peskine 89d8c5c447 Rename some signature-related identifiers
Rename some macros and functions related to signature which are
changing as part of the addition of psa_sign_message and
psa_verify_message.

perl -i -pe '%t = (
PSA_KEY_USAGE_SIGN => PSA_KEY_USAGE_SIGN_HASH,
PSA_KEY_USAGE_VERIFY => PSA_KEY_USAGE_VERIFY_HASH,
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE => PSA_SIGNATURE_MAX_SIZE,
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE => PSA_SIGN_OUTPUT_SIZE,
psa_asymmetric_sign => psa_sign_hash,
psa_asymmetric_verify => psa_verify_hash,
); s/\b(@{[join("|", keys %t)]})\b/$t{$1}/ge' $(git ls-files . ':!:**/crypto_compat.h')
2019-11-26 18:20:59 +01:00
Gilles Peskine cbd91e013c Fix entropy_threshold when MBEDTLS_TEST_NULL_ENTROPY is enabled
Don't use the default entropy sources so as not to depend on their
characteristics.
2019-11-25 19:50:54 +01:00
Gilles Peskine ae679390a2 Fix entropy_calls when MBEDTLS_ENTROPY_NV_SEED is enabled 2019-11-25 19:44:42 +01:00
Gilles Peskine d2cea9f57c Add some more KDF test cases 2019-11-25 15:44:24 +01:00
Gilles Peskine bbf67b98bb Remove selftest dependency in the test suite
The test suites should always run self-tests for all enabled features.
Otherwise we miss failing self-tests in CI runs, because we don't
always run the selftest program independently.

There was one spurious dependency to remove:
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY for ctr_drbg, which was broken but
has now been fixed.
2019-11-21 13:49:20 +01:00
Gilles Peskine 87ef0c24af Merge branch 'development' into development-restricted 2019-11-20 20:09:34 +01:00
Jaeden Amero 61c8a371e0
Merge pull request #2836 from hanno-arm/x509_crt_policies_tests
X.509: Enhance negative testing for CertificatePolicy extension
2019-11-20 15:45:57 +00:00
Gilles Peskine 9afbfdc833 Merge remote-tracking branch 'myfork-public/development' into merge-crypto-development-20191115
First deal with deleted files.

* Files deleted by us: keep them deleted.
* Files deleted by them, whether modified by us or not: keep our version.

```
git rm $(git status -s | sed -n 's/^DU //p')
git reset -- $(git status -s | sed -n 's/^D  //p')
git checkout -- $(git status -s | sed -n 's/^ D //p')
git add -- $(git status -s | sed -n 's/^UD //p')
```

Individual files with conflicts:

* `3rdparty/everest/library/Hacl_Curve25519_joined.c`: spurious conflict because git mistakenly identified this file as a rename. Keep our version.
* `README.md`: conflict due to their change in a paragraph that doesn't exist in our version. Keep our version of this paragraph.
* `docs/architecture/Makefile`: near-identical additions. Adapt the definition of `all_markdown` and include the clean target.
* `doxygen/input/docs_mainpage.h`: conflict in the version number. Keep our version number.
* `include/mbedtls/config.h`: two delete/modify conflicts. Keep the removed chunks out.
* `library/CMakeLists.txt`: discard all their changes as they are not relevant.
* `library/Makefile`:
    * Discard the added chunk about the crypto submodule starting with `INCLUDING_FROM_MBEDTLS:=1`.
    * delete/modify: keep the removed chunk out.
    * library build: This is almost delete/modify. Their changes are mostly not applicable. Do keep the `libmbedcrypto.$(DLEXT): | libmbedcrypto.a` order dependency.
    * `.c.o`: `-o` was added on both sides but in a different place. Change to their place.
* `library/error.c`: to be regenerated.
* `library/version_features.c`: to be regenerated.
* `programs/Makefile`: Most of the changes are not relevant. The one relevant change is in the `clean` target for Windows; adapt it by removing `/S` from our version.
* `programs/test/query_config.c`: to be regenerated.
* `scripts/config.py`: added in parallel on both sides. Keep our version.
* `scripts/footprint.sh`: parallel changes. Keep our version.
* `scripts/generate_visualc_files.pl`: one delete/modify conflict. Keep the removed chunks out.
* `tests/Makefile`: discard all of their changes.
* `tests/scripts/all.sh`:
    * `pre_initialize_variables` add `append_outcome`: add it.
    * `pre_initialize_variables` add `ASAN_CFLAGS`: already there, keep our version.
    * `pre_parse_command_line` add `--no-append-outcome`: add it.
    * `pre_parse_command_line` add `--outcome-file`: add it.
    * `pre_print_configuration`: add `MBEDTLS_TEST_OUTCOME_FILE`.
    * Several changes in SSL-specific components: keep our version without them.
    * Several changes where `config.pl` was changed to `config.py` and there was an adjacent difference: keep our version.
    * Changes regarding the inclusion of `MBEDTLS_MEMORY_xxx`: ignore them here, they will be normalized in a subsequent commit.
    * `component_test_full_cmake_gcc_asan`: add it without the TLS tests.
    * `component_test_no_use_psa_crypto_full_cmake_asan`: keep the fixed `msg`, discard other changes.
    * `component_test_memory_buffer_allocator_backtrace`, `component_test_memory_buffer_allocator`: add them without the TLS tests.
    * `component_test_m32_everest`: added in parallel on both sides. Keep our version.
* `tests/scripts/check-names.sh`, `tests/scripts/list-enum-consts.pl`, `tests/scripts/list-identifiers.sh`, ``tests/scripts/list-macros.sh`: discard all of their changes.
* `tests/scripts/test-ref-configs.pl`: the change in the conflict is not relevant, so keep our version there.
* `visualc/VS2010/*.vcxproj`: to be regenerated.

