mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 08:37:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #74 from Patater/break-non-crypto-dependencies

Browse Source 
Break non-crypto dependencies
This commit is contained in:
Jaeden Amero 2019-03-13 10:39:20 +00:00 committed by GitHub
commit a52c0593cc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
53 changed files with 229 additions and 13642 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.travis.yml
View File

@ -22,13 +22,8 @@ script:
- make
- make test
- programs/test/selftest
- OSSL_NO_DTLS=1 tests/compat.sh
- tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl' --seed 4
- tests/scripts/test-ref-configs.pl
- tests/scripts/curves.pl
- tests/scripts/key-exchanges.pl
after_failure:
- tests/scripts/travis-log-failure.sh
env:
global:
secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="

2
CMakeLists.txt
View File

@ -200,8 +200,6 @@ if(ENABLE_TESTING)
ADD_CUSTOM_TARGET(covtest
COMMAND make test
COMMAND programs/test/selftest
COMMAND tests/compat.sh
COMMAND tests/ssl-opt.sh
)
ADD_CUSTOM_TARGET(lcov

2
Makefile
View File

@ -102,8 +102,6 @@ ifndef WINDOWS
covtest:
$(MAKE) check
programs/test/selftest
tests/compat.sh
tests/ssl-opt.sh
lcov:
rm -rf Coverage

3
configs/config-mini-tls1_1.h
View File

@ -70,9 +70,6 @@
#define MBEDTLS_CERTS_C
#define MBEDTLS_PEM_PARSE_C
/* For testing with compat.sh */
#define MBEDTLS_FS_IO
#include "mbedtls/check_config.h"
#endif /* MBEDTLS_CONFIG_H */

25
configs/config-psa-crypto.h
View File

@ -726,11 +726,11 @@
* Enable "non-blocking" ECC operations that can return early and be resumed.
*
* This allows various functions to pause by returning
* #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
* #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
* order to further progress and eventually complete their operation. This is
* controlled through mbedtls_ecp_set_max_ops() which limits the maximum
* number of ECC operations a function may perform before pausing; see
* #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module,
* MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order
* to further progress and eventually complete their operation. This is
* controlled through mbedtls_ecp_set_max_ops() which limits the maximum number
* of ECC operations a function may perform before pausing; see
* mbedtls_ecp_set_max_ops() for more information.
*
* This is useful in non-threaded environments if you want to avoid blocking
@ -1156,6 +1156,21 @@
*/
//#define MBEDTLS_PSA_HAS_ITS_IO
/* MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
*
* In PSA key storage, encode the owner of the key.
*
* This is only meaningful when building the library as part of a
* multi-client service. When you activate this option, you must provide
* an implementation of the type psa_key_owner_id_t and a translation
* from psa_key_file_id_t to file name in all the storage backends that
* you wish to support.
*
* Note that this option is meant for internal use only and may be removed
* without notice.
*/
//#define MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER
/**
* \def MBEDTLS_MEMORY_DEBUG
*

4
configs/config-thread.h
View File

@ -75,10 +75,6 @@
#define MBEDTLS_SSL_SRV_C
#define MBEDTLS_SSL_TLS_C
/* For tests using ssl-opt.sh */
#define MBEDTLS_NET_C
#define MBEDTLS_TIMING_C
/* Save RAM at the expense of ROM */
#define MBEDTLS_AES_ROM_TABLES

2
include/CMakeLists.txt
View File

@ -15,7 +15,7 @@ if(INSTALL_MBEDTLS_HEADERS)
endif(INSTALL_MBEDTLS_HEADERS)
# Make config.h available in an out-of-source build. ssl-opt.sh requires it.
# Make config.h available in an out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(mbedtls)
link_to_source(psa)

2
include/mbedtls/asn1.h
View File

@ -66,7 +66,7 @@
* - 0x02 -- tag indicating INTEGER
* - 0x01 -- length in octets
* - 0x05 -- value
* Such sequences are typically read into \c ::mbedtls_x509_buf.
* Such sequences are typically read into Mbed TLS's \c mbedtls_x509_buf.
* \{
*/
#define MBEDTLS_ASN1_BOOLEAN 0x01

10
include/mbedtls/config.h
View File

@ -746,11 +746,11 @@
* Enable "non-blocking" ECC operations that can return early and be resumed.
*
* This allows various functions to pause by returning
* #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in the SSL module,
* #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in
* order to further progress and eventually complete their operation. This is
* controlled through mbedtls_ecp_set_max_ops() which limits the maximum
* number of ECC operations a function may perform before pausing; see
* #MBEDTLS_ERR_ECP_IN_PROGRESS (or, for functions in Mbed TLS's SSL module,
* MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS) and then be called later again in order
* to further progress and eventually complete their operation. This is
* controlled through mbedtls_ecp_set_max_ops() which limits the maximum number
* of ECC operations a function may perform before pausing; see
* mbedtls_ecp_set_max_ops() for more information.
*
* This is useful in non-threaded environments if you want to avoid blocking

9
include/mbedtls/dhm.h
View File

@ -350,11 +350,10 @@ int mbedtls_dhm_self_test( int verbose );
#endif
/**
* RFC 3526, RFC 5114 and RFC 7919 standardize a number of
* Diffie-Hellman groups, some of which are included here
* for use within the SSL/TLS module and the user's convenience
* when configuring the Diffie-Hellman parameters by hand
* through \c mbedtls_ssl_conf_dh_param.
* RFC 3526, RFC 5114 and RFC 7919 standardize a number of Diffie-Hellman
* groups, some of which are included here for use by Mbed TLS's SSL/TLS module
* and the user's convenience when configuring the Diffie-Hellman parameters by
* hand through Mbed TLS's \c mbedtls_ssl_conf_dh_param.
*
* The following lists the source of the above groups in the standards:
* - RFC 5114 section 2.2: 2048-bit MODP Group with 224-bit Prime Order Subgroup

24
include/mbedtls/ecp.h
View File

@ -365,19 +365,19 @@ mbedtls_ecp_keypair;
* same; they must not be used until the function finally
* returns 0.
*
* This only applies to functions whose documentation
* mentions they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
* #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS for functions in the
* SSL module). For functions that accept a "restart context"
* argument, passing NULL disables restart and makes the
* function equivalent to the function with the same name
* This only applies to functions whose documentation mentions
* they may return #MBEDTLS_ERR_ECP_IN_PROGRESS (or
* `MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS` for functions in the
* Mbed TLS SSL module). For functions that accept a "restart
* context" argument, passing NULL disables restart and makes
* the function equivalent to the function with the same name
* with \c _restartable removed. For functions in the ECDH
* module, restart is disabled unless the function accepts
* an "ECDH context" argument and
* mbedtls_ecdh_enable_restart() was previously called on
* that context. For function in the SSL module, restart is
* only enabled for specific sides and key exchanges
* (currently only for clients and ECDHE-ECDSA).
* module, restart is disabled unless the function accepts an
* "ECDH context" argument and mbedtls_ecdh_enable_restart()
* was previously called on that context. For function in the
* Mbed TLS SSL module, restart is only enabled for specific
* sides and key exchanges (currently only for clients and
* ECDHE-ECDSA).
*
* \param max_ops Maximum number of basic operations done in a row.
* Default: 0 (unlimited).

2
library/ecp.c
View File

@ -383,7 +383,7 @@ typedef enum
* Curves are listed in order: largest curves first, and for a given size,
* fastest curves first. This provides the default order for the SSL module.
*
* Reminder: update profiles in x509_crt.c when adding a new curves!
* Reminder: update profiles in Mbed TLS's x509_crt.c when adding new curves!
*/
static const mbedtls_ecp_curve_info ecp_supported_curves[] =
{

2
library/md.c
View File

@ -50,7 +50,7 @@
#endif
/*
* Reminder: update profiles in x509_crt.c when adding a new hash!
* Reminder: update profiles in Mbed TLS's x509_crt.c when adding a new hash!
*/
static const int supported_digests[] = {

93
programs/Makefile
View File

@ -47,35 +47,58 @@ ifdef ZLIB
LOCAL_LDFLAGS += -lz
endif
APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \
pkey/dh_genprime$(EXEXT) \
pkey/ecdh_curve25519$(EXEXT) \
pkey/ecdsa$(EXEXT) pkey/gen_key$(EXEXT) \
pkey/key_app$(EXEXT) pkey/key_app_writer$(EXEXT) \
pkey/mpi_demo$(EXEXT) pkey/pk_decrypt$(EXEXT) \
pkey/pk_encrypt$(EXEXT) pkey/pk_sign$(EXEXT) \
pkey/pk_verify$(EXEXT) pkey/rsa_genkey$(EXEXT) \
pkey/rsa_decrypt$(EXEXT) pkey/rsa_encrypt$(EXEXT) \
pkey/rsa_sign$(EXEXT) pkey/rsa_verify$(EXEXT) \
pkey/rsa_sign_pss$(EXEXT) pkey/rsa_verify_pss$(EXEXT) \
psa/crypto_examples$(EXEXT) \
psa/key_ladder_demo$(EXEXT) psa/psa_constant_names$(EXEXT) \
ssl/dtls_client$(EXEXT) ssl/dtls_server$(EXEXT) \
ssl/ssl_client1$(EXEXT) ssl/ssl_client2$(EXEXT) \
ssl/ssl_server$(EXEXT) ssl/ssl_server2$(EXEXT) \
ssl/ssl_fork_server$(EXEXT) ssl/mini_client$(EXEXT) \
ssl/ssl_mail_client$(EXEXT) random/gen_entropy$(EXEXT) \
random/gen_random_havege$(EXEXT) \
random/gen_random_ctr_drbg$(EXEXT) \
test/ssl_cert_test$(EXEXT) test/benchmark$(EXEXT) \
test/selftest$(EXEXT) test/udp_proxy$(EXEXT) \
test/zeroize$(EXEXT) \
test/query_compile_time_config$(EXEXT) \
util/pem2der$(EXEXT) util/strerror$(EXEXT) \
x509/cert_app$(EXEXT) x509/crl_app$(EXEXT) \
x509/cert_req$(EXEXT) x509/cert_write$(EXEXT) \
x509/req_app$(EXEXT)
APPS = \
aes/aescrypt2$(EXEXT) \
aes/crypt_and_hash$(EXEXT) \
hash/hello$(EXEXT) \
hash/generic_sum$(EXEXT) \
pkey/dh_genprime$(EXEXT) \
pkey/ecdh_curve25519$(EXEXT) \
pkey/ecdsa$(EXEXT) \
pkey/gen_key$(EXEXT) \
pkey/key_app$(EXEXT) \
pkey/key_app_writer$(EXEXT) \
pkey/mpi_demo$(EXEXT) \
pkey/pk_decrypt$(EXEXT) \
pkey/pk_encrypt$(EXEXT) \
pkey/pk_sign$(EXEXT) \
pkey/pk_verify$(EXEXT) \
pkey/rsa_genkey$(EXEXT) \
pkey/rsa_decrypt$(EXEXT) \
pkey/rsa_encrypt$(EXEXT) \
pkey/rsa_sign$(EXEXT) \
pkey/rsa_verify$(EXEXT) \
pkey/rsa_sign_pss$(EXEXT) \
pkey/rsa_verify_pss$(EXEXT) \
psa/crypto_examples$(EXEXT) \
psa/key_ladder_demo$(EXEXT) \
psa/psa_constant_names$(EXEXT) \
ssl/dtls_client$(EXEXT) \
ssl/dtls_server$(EXEXT) \
ssl/ssl_client1$(EXEXT) \
ssl/ssl_client2$(EXEXT) \
ssl/ssl_server$(EXEXT) \
ssl/ssl_server2$(EXEXT) \
ssl/ssl_fork_server$(EXEXT) \
ssl/mini_client$(EXEXT) \
ssl/ssl_mail_client$(EXEXT) \
random/gen_entropy$(EXEXT) \
random/gen_random_havege$(EXEXT) \
random/gen_random_ctr_drbg$(EXEXT) \
test/ssl_cert_test$(EXEXT) \
test/benchmark$(EXEXT) \
test/selftest$(EXEXT) \
test/udp_proxy$(EXEXT) \
test/zeroize$(EXEXT) \
test/query_compile_time_config$(EXEXT) \
util/pem2der$(EXEXT) \
util/strerror$(EXEXT) \
x509/cert_app$(EXEXT) \
x509/crl_app$(EXEXT) \
x509/cert_req$(EXEXT) \
x509/cert_write$(EXEXT) \
x509/req_app$(EXEXT) \
# End of APPS
ifdef PTHREAD
APPS += ssl/ssl_pthread_server$(EXEXT)
@ -226,17 +249,17 @@ ssl/ssl_client1$(EXEXT): ssl/ssl_client1.c $(DEP)
echo " CC ssl/ssl_client1.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client1.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c ssl/query_config.c $(DEP)
ssl/ssl_client2$(EXEXT): ssl/ssl_client2.c test/query_config.c $(DEP)
echo " CC ssl/ssl_client2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_client2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_server$(EXEXT): ssl/ssl_server.c $(DEP)
echo " CC ssl/ssl_server.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c ssl/query_config.c $(DEP)
ssl/ssl_server2$(EXEXT): ssl/ssl_server2.c test/query_config.c $(DEP)
echo " CC ssl/ssl_server2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/ssl_server2.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
ssl/ssl_fork_server$(EXEXT): ssl/ssl_fork_server.c $(DEP)
echo " CC ssl/ssl_fork_server.c"
@ -278,9 +301,9 @@ test/zeroize$(EXEXT): test/zeroize.c $(DEP)
echo " CC test/zeroize.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/zeroize.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c ssl/query_config.c $(DEP)
test/query_compile_time_config$(EXEXT): test/query_compile_time_config.c test/query_config.c $(DEP)
echo " CC test/query_compile_time_config.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c ssl/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/query_compile_time_config.c test/query_config.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
util/pem2der$(EXEXT): util/pem2der.c $(DEP)
echo " CC util/pem2der.c"

2
programs/pkey/key_app.c
View File

@ -40,7 +40,7 @@
defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO)
#include "mbedtls/error.h"
#include "mbedtls/rsa.h"
#include "mbedtls/x509.h"
#include "mbedtls/pk.h"
#include <string.h>
#endif

14
programs/pkey/rsa_genkey.c
View File

@ -42,7 +42,6 @@
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/bignum.h"
#include "mbedtls/x509.h"
#include "mbedtls/rsa.h"
#include <stdio.h>
@ -160,19 +159,6 @@ int main( void )
mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret );
goto exit;
}
/*
mbedtls_printf( " ok\n . Generating the certificate..." );
x509write_init_raw( &cert );
x509write_add_pubkey( &cert, &rsa );
x509write_add_subject( &cert, "CN='localhost'" );
x509write_add_validity( &cert, "2007-09-06 17:00:32",
"2010-09-06 17:00:32" );
x509write_create_selfsign( &cert, &rsa );
x509write_crtfile( &cert, "cert.der", X509_OUTPUT_DER );
x509write_crtfile( &cert, "cert.pem", X509_OUTPUT_PEM );
x509write_free_raw( &cert );
*/
mbedtls_printf( " ok\n\n" );
exit_code = MBEDTLS_EXIT_SUCCESS;

2
programs/pkey/rsa_sign_pss.c
View File

@ -55,7 +55,7 @@ int main( void )
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/md.h"
#include "mbedtls/rsa.h"
#include "mbedtls/x509.h"
#include "mbedtls/pk.h"
#include <stdio.h>
#include <string.h>

1
programs/pkey/rsa_verify_pss.c
View File

@ -55,7 +55,6 @@ int main( void )
#include "mbedtls/pem.h"
#include "mbedtls/pk.h"
#include "mbedtls/md.h"
#include "mbedtls/x509.h"
#include <stdio.h>
#include <string.h>

40
programs/psa/crypto_examples.c
View File

@ -1,23 +1,15 @@
#include "psa/crypto.h"
#include <string.h>
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdio.h>
#include <stdlib.h>
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#define mbedtls_printf printf
#define mbedtls_exit exit
#endif
#define ASSERT( predicate ) \
do \
{ \
if( ! ( predicate ) ) \
{ \
mbedtls_printf( "\tassertion failed at %s:%d - '%s'\r\n", \
__FILE__, __LINE__, #predicate); \
printf( "\tassertion failed at %s:%d - '%s'\r\n", \
__FILE__, __LINE__, #predicate); \
goto exit; \
} \
} while ( 0 )
@ -27,8 +19,8 @@
{ \
if( ( actual ) != ( expected ) ) \
{ \
mbedtls_printf( "\tassertion failed at %s:%d - " \
"actual:%d expected:%d\r\n", __FILE__, __LINE__, \
printf( "\tassertion failed at %s:%d - " \
"actual:%d expected:%d\r\n", __FILE__, __LINE__, \
(psa_status_t) actual, (psa_status_t) expected ); \
goto exit; \
} \
@ -39,10 +31,10 @@
!defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
int main( void )
{
mbedtls_printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
"MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
"and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
"not defined.\r\n" );
printf( "MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_AES_C and/or "
"MBEDTLS_CIPHER_MODE_CBC and/or MBEDTLS_CIPHER_MODE_CTR "
"and/or MBEDTLS_CIPHER_MODE_WITH_PADDING "
"not defined.\r\n" );
return( 0 );
}
#else
@ -311,20 +303,20 @@ static void cipher_examples( void )
{
psa_status_t status;
mbedtls_printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" );
printf( "cipher encrypt/decrypt AES CBC no padding:\r\n" );
status = cipher_example_encrypt_decrypt_aes_cbc_nopad_1_block( );
if( status == PSA_SUCCESS )
mbedtls_printf( "\tsuccess!\r\n" );
printf( "\tsuccess!\r\n" );
mbedtls_printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" );
printf( "cipher encrypt/decrypt AES CBC PKCS7 multipart:\r\n" );
status = cipher_example_encrypt_decrypt_aes_cbc_pkcs7_multi( );
if( status == PSA_SUCCESS )
mbedtls_printf( "\tsuccess!\r\n" );
printf( "\tsuccess!\r\n" );
mbedtls_printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" );
printf( "cipher encrypt/decrypt AES CTR multipart:\r\n" );
status = cipher_example_encrypt_decrypt_aes_ctr_multi( );
if( status == PSA_SUCCESS )
mbedtls_printf( "\tsuccess!\r\n" );
printf( "\tsuccess!\r\n" );
}
#if defined(MBEDTLS_CHECK_PARAMS)
@ -333,9 +325,9 @@ void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
exit( EXIT_FAILURE );
}
#endif