Regenerate files:

```
scripts/generate_visualc_files.pl
git add visualc/VS2010/*.vcxproj
scripts/generate_errors.pl
git add library/error.c
scripts/generate_features.pl
git add library/version_features.c
scripts/generate_query_config.pl
git add programs/test/query_config.c
```

Rejected changes in non-conflicting files:

* `CMakeLists.txt`: discard their addition which has already been side-ported.
* `doxygen/mbedtls.doxyfile`: keep the version number change. Discard the changes related to `../crypto` paths.

Keep the following changes after examination:

* `.travis.yml`: all of their changes are relevant.
* `include/mbedtls/error.h`: do keep their changes. Even though Crypto doesn't use TLS errors, it must not encroach on TLS's allocated numbers.
* `tests/scripts/check-test-cases.py`: keep the code dealing with `ssl-opt.sh`. It works correctly when the file is not present.
2019-11-15 11:47:14 +01:00
Gilles Peskine f0d87001d0
Merge pull request #315 from gilles-peskine-arm/pk_signature_max_size
Define MBEDTLS_PK_SIGNATURE_MAX_SIZE
2019-11-13 12:13:57 +01:00
Gilles Peskine cb0101ff33
Merge pull request #298 from gilles-peskine-arm/config-symmetric-only
Test a build without any asymmetric cryptography
2019-11-12 19:37:13 +01:00
Gilles Peskine a719db8b04 Add pk_utils and pk_sign tests with different curves
This reveals that MBEDTLS_PK_SIGNATURE_MAX_SIZE is too small.
2019-11-12 13:21:53 +01:00
Gilles Peskine e48fe55c24 test_suite_pk: pk_genkey: support a variable key size or curve
No intended behavior change.
2019-11-12 13:21:52 +01:00
Gilles Peskine eba088a8ac test_suite_pk: check the signature size after pk_sign
Add a check that the signature size from pk_sign is less than the
documented maximum size.

Reduce the stack consumption in pk_sign_verify.
2019-11-12 11:10:54 +01:00
Gilles Peskine f85e4e67bd test_suite_pk: fix use of sig_len without initialization
In pk_sign_verify, if mbedtls_pk_sign() failed, sig_len was passed to
mbedtls_pk_verify_restartable() without having been initialized. This
worked only because in the only test case that expects signature to
fail, the verify implementation doesn't look at sig_len before failing
for the expected reason.

The value of sig_len if sign() fails is undefined, so set sig_len to
something sensible.
2019-11-12 11:09:26 +01:00
Janos Follath 0b1ae0e972 mpi_lt_mpi_ct: Add further tests
The existing tests did not catch a failure that came up at integration
testing. Adding the missing test cases to trigger the bug.
2019-11-05 15:13:00 +00:00