110
programs/psa/key_ladder_demo.c
View File

@ -57,17 +57,7 @@
#include MBEDTLS_CONFIG_FILE
#endif
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
#include <stdlib.h>
#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
#define mbedtls_calloc calloc
#define mbedtls_free free
#define mbedtls_printf printf
#define mbedtls_exit exit
#endif
#include <stdio.h>
#include <string.h>
@ -79,9 +69,9 @@
!defined(MBEDTLS_PSA_CRYPTO_C) || !defined(MBEDTLS_FS_IO)
int main( void )
{
mbedtls_printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
"MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO not defined.\n");
printf("MBEDTLS_SHA256_C and/or MBEDTLS_MD_C and/or "
"MBEDTLS_AES_C and/or MBEDTLS_CCM_C and/or "
"MBEDTLS_PSA_CRYPTO_C and/or MBEDTLS_FS_IO not defined.\n");
return( 0 );
}
#else
@ -112,10 +102,10 @@ int main( void )
status = ( expr ); \
if( status != PSA_SUCCESS ) \
{ \
mbedtls_printf( "Error %d at line %u: %s\n", \
(int) status, \
__LINE__, \
#expr ); \
printf( "Error %d at line %u: %s\n", \
(int) status, \
__LINE__, \
#expr ); \
goto exit; \
} \
} \
@ -254,8 +244,8 @@ static psa_status_t import_key_from_file( psa_key_usage_t usage,
key_file ) ) != 0 );
if( fread( &extra_byte, 1, 1, key_file ) != 0 )
{
mbedtls_printf( "Key file too large (max: %u).\n",
(unsigned) sizeof( key_data ) );
printf( "Key file too large (max: %u).\n",
(unsigned) sizeof( key_data ) );
status = DEMO_ERROR;
goto exit;
}
@ -395,7 +385,7 @@ static psa_status_t wrap_data( const char *input_file_name,
#if LONG_MAX > SIZE_MAX
if( input_position > SIZE_MAX )
{
mbedtls_printf( "Input file too large.\n" );
printf( "Input file too large.\n" );
status = DEMO_ERROR;
goto exit;
}
@ -405,14 +395,14 @@ static psa_status_t wrap_data( const char *input_file_name,
/* Check for integer overflow. */
if( buffer_size < input_size )
{
mbedtls_printf( "Input file too large.\n" );
printf( "Input file too large.\n" );
status = DEMO_ERROR;
goto exit;
}
/* Load the data to wrap. */
SYS_CHECK( fseek( input_file, 0, SEEK_SET ) == 0 );
SYS_CHECK( ( buffer = mbedtls_calloc( 1, buffer_size ) ) != NULL );
SYS_CHECK( ( buffer = calloc( 1, buffer_size ) ) != NULL );
SYS_CHECK( fread( buffer, 1, input_size, input_file ) == input_size );
SYS_CHECK( fclose( input_file ) == 0 );
input_file = NULL;
@ -447,7 +437,7 @@ exit:
fclose( output_file );
if( buffer != NULL )
mbedtls_platform_zeroize( buffer, buffer_size );
mbedtls_free( buffer );
free( buffer );
return( status );
}
@ -471,13 +461,13 @@ static psa_status_t unwrap_data( const char *input_file_name,
if( memcmp( &header.magic, WRAPPED_DATA_MAGIC,
WRAPPED_DATA_MAGIC_LENGTH ) != 0 )
{
mbedtls_printf( "The input does not start with a valid magic header.\n" );
printf( "The input does not start with a valid magic header.\n" );
status = DEMO_ERROR;
goto exit;
}
if( header.ad_size != sizeof( header ) )
{
mbedtls_printf( "The header size is not correct.\n" );
printf( "The header size is not correct.\n" );
status = DEMO_ERROR;
goto exit;
}
@ -486,18 +476,18 @@ static psa_status_t unwrap_data( const char *input_file_name,
/* Check for integer overflow. */
if( ciphertext_size < header.payload_size )
{
mbedtls_printf( "Input file too large.\n" );
printf( "Input file too large.\n" );
status = DEMO_ERROR;
goto exit;
}
/* Load the payload data. */
SYS_CHECK( ( buffer = mbedtls_calloc( 1, ciphertext_size ) ) != NULL );
SYS_CHECK( ( buffer = calloc( 1, ciphertext_size ) ) != NULL );
SYS_CHECK( fread( buffer, 1, ciphertext_size,
input_file ) == ciphertext_size );
if( fread( &extra_byte, 1, 1, input_file ) != 0 )
{
mbedtls_printf( "Extra garbage after ciphertext\n" );
printf( "Extra garbage after ciphertext\n" );
status = DEMO_ERROR;
goto exit;
}
@ -513,7 +503,7 @@ static psa_status_t unwrap_data( const char *input_file_name,
&plaintext_size ) );
if( plaintext_size != header.payload_size )
{
mbedtls_printf( "Incorrect payload size in the header.\n" );
printf( "Incorrect payload size in the header.\n" );
status = DEMO_ERROR;
goto exit;
}
@ -532,7 +522,7 @@ exit:
fclose( output_file );
if( buffer != NULL )
mbedtls_platform_zeroize( buffer, ciphertext_size );
mbedtls_free( buffer );
free( buffer );
return( status );
}
@ -600,23 +590,23 @@ exit:
static void usage( void )
{
mbedtls_printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" );
mbedtls_printf( "Demonstrate the usage of a key derivation ladder.\n" );
mbedtls_printf( "\n" );
mbedtls_printf( "Modes:\n" );
mbedtls_printf( " generate Generate the master key\n" );
mbedtls_printf( " save Save the derived key\n" );
mbedtls_printf( " unwrap Unwrap (decrypt) input with the derived key\n" );
mbedtls_printf( " wrap Wrap (encrypt) input with the derived key\n" );
mbedtls_printf( "\n" );
mbedtls_printf( "Options:\n" );
mbedtls_printf( " input=FILENAME Input file (required for wrap/unwrap)\n" );
mbedtls_printf( " master=FILENAME File containing the master key (default: master.key)\n" );
mbedtls_printf( " output=FILENAME Output file (required for save/wrap/unwrap)\n" );
mbedtls_printf( " label=TEXT Label for the key derivation.\n" );
mbedtls_printf( " This may be repeated multiple times.\n" );
mbedtls_printf( " To get the same key, you must use the same master key\n" );
mbedtls_printf( " and the same sequence of labels.\n" );
printf( "Usage: key_ladder_demo MODE [OPTION=VALUE]...\n" );
printf( "Demonstrate the usage of a key derivation ladder.\n" );
printf( "\n" );
printf( "Modes:\n" );
printf( " generate Generate the master key\n" );
printf( " save Save the derived key\n" );
printf( " unwrap Unwrap (decrypt) input with the derived key\n" );
printf( " wrap Wrap (encrypt) input with the derived key\n" );
printf( "\n" );
printf( "Options:\n" );
printf( " input=FILENAME Input file (required for wrap/unwrap)\n" );
printf( " master=FILENAME File containing the master key (default: master.key)\n" );
printf( " output=FILENAME Output file (required for save/wrap/unwrap)\n" );
printf( " label=TEXT Label for the key derivation.\n" );
printf( " This may be repeated multiple times.\n" );
printf( " To get the same key, you must use the same master key\n" );
printf( " and the same sequence of labels.\n" );
}
#if defined(MBEDTLS_CHECK_PARAMS)
@ -625,9 +615,9 @@ void mbedtls_param_failed( const char *failure_condition,
const char *file,
int line )
{
mbedtls_printf( "%s:%i: Input param failed - %s\n",
printf( "%s:%i: Input param failed - %s\n",
file, line, failure_condition );
mbedtls_exit( MBEDTLS_EXIT_FAILURE );
exit( EXIT_FAILURE );
}
#endif
@ -648,7 +638,7 @@ int main( int argc, char *argv[] )
strcmp( argv[1], "--help" ) == 0 )
{
usage( );
return( MBEDTLS_EXIT_SUCCESS );
return( EXIT_SUCCESS );
}
for( i = 2; i < argc; i++ )
@ -656,7 +646,7 @@ int main( int argc, char *argv[] )
char *q = strchr( argv[i], '=' );
if( q == NULL )
{
mbedtls_printf( "Missing argument to option %s\n", argv[i] );
printf( "Missing argument to option %s\n", argv[i] );
goto usage_failure;
}
*q = 0;
@ -667,9 +657,9 @@ int main( int argc, char *argv[] )
{
if( ladder_depth == MAX_LADDER_DEPTH )
{
mbedtls_printf( "Maximum ladder depth %u exceeded.\n",
printf( "Maximum ladder depth %u exceeded.\n",
(unsigned) MAX_LADDER_DEPTH );
return( MBEDTLS_EXIT_FAILURE );
return( EXIT_FAILURE );
}
ladder[ladder_depth] = q;
++ladder_depth;
@ -680,7 +670,7 @@ int main( int argc, char *argv[] )
output_file_name = q;
else
{
mbedtls_printf( "Unknown option: %s\n", argv[i] );
printf( "Unknown option: %s\n", argv[i] );
goto usage_failure;
}
}
@ -695,20 +685,20 @@ int main( int argc, char *argv[] )
mode = MODE_WRAP;
else
{
mbedtls_printf( "Unknown action: %s\n", argv[1] );
printf( "Unknown action: %s\n", argv[1] );
goto usage_failure;
}
if( input_file_name == NULL &&
( mode == MODE_WRAP || mode == MODE_UNWRAP ) )
{
mbedtls_printf( "Required argument missing: input\n" );
printf( "Required argument missing: input\n" );
return( DEMO_ERROR );
}
if( output_file_name == NULL &&
( mode == MODE_SAVE || mode == MODE_WRAP || mode == MODE_UNWRAP ) )
{
mbedtls_printf( "Required argument missing: output\n" );
printf( "Required argument missing: output\n" );
return( DEMO_ERROR );
}
@ -716,11 +706,11 @@ int main( int argc, char *argv[] )
ladder, ladder_depth,
input_file_name, output_file_name );
return( status == PSA_SUCCESS ?
MBEDTLS_EXIT_SUCCESS :
MBEDTLS_EXIT_FAILURE );
EXIT_SUCCESS :
EXIT_FAILURE );
usage_failure:
usage( );
return( MBEDTLS_EXIT_FAILURE );
return( EXIT_FAILURE );
}
#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C && MBEDTLS_AES_C && MBEDTLS_CCM_C && MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */

4
programs/ssl/CMakeLists.txt
View File

@ -34,14 +34,14 @@ add_executable(ssl_client1 ssl_client1.c)
target_link_libraries(ssl_client1 ${libs})
add_executable(ssl_client2 ssl_client2.c)
target_sources(ssl_client2 PUBLIC query_config.c)
target_sources(ssl_client2 PUBLIC ../test/query_config.c)
target_link_libraries(ssl_client2 ${libs})
add_executable(ssl_server ssl_server.c)
target_link_libraries(ssl_server ${libs})
add_executable(ssl_server2 ssl_server2.c)
target_sources(ssl_server2 PUBLIC query_config.c)
target_sources(ssl_server2 PUBLIC ../test/query_config.c)
target_link_libraries(ssl_server2 ${libs})
add_executable(ssl_fork_server ssl_fork_server.c)

2
programs/test/CMakeLists.txt
View File

@ -31,7 +31,7 @@ add_executable(zeroize zeroize.c)
target_link_libraries(zeroize ${libs})
add_executable(query_compile_time_config query_compile_time_config.c)
target_sources(query_compile_time_config PUBLIC ../ssl/query_config.c)
target_sources(query_compile_time_config PUBLIC query_config.c)
target_link_libraries(query_compile_time_config ${libs})
install(TARGETS selftest benchmark ssl_cert_test udp_proxy query_compile_time_config

5
programs/test/cpp_dummy_build.cpp
View File

@ -45,7 +45,6 @@
#include "mbedtls/cipher.h"
#include "mbedtls/cipher_internal.h"
#include "mbedtls/cmac.h"
#include "mbedtls/compat-1.3.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/debug.h"
#include "mbedtls/des.h"
@ -96,10 +95,6 @@
#include "mbedtls/threading.h"
#include "mbedtls/timing.h"
#include "mbedtls/version.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crl.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/xtea.h"
#if defined(MBEDTLS_PLATFORM_C)

0
programs/ssl/query_config.c → programs/test/query_config.c
View File

4
programs/test/selftest.c
View File

@ -51,7 +51,6 @@
#include "mbedtls/base64.h"
#include "mbedtls/bignum.h"
#include "mbedtls/rsa.h"
#include "mbedtls/x509.h"
#include "mbedtls/xtea.h"
#include "mbedtls/pkcs5.h"
#include "mbedtls/ecp.h"
@ -245,9 +244,6 @@ const selftest_t selftests[] =
#if defined(MBEDTLS_RSA_C)
{"rsa", mbedtls_rsa_self_test},
#endif
#if defined(MBEDTLS_X509_USE_C)
{"x509", mbedtls_x509_self_test},
#endif
#if defined(MBEDTLS_XTEA_C)
{"xtea", mbedtls_xtea_self_test},
#endif

2
scripts/bump_version.sh
View File

@ -132,7 +132,7 @@ done
[ $VERBOSE ] && echo "Re-generating library/error.c"
scripts/generate_errors.pl
[ $VERBOSE ] && echo "Re-generating programs/ssl/query_config.c"
[ $VERBOSE ] && echo "Re-generating programs/test/query_config.c"
scripts/generate_query_config.pl
[ $VERBOSE ] && echo "Re-generating library/version_features.c"

2
scripts/generate_query_config.pl
View File

@ -21,7 +21,7 @@ use strict;
my $config_file = "./include/mbedtls/config.h";
my $query_config_format_file = "./scripts/data_files/query_config.fmt";
my $query_config_file = "./programs/ssl/query_config.c";
my $query_config_file = "./programs/test/query_config.c";
# Excluded macros from the generated query_config.c. For example, macros that
# have commas or function-like macros cannot be transformed into strings easily

2
scripts/generate_visualc_files.pl
View File

@ -98,7 +98,7 @@ sub gen_app {
my $srcs = "\n <ClCompile Include=\"..\\..\\programs\\$path.c\" \/>\r";
if( $appname eq "ssl_client2" or $appname eq "ssl_server2" or
$appname eq "query_compile_time_config" ) {
$srcs .= "\n <ClCompile Include=\"..\\..\\programs\\ssl\\query_config.c\" \/>\r";
$srcs .= "\n <ClCompile Include=\"..\\..\\programs\\test\\query_config.c\" \/>\r";
}
my $content = $template;

37
scripts/output_env.sh
View File

@ -15,7 +15,6 @@
# - type and version of the operating system
# - version of armcc, clang, gcc-arm and gcc compilers
# - version of libc, clang, asan and valgrind if installed
# - version of gnuTLS and OpenSSL
print_version()
{
@ -74,42 +73,6 @@ echo
print_version "valgrind" "--version" "valgrind not found!"
echo
: ${OPENSSL:=openssl}
print_version "$OPENSSL" "version" "openssl not found!"
echo
if [ -n "${OPENSSL_LEGACY+set}" ]; then
print_version "$OPENSSL_LEGACY" "version" "openssl legacy version not found!"
echo
fi
if [ -n "${OPENSSL_NEXT+set}" ]; then
print_version "$OPENSSL_NEXT" "version" "openssl next version not found!"
echo
fi
: ${GNUTLS_CLI:=gnutls-cli}
print_version "$GNUTLS_CLI" "--version" "gnuTLS client not found!" "head -n 1"
echo
: ${GNUTLS_SERV:=gnutls-serv}
print_version "$GNUTLS_SERV" "--version" "gnuTLS server not found!" "head -n 1"
echo
if [ -n "${GNUTLS_LEGACY_CLI+set}" ]; then
print_version "$GNUTLS_LEGACY_CLI" "--version" \
"gnuTLS client legacy version not found!" \
"head -n 1"
echo
fi
if [ -n "${GNUTLS_LEGACY_SERV+set}" ]; then
print_version "$GNUTLS_LEGACY_SERV" "--version" \
"gnuTLS server legacy version not found!" \
"head -n 1"
echo
fi
if `hash dpkg > /dev/null 2>&1`; then
echo "* asan:"
dpkg -s libasan2 2> /dev/null | grep -i version

27
tests/CMakeLists.txt
View File

@ -40,13 +40,24 @@ function(add_test_suite suite_name)
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py mbedtls ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
)
set(exe_name test_suite_${data_name})
# Add a prefix to differentiate these tests from those of the parent
# module, when this project is built as a submodule.
if(USE_CRYPTO_SUBMODULE)
set(exe_name crypto.${exe_name})
endif()
include_directories(${CMAKE_CURRENT_SOURCE_DIR})
add_executable(test_suite_${data_name} test_suite_${data_name}.c)
target_link_libraries(test_suite_${data_name} ${libs})
add_executable(${exe_name} test_suite_${data_name}.c)
target_link_libraries(${exe_name} ${libs})
target_include_directories(${exe_name}
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/)
if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX})
message(STATUS "The test suite ${data_name} will not be executed.")
else()
add_test(${data_name}-suite test_suite_${data_name} --verbose)
add_test(${data_name}-suite ${exe_name} --verbose)
endif()
endfunction(add_test_suite)
@ -89,7 +100,6 @@ add_test_suite(cipher cipher.null)
add_test_suite(cipher cipher.padding)
add_test_suite(cmac)
add_test_suite(ctr_drbg)
add_test_suite(debug)
add_test_suite(des)
add_test_suite(dhm)
add_test_suite(ecdh)
@ -133,20 +143,17 @@ add_test_suite(psa_crypto_persistent_key)
add_test_suite(psa_crypto_slot_management)
add_test_suite(psa_crypto_storage_file)
add_test_suite(shax)
add_test_suite(ssl)
add_test_suite(timing)
add_test_suite(rsa)
add_test_suite(version)
add_test_suite(xtea)
add_test_suite(x509parse)
add_test_suite(x509write)
if (NOT USE_CRYPTO_SUBMODULE)
add_test_suite(version)
endif()
# Make scripts and data files needed for testing available in an
# out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(compat.sh)
link_to_source(data_files)
link_to_source(scripts)
link_to_source(ssl-opt.sh)
link_to_source(suites)
endif()

14
tests/Descriptions.txt
View File

@ -2,21 +2,9 @@ test_suites
The various 'test_suite_XXX' programs from the 'tests' directory, executed
using 'make check' (Unix make) or 'make test' (Cmake), include test cases
(reference test vectors, sanity checks, malformed input for parsing
functions, etc.) for all modules except the SSL modules.
functions, etc.) for all modules.
selftests
The 'programs/test/selftest' program runs the 'XXX_self_test()' functions
of each individual module. Most of them are included in the respective
test suite, but some slower ones are only included here.
compat
The 'tests/compat.sh' script checks interoperability with OpenSSL and
GnuTLS (and ourselves!) for every common ciphersuite, in every TLS
version, both ways (client/server), using client authentication or not.
For each ciphersuite/version/side/authmode it performs a full handshake
and a small data exchange.
ssl_opt
The 'tests/ssl-opt.sh' script checks various options and/or operations not
covered by compat.sh: session resumption (using session cache or tickets),
renegotiation, SNI, other extensions, etc.

12
tests/Makefile
View File

@ -6,7 +6,8 @@ CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../include -I../library -D_FILE_OFFSET_BITS=64
CRYPTO_INCLUDES ?= -I../include
LOCAL_CFLAGS = $(WARNING_CFLAGS) $(CRYPTO_INCLUDES) -I../library -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L../library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
@ -58,6 +59,15 @@ endif
# constructed by stripping path 'suites/' and extension .data.
APPS = $(basename $(subst suites/,,$(wildcard suites/test_suite_*.data)))
# When this project is used as a submodule, exclude the following list of
# tests, which will be run from the parent module instead.
ifdef USE_CRYPTO_SUBMODULE
APPS := $(filter-out \
test_suite_version \
,$(APPS))
endif
# Construct executable name by adding OS specific suffix $(EXEXT).
BINARIES := $(addsuffix $(EXEXT),$(APPS))

1414
tests/compat.sh
View File

File diff suppressed because it is too large Load Diff

300
tests/scripts/all.sh
View File

@ -38,10 +38,6 @@
# * G++
# * arm-gcc and mingw-gcc
# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
# * OpenSSL and GnuTLS command line tools, recent enough for the
# interoperability tests. If they don't support SSLv3 then a legacy
# version of these tools must be present as well (search for LEGACY
# below).
# See the invocation of check_tools below for details.
#
# This script must be invoked from the toplevel directory of a git
@ -116,18 +112,10 @@ pre_initialize_variables () {
CONFIG_H='include/mbedtls/config.h'
CONFIG_BAK="$CONFIG_H.bak"
MEMORY=0
FORCE=0
KEEP_GOING=0
# Default commands, can be overridden by the environment
: ${OPENSSL:="openssl"}
: ${OPENSSL_LEGACY:="$OPENSSL"}
: ${OPENSSL_NEXT:="$OPENSSL"}
: ${GNUTLS_CLI:="gnutls-cli"}
: ${GNUTLS_SERV:="gnutls-serv"}
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
: ${ARMC5_BIN_DIR:=/usr/bin}
: ${ARMC6_BIN_DIR:=/usr/bin}
@ -207,13 +195,6 @@ General options:
Tool path options:
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
--armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
--gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
--gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
--gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
--gnutls-legacy-serv=<GnuTLS_serv_path> GnuTLS server executable to use for legacy tests.
--openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
--openssl-legacy=<OpenSSL_path> OpenSSL executable to use for legacy tests e.g. SSLv3.
--openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
EOF
}
@ -310,6 +291,9 @@ pre_parse_command_line () {
all_except=0
no_armcc=
# Note that legacy options are ignored instead of being omitted from this
# list of options, so invocations that worked with previous version of
# all.sh will still run and work properly.
while [ $# -gt 0 ]; do
case "$1" in
--armcc) no_armcc=;;
@ -317,26 +301,26 @@ pre_parse_command_line () {
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
--except) all_except=1;;
--force|-f) FORCE=1;;
--gnutls-cli) shift; GNUTLS_CLI="$1";;
--gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
--gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
--gnutls-serv) shift; GNUTLS_SERV="$1";;
--gnutls-cli) shift;;
--gnutls-legacy-cli) shift;;
--gnutls-legacy-serv) shift;;
--gnutls-serv) shift;;
--help|-h) usage; exit;;
--keep-going|-k) KEEP_GOING=1;;
--list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
--list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;;
--memory|-m) MEMORY=1;;
--memory|-m) ;;
--no-armcc) no_armcc=1;;
--no-force) FORCE=0;;
--no-keep-going) KEEP_GOING=0;;
--no-memory) MEMORY=0;;
--openssl) shift; OPENSSL="$1";;
--openssl-legacy) shift; OPENSSL_LEGACY="$1";;
--openssl-next) shift; OPENSSL_NEXT="$1";;
--no-memory) ;;
--openssl) shift;;
--openssl-legacy) shift;;
--openssl-next) shift;;
--out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
--random-seed) unset SEED;;
--release-test|-r) SEED=1;;
--seed|-s) shift; SEED="$1";;
--random-seed) ;;
--release-test|-r) ;;
--seed|-s) shift;;
-*)
echo >&2 "Unknown option: $1"
echo >&2 "Run $0 --help for usage."
@ -469,16 +453,7 @@ not() {
pre_print_configuration () {
msg "info: $0 configuration"
echo "MEMORY: $MEMORY"
echo "FORCE: $FORCE"
echo "SEED: ${SEED-"UNSET"}"
echo "OPENSSL: $OPENSSL"
echo "OPENSSL_LEGACY: $OPENSSL_LEGACY"
echo "OPENSSL_NEXT: $OPENSSL_NEXT"
echo "GNUTLS_CLI: $GNUTLS_CLI"
echo "GNUTLS_SERV: $GNUTLS_SERV"
echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI"
echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV"
echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
}
@ -488,30 +463,6 @@ pre_check_tools () {
# Build the list of variables to pass to output_env.sh.
set env
case " $RUN_COMPONENTS " in
# Require OpenSSL and GnuTLS if running any tests (as opposed to
# only doing builds). Not all tests run OpenSSL and GnuTLS, but this
# is a good enough approximation in practice.
*" test_"*)
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh
# and ssl-opt.sh, we just export the variables they require.
export OPENSSL_CMD="$OPENSSL"
export GNUTLS_CLI="$GNUTLS_CLI"
export GNUTLS_SERV="$GNUTLS_SERV"
# Avoid passing --seed flag in every call to ssl-opt.sh
if [ -n "${SEED-}" ]; then
export SEED
fi
set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY"
set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI"
set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV"
check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \
"$GNUTLS_CLI" "$GNUTLS_SERV" \
"$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV"
;;
esac
case " $RUN_COMPONENTS " in
*_doxygen[_\ ]*) check_tools "doxygen" "dot";;
esac
@ -605,12 +556,6 @@ component_test_default_cmake_gcc_asan () {
msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s
make test
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
if_build_succeeded tests/ssl-opt.sh
msg "test: compat.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/compat.sh
}
component_test_ref_configs () {
@ -619,36 +564,6 @@ component_test_ref_configs () {
record_status tests/scripts/test-ref-configs.pl
}
component_test_sslv3 () {
msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/ssl-opt.sh
}
component_test_no_renegotiation () {
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
if_build_succeeded tests/ssl-opt.sh
}
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
scripts/config.pl set MBEDTLS_RSA_NO_CRT
@ -657,54 +572,6 @@ component_test_rsa_no_crt () {
msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
if_build_succeeded tests/ssl-opt.sh -f RSA
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
if_build_succeeded tests/compat.sh -t RSA
}
component_test_small_ssl_out_content_len () {
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
}
component_test_small_ssl_in_content_len () {
msg "build: small SSL_IN_CONTENT_LEN (ASan build)"
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096
scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
}
component_test_small_ssl_dtls_max_buffering () {
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0"
scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
}
component_test_small_mbedtls_ssl_dtls_max_buffering () {
msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1"
scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
}
component_test_full_cmake_clang () {
@ -719,15 +586,6 @@ component_test_full_cmake_clang () {
msg "test: psa_constant_names (full config)" # ~ 1s
record_status tests/scripts/test_psa_constant_names.py
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
msg "test: compat.sh ARIA + ChachaPoly"
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
component_build_deprecated () {
@ -764,11 +622,6 @@ component_test_depends_pkalgs () {
record_status tests/scripts/depends-pkalgs.pl
}
component_build_key_exchanges () {
msg "test/build: key-exchanges (gcc)" # ~ 1 min
record_status tests/scripts/key-exchanges.pl
}
component_build_default_make_gcc_and_cxx () {
msg "build: Unix make, -Os (gcc)" # ~ 30s
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
@ -793,21 +646,6 @@ component_test_use_psa_crypto_full_cmake_asan() {
msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)"
make test
msg "test: ssl-opt.sh (MBEDTLS_USE_PSA_CRYPTO)"
if_build_succeeded tests/ssl-opt.sh
msg "test: compat.sh default (MBEDTLS_USE_PSA_CRYPTO)"
if_build_succeeded tests/compat.sh
msg "test: compat.sh ssl3 (MBEDTLS_USE_PSA_CRYPTO)"
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
msg "test: compat.sh RC4, DES & NULL (MBEDTLS_USE_PSA_CRYPTO)"
if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
msg "test: compat.sh ARIA + ChachaPoly (MBEDTLS_USE_PSA_CRYPTO)"
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
component_test_check_params_without_platform () {
@ -868,69 +706,6 @@ component_build_no_std_function () {
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
}
component_build_no_ssl_srv () {
msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_SSL_SRV_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
}
component_build_no_ssl_cli () {
msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_SSL_CLI_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0'
}
component_build_no_sockets () {
# Note, C99 compliance can also be tested with the sockets support disabled,
# as that requires a POSIX platform (which isn't the same as C99).
msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib
}
component_test_no_max_fragment_length () {
# Run max fragment length tests with MFL disabled
msg "build: default config except MFL extension (ASan build)" # ~ 30s
scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: ssl-opt.sh, MFL-related tests"
if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
}
component_test_asan_remove_peer_certificate () {
msg "build: default config with MBEDTLS_SSL_KEEP_PEER_CERTIFICATE disabled (ASan build)"
scripts/config.pl unset MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
make test
msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
if_build_succeeded tests/ssl-opt.sh
msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
if_build_succeeded tests/compat.sh
}
component_test_no_max_fragment_length_small_ssl_out_content_len () {
msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)"
scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384
scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: MFL tests (disabled MFL extension case) & large packet tests"
if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
}
component_test_null_entropy () {
msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)"
scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY
@ -1192,15 +967,6 @@ component_build_armcc () {
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
}
component_test_allow_sha1 () {
msg "build: allow SHA1 in certificates by default"
scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
make CFLAGS='-Werror -Wall -Wextra'
msg "test: allow SHA1 in certificates by default"
make test
if_build_succeeded tests/ssl-opt.sh -f SHA-1
}
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
@ -1223,16 +989,6 @@ component_test_memsan () {
msg "test: main suites (MSan)" # ~ 10s
make test
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
if_build_succeeded tests/ssl-opt.sh
# Optional part(s)
if [ "$MEMORY" -gt 0 ]; then
msg "test: compat.sh (MSan)" # ~ 6 min 20s
if_build_succeeded tests/compat.sh
fi
}
component_test_valgrind () {
@ -1242,20 +998,6 @@ component_test_valgrind () {
msg "test: main suites valgrind (Release)"
make memcheck
# Optional part(s)
# Currently broken, programs don't seem to receive signals
# under valgrind on OS X
if [ "$MEMORY" -gt 0 ]; then
msg "test: ssl-opt.sh --memcheck (Release)"
if_build_succeeded tests/ssl-opt.sh --memcheck
fi
if [ "$MEMORY" -gt 1 ]; then
msg "test: compat.sh --memcheck (Release)"
if_build_succeeded tests/compat.sh --memcheck
fi
}
component_test_cmake_out_of_source () {
@ -1268,17 +1010,7 @@ component_test_cmake_out_of_source () {
msg "test: cmake 'out-of-source' build"
make test
# Test an SSL option that requires an auxiliary script in test/scripts/.
# Also ensure that there are no error messages such as
# "No such file or directory", which would indicate that some required
# file is missing (ssl-opt.sh tolerates the absence of some files so
# may exit with status 0 but emit errors).
if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
if [ -s ssl-opt.err ]; then
cat ssl-opt.err >&2
record_status [ ! -s ssl-opt.err ]
rm ssl-opt.err
fi
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
unset MBEDTLS_ROOT_DIR

87
tests/scripts/basic-build-test.sh
View File

@ -14,8 +14,6 @@
# The tests include:
# * Unit tests - executed using tests/scripts/run-test-suite.pl
# * Self-tests - executed using the test suites above
# * System tests - executed using tests/ssl-opt.sh
# * Interoperability tests - executed using tests/compat.sh
#
# The tests focus on functionality and do not consider performance.
#
@ -36,30 +34,11 @@ if [ -d library -a -d include -a -d tests ]; then :; else
exit 1
fi
: ${OPENSSL:="openssl"}
: ${OPENSSL_LEGACY:="$OPENSSL"}
: ${GNUTLS_CLI:="gnutls-cli"}
: ${GNUTLS_SERV:="gnutls-serv"}
: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"}
: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"}
# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh
# we just export the variables they require
export OPENSSL_CMD="$OPENSSL"
export GNUTLS_CLI="$GNUTLS_CLI"
export GNUTLS_SERV="$GNUTLS_SERV"
CONFIG_H='include/mbedtls/config.h'
CONFIG_BAK="$CONFIG_H.bak"
# Step 0 - print build environment info
OPENSSL="$OPENSSL" \
OPENSSL_LEGACY="$OPENSSL_LEGACY" \
GNUTLS_CLI="$GNUTLS_CLI" \
GNUTLS_SERV="$GNUTLS_SERV" \
GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \
GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" \
scripts/output_env.sh
scripts/output_env.sh
echo
# Step 1 - Make and instrumented build for code coverage
@ -79,25 +58,6 @@ cd tests
perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT
echo
# Step 2b - System Tests
sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT
echo
# Step 2c - Compatibility tests
sh compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' | \
tee compat-test-$TEST_OUTPUT
OPENSSL_CMD="$OPENSSL_LEGACY" \
sh compat.sh -m 'ssl3' |tee -a compat-test-$TEST_OUTPUT
OPENSSL_CMD="$OPENSSL_LEGACY" \
GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \
GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \
sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \
tee -a compat-test-$TEST_OUTPUT
OPENSSL_CMD="$OPENSSL_NEXT" \
sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \
tee -a compat-test-$TEST_OUTPUT
echo
# Step 3 - Process the coverage report
cd ..
make lcov |tee tests/cov-$TEST_OUTPUT
@ -133,49 +93,6 @@ TOTAL_SKIP=$SKIPPED_TESTS
TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))
TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS))
# Step 4b - TLS Options tests
echo "TLS Options tests - tests/ssl-opt.sh"
PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p')
SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p')
TOTAL_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p')
FAILED_TESTS=$(($TOTAL_TESTS - $PASSED_TESTS))
echo "Passed : $PASSED_TESTS"
echo "Failed : $FAILED_TESTS"
echo "Skipped : $SKIPPED_TESTS"
echo "Total exec'd tests : $TOTAL_TESTS"
echo "Total avail tests : $(($TOTAL_TESTS + $SKIPPED_TESTS))"
echo
TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS))
TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS))
# Step 4c - System Compatibility tests
echo "System/Compatibility tests - tests/compat.sh"
PASSED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
SKIPPED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
EXED_TESTS=$(cat compat-test-$TEST_OUTPUT | sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p' | awk 'BEGIN{ s = 0 } { s += $1 } END{ print s }')
FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS))
echo "Passed : $PASSED_TESTS"
echo "Failed : $FAILED_TESTS"
echo "Skipped : $SKIPPED_TESTS"
echo "Total exec'd tests : $EXED_TESTS"
echo "Total avail tests : $(($EXED_TESTS + $SKIPPED_TESTS))"
echo
TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS))
TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS))
# Step 4d - Grand totals
echo "-------------------------------------------------------------------------"
@ -209,8 +126,6 @@ echo
rm unit-test-$TEST_OUTPUT
rm sys-test-$TEST_OUTPUT
rm compat-test-$TEST_OUTPUT
rm cov-$TEST_OUTPUT
cd ..

2
tests/scripts/check-generated-files.sh
View File

@ -65,6 +65,6 @@ check()
}
check scripts/generate_errors.pl library/error.c
check scripts/generate_query_config.pl programs/ssl/query_config.c
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_visualc_files.pl visualc/VS2010

62
tests/scripts/key-exchanges.pl
View File

@ -1,62 +0,0 @@
#!/usr/bin/env perl
# key-exchanges.pl
#
# Copyright (c) 2015-2017, ARM Limited, All Rights Reserved
#
# Purpose
#
# To test the code dependencies on individual key exchanges in the SSL module.
# is a verification step to ensure we don't ship SSL code that do not work
# for some build options.
#
# The process is:
# for each possible key exchange
# build the library with all but that key exchange disabled
#
# Usage: tests/scripts/key-exchanges.pl
#
# This script should be executed from the root of the project directory.
#
# For best effect, run either with cmake disabled, or cmake enabled in a mode
# that includes -Werror.
use warnings;
use strict;
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
my $sed_cmd = 's/^#define \(MBEDTLS_KEY_EXCHANGE_.*_ENABLED\)/\1/p';
my $config_h = 'include/mbedtls/config.h';
my @kexes = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
system( "cp $config_h $config_h.bak" ) and die;
sub abort {
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
# use an exit code between 1 and 124 for git bisect (die returns 255)
warn $_[0];
exit 1;
}
for my $kex (@kexes) {
system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
system( "make clean" ) and die;
print "\n******************************************\n";
print "* Testing with key exchange: $kex\n";
print "******************************************\n";
# full config with all key exchanges disabled except one
system( "scripts/config.pl full" ) and abort "Failed config full\n";
for my $k (@kexes) {
next if $k eq $kex;
system( "scripts/config.pl unset $k" )
and abort "Failed to disable $k\n";
}
system( "make lib CFLAGS='-Os -Werror'" ) and abort "Failed to build lib: $kex\n";
}
system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
system( "make clean" ) and die;
exit 0;

3
tests/scripts/recursion.pl
View File

@ -16,8 +16,7 @@ use open qw(:std utf8);
# exclude functions that are ok:
# - mpi_write_hlp: bounded by size of mbedtls_mpi, a compile-time constant
# - x509_crt_verify_child: bounded by MBEDTLS_X509_MAX_INTERMEDIATE_CA
my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
my $known_ok = qr/mpi_write_hlp/;
my $cur_name;
my $inside;

86
tests/scripts/tcp_client.pl
View File

@ -1,86 +0,0 @@
#!/usr/bin/env perl
# A simple TCP client that sends some data and expects a response.
# Usage: tcp_client.pl HOSTNAME PORT DATA1 RESPONSE1
# DATA: hex-encoded data to send to the server
# RESPONSE: regexp that must match the server's response
use warnings;
use strict;
use IO::Socket::INET;
# Pack hex digits into a binary string, ignoring whitespace.
sub parse_hex {
my ($hex) = @_;
$hex =~ s/\s+//g;
return pack('H*', $hex);
}
## Open a TCP connection to the specified host and port.
sub open_connection {
my ($host, $port) = @_;
my $socket = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => $port,
Proto => 'tcp',
Timeout => 1);
die "Cannot connect to $host:$port: $!" unless $socket;
return $socket;
}
## Close the TCP connection.
sub close_connection {
my ($connection) = @_;
$connection->shutdown(2);
# Ignore shutdown failures (at least for now)
return 1;
}
## Write the given data, expressed as hexadecimal
sub write_data {
my ($connection, $hexdata) = @_;
my $data = parse_hex($hexdata);
my $total_sent = 0;
while ($total_sent < length($data)) {
my $sent = $connection->send($data, 0);
if (!defined $sent) {
die "Unable to send data: $!";
}
$total_sent += $sent;
}
return 1;
}
## Read a response and check it against an expected prefix
sub read_response {
my ($connection, $expected_hex) = @_;
my $expected_data = parse_hex($expected_hex);
my $start_offset = 0;
while ($start_offset < length($expected_data)) {
my $actual_data;
my $ok = $connection->recv($actual_data, length($expected_data));
if (!defined $ok) {
die "Unable to receive data: $!";
}
if (($actual_data ^ substr($expected_data, $start_offset)) =~ /[^\000]/) {
printf STDERR ("Received \\x%02x instead of \\x%02x at offset %d\n",
ord(substr($actual_data, $-[0], 1)),
ord(substr($expected_data, $start_offset + $-[0], 1)),
$start_offset + $-[0]);
return 0;
}
$start_offset += length($actual_data);
}
return 1;
}
if (@ARGV != 4) {
print STDERR "Usage: $0 HOSTNAME PORT DATA1 RESPONSE1\n";
exit(3);
}
my ($host, $port, $data1, $response1) = @ARGV;
my $connection = open_connection($host, $port);
write_data($connection, $data1);
if (!read_response($connection, $response1)) {
exit(1);
}
close_connection($connection);

32
tests/scripts/test-ref-configs.pl
View File

@ -9,7 +9,7 @@
# Purpose
#
# For each reference configuration file in the configs directory, build the
# configuration, run the test suites and compat.sh
# configuration and run the test suites.
#
# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
@ -18,20 +18,14 @@ use strict;
my %configs = (
'config-default.h' => {
'opt' => '-f Default',
'compat' => '-m tls1_2 -V NO',
},
'config-mini-tls1_1.h' => {
'compat' => '-m tls1_1 -f \'^DES-CBC3-SHA$\|^TLS-RSA-WITH-3DES-EDE-CBC-SHA$\'',
},
'config-suite-b.h' => {
'compat' => "-m tls1_2 -f 'ECDHE-ECDSA.*AES.*GCM' -p mbedTLS",
},
'config-ccm-psk-tls1_2.h' => {
'compat' => '-m tls1_2 -f \'^TLS-PSK-WITH-AES-...-CCM-8\'',
},
'config-thread.h' => {
'opt' => '-f ECJPAKE.*nolog',
},
);
@ -75,30 +69,6 @@ while( my ($conf, $data) = each %configs ) {
system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf\n";
system( "make test" ) and abort "Failed test suite: $conf\n";
my $compat = $data->{'compat'};
if( $compat )
{
print "\nrunning compat.sh $compat\n";
system( "tests/compat.sh $compat" )
and abort "Failed compat.sh: $conf\n";
}
else
{
print "\nskipping compat.sh\n";
}
my $opt = $data->{'opt'};
if( $opt )
{
print "\nrunning ssl-opt.sh $opt\n";
system( "tests/ssl-opt.sh $opt" )
and abort "Failed ssl-opt.sh: $conf\n";
}
else
{
print "\nskipping ssl-opt.sh\n";
}
}
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";

36
tests/scripts/travis-log-failure.sh
View File

@ -1,36 +0,0 @@
#!/bin/sh
# travis-log-failure.sh
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2016, ARM Limited, All Rights Reserved
#
# Purpose
#
# List the server and client logs on failed ssl-opt.sh and compat.sh tests.
# This script is used to make the logs show up in the Travis test results.
#
# Some of the logs can be very long: this means usually a couple of megabytes
# but it can be much more. For example, the client log of test 273 in ssl-opt.sh
# is more than 630 Megabytes long.
if [ -d include/mbedtls ]; then :; else
echo "$0: must be run from root" >&2
exit 1
fi
FILES="o-srv-*.log o-cli-*.log c-srv-*.log c-cli-*.log o-pxy-*.log"
MAX_LOG_SIZE=1048576
for PATTERN in $FILES; do
for LOG in $( ls tests/$PATTERN 2>/dev/null ); do
echo
echo "****** BEGIN file: $LOG ******"
echo
tail -c $MAX_LOG_SIZE $LOG
echo "****** END file: $LOG ******"
echo
rm $LOG
done
done

7707
tests/ssl-opt.sh
View File

File diff suppressed because it is too large Load Diff

64
tests/suites/test_suite_debug.data
View File

@ -1,64 +0,0 @@
Debug print msg (threshold 1, level 0)
debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"
Debug print msg (threshold 1, level 1)
debug_print_msg_threshold:1:1:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"
Debug print msg (threshold 1, level 2)
debug_print_msg_threshold:1:2:"MyFile":999:""
Debug print msg (threshold 0, level 1)
debug_print_msg_threshold:0:1:"MyFile":999:""
Debug print msg (threshold 0, level 5)
debug_print_msg_threshold:0:5:"MyFile":999:""
Debug print return value #1
mbedtls_debug_print_ret:"MyFile":999:"Test return value":0:"MyFile(0999)\: Test return value() returned 0 (-0x0000)\n"
Debug print return value #2
mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0x1000:"MyFile(0999)\: Test return value() returned -4096 (-0x1000)\n"
Debug print return value #3
mbedtls_debug_print_ret:"MyFile":999:"Test return value":-0xFFFF:"MyFile(0999)\: Test return value() returned -65535 (-0xffff)\n"
Debug print buffer #1
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n"
Debug print buffer #2
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00 .\n"
Debug print buffer #3
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n"
Debug print buffer #4
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 00 .\n"
Debug print buffer #5
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
Debug print certificate #1 (RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2011-02-12 14\:44\:06\nMyFile(0999)\: expires on \: 2021-02-12 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
Debug print mbedtls_mpi #1
mbedtls_debug_print_mpi:16:"01020304050607":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (49 bits) is\:\nMyFile(0999)\: 01 02 03 04 05 06 07\n"
Debug print mbedtls_mpi #2
mbedtls_debug_print_mpi:16:"00000000000007":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (3 bits) is\:\nMyFile(0999)\: 07\n"
Debug print mbedtls_mpi #3
mbedtls_debug_print_mpi:16:"00000000000000":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (0 bits) is\:\nMyFile(0999)\: 00\n"
Debug print mbedtls_mpi #4
mbedtls_debug_print_mpi:16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
Debug print mbedtls_mpi #5
mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (764 bits) is\:\nMyFile(0999)\: 09 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a\nMyFile(0999)\: 14 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90\nMyFile(0999)\: ff e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c\nMyFile(0999)\: 09 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89\nMyFile(0999)\: af 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b\nMyFile(0999)\: 52 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"
Debug print mbedtls_mpi #6
mbedtls_debug_print_mpi:16:"0000000000000000000000000000000000000000000000000000000041379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"MyFile":999:"VALUE":"MyFile(0999)\: value of 'VALUE' (759 bits) is\:\nMyFile(0999)\: 41 37 9d 00 fe d1 49 1f e1 5d f2 84 df de 4a 14\nMyFile(0999)\: 2f 68 aa 8d 41 20 23 19 5c ee 66 88 3e 62 90 ff\nMyFile(0999)\: e7 03 f4 ea 59 63 bf 21 27 13 ce e4 6b 10 7c 09\nMyFile(0999)\: 18 2b 5e dc d9 55 ad ac 41 8b f4 91 8e 28 89 af\nMyFile(0999)\: 48 e1 09 9d 51 38 30 ce c8 5c 26 ac 1e 15 8b 52\nMyFile(0999)\: 62 0e 33 ba 86 92 f8 93 ef bb 2f 95 8b 44 24\n"

195
tests/suites/test_suite_debug.function
View File

@ -1,195 +0,0 @@
/* BEGIN_HEADER */
#include "mbedtls/debug.h"
#include "string.h"
struct buffer_data
{
char buf[2000];
char *ptr;
};
void string_debug(void *data, int level, const char *file, int line, const char *str)
{
struct buffer_data *buffer = (struct buffer_data *) data;
char *p = buffer->ptr;
((void) level);
memcpy( p, file, strlen( file ) );
p += strlen( file );
*p++ = '(';
*p++ = '0' + ( line / 1000 ) % 10;
*p++ = '0' + ( line / 100 ) % 10;
*p++ = '0' + ( line / 10 ) % 10;
*p++ = '0' + ( line / 1 ) % 10;
*p++ = ')';
*p++ = ':';
*p++ = ' ';
#if defined(MBEDTLS_THREADING_C)
/* Skip "thread ID" (up to the first space) as it is not predictable */
while( *str++ != ' ' );
#endif
memcpy( p, str, strlen( str ) );
p += strlen( str );
/* Detect if debug messages output partial lines and mark them */
if( p[-1] != '\n' )
*p++ = '*';
buffer->ptr = p;
}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_DEBUG_C:MBEDTLS_SSL_TLS_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void debug_print_msg_threshold( int threshold, int level, char * file,
int line, char * result_str )
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_debug_set_threshold( threshold );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_msg( &ssl, level, file, line,
"Text message, 2 == %d", 2 );
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
exit:
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_debug_print_ret( char * file, int line, char * text, int value,
char * result_str )
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_ret( &ssl, 0, file, line, text, value);
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
exit:
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_debug_print_buf( char * file, int line, char * text,
data_t * data, char * result_str )
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_buf( &ssl, 0, file, line, text, data->x, data->len );
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
exit:
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
char * prefix, char * result_str )
{
mbedtls_x509_crt crt;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_x509_crt_init( &crt );
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
mbedtls_debug_print_crt( &ssl, 0, file, line, prefix, &crt);
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
exit:
mbedtls_x509_crt_free( &crt );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_BIGNUM_C */
void mbedtls_debug_print_mpi( int radix, char * value, char * file, int line,
char * prefix, char * result_str )
{
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
struct buffer_data buffer;
mbedtls_mpi val;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_mpi_init( &val );
memset( buffer.buf, 0, 2000 );
buffer.ptr = buffer.buf;
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &val, radix, value ) == 0 );
mbedtls_ssl_conf_dbg( &conf, string_debug, &buffer);
mbedtls_debug_print_mpi( &ssl, 0, file, line, prefix, &val);
TEST_ASSERT( strcmp( buffer.buf, result_str ) == 0 );
exit:
mbedtls_mpi_free( &val );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */

59
tests/suites/test_suite_ssl.data
View File

@ -1,59 +0,0 @@
SSL DTLS replay: initial state, seqnum 0
ssl_dtls_replay:"":"000000000000":0
SSL DTLS replay: 0 seen, 1 arriving
ssl_dtls_replay:"000000000000":"000000000001":0
SSL DTLS replay: 0 seen, 0 replayed
ssl_dtls_replay:"000000000000":"000000000000":-1
SSL DTLS replay: 0-1 seen, 2 arriving
ssl_dtls_replay:"000000000000000000000001":"000000000002":0
SSL DTLS replay: 0-1 seen, 1 replayed
ssl_dtls_replay:"000000000000000000000001":"000000000001":-1
SSL DTLS replay: 0-1 seen, 0 replayed
ssl_dtls_replay:"000000000000000000000001":"000000000000":-1
SSL DTLS replay: new
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340004":0
SSL DTLS replay: way new
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12350000":0
SSL DTLS replay: delayed
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340002":0
SSL DTLS replay: lastest replayed
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340003":-1
SSL DTLS replay: older replayed
ssl_dtls_replay:"abcd12340000abcd12340001abcd12340003":"abcd12340001":-1
SSL DTLS replay: most recent in window, replayed
ssl_dtls_replay:"abcd12340000abcd12340002abcd12340003":"abcd12340002":-1
SSL DTLS replay: oldest in window, replayed
ssl_dtls_replay:"abcd12340000abcd12340001abcd1234003f":"abcd12340000":-1
SSL DTLS replay: oldest in window, not replayed
ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12340000":0
SSL DTLS replay: just out of the window
ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd1233ffff":-1
SSL DTLS replay: way out of the window
ssl_dtls_replay:"abcd12340001abcd12340002abcd1234003f":"abcd12330000":-1
SSL DTLS replay: big jump then replay
ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340100":-1
SSL DTLS replay: big jump then new
ssl_dtls_replay:"abcd12340000abcd12340100":"abcd12340101":0
SSL DTLS replay: big jump then just delayed
ssl_dtls_replay:"abcd12340000abcd12340100":"abcd123400ff":0
SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice
ssl_set_hostname_twice:"server0":"server1"

54
tests/suites/test_suite_ssl.function
View File

@ -1,54 +0,0 @@
/* BEGIN_HEADER */
#include <mbedtls/ssl.h>
#include <mbedtls/ssl_internal.h>
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_SSL_TLS_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_SSL_DTLS_ANTI_REPLAY */
void ssl_dtls_replay( data_t * prevs, data_t * new, int ret )
{
uint32_t len = 0;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
TEST_ASSERT( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ) == 0 );
TEST_ASSERT( mbedtls_ssl_setup( &ssl, &conf ) == 0 );
/* Read previous record numbers */
for( len = 0; len < prevs->len; len += 6 )
{
memcpy( ssl.in_ctr + 2, prevs->x + len, 6 );
mbedtls_ssl_dtls_replay_update( &ssl );
}
/* Check new number */
memcpy( ssl.in_ctr + 2, new->x, 6 );
TEST_ASSERT( mbedtls_ssl_dtls_replay_check( &ssl ) == ret );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void ssl_set_hostname_twice( char *hostname0, char *hostname1 )
{
mbedtls_ssl_context ssl;
mbedtls_ssl_init( &ssl );
TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 );
TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 );
mbedtls_ssl_free( &ssl );
}
/* END_CASE */

1995
tests/suites/test_suite_x509parse.data
View File

File diff suppressed because it is too large Load Diff

861
tests/suites/test_suite_x509parse.function
View File

@ -1,861 +0,0 @@
/* BEGIN_HEADER */
#include "mbedtls/bignum.h"
#include "mbedtls/x509.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_crl.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/base64.h"
#include "string.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \
than the current threshold 19. To test larger values, please \
adapt the script tests/data_files/dir-max/long.sh."
#endif
/* Profile for backward compatibility. Allows SHA-1, unlike the default
profile. */
const mbedtls_x509_crt_profile compat_profile =
{
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
0xFFFFFFF, /* Any PK alg */
0xFFFFFFF, /* Any curve */
1024,
};
const mbedtls_x509_crt_profile profile_rsa3072 =
{
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA ),
0,
3072,
};
const mbedtls_x509_crt_profile profile_sha512 =
{
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA512 ),
0xFFFFFFF, /* Any PK alg */
0xFFFFFFF, /* Any curve */
1024,
};
int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
((void) data);
((void) crt);
((void) certificate_depth);
*flags |= MBEDTLS_X509_BADCERT_OTHER;
return 0;
}
int verify_all( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
((void) data);
((void) crt);
((void) certificate_depth);
*flags = 0;
return 0;
}
int verify_fatal( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
int *levels = (int *) data;
((void) crt);
((void) certificate_depth);
/* Simulate a fatal error in the callback */
if( *levels & ( 1 << certificate_depth ) )
{
*flags |= ( 1 << certificate_depth );
return( -1 - certificate_depth );
}
return( 0 );
}
/* strsep() not available on Windows */
char *mystrsep(char **stringp, const char *delim)
{
const char *p;
char *ret = *stringp;
if( *stringp == NULL )
return( NULL );
for( ; ; (*stringp)++ )
{
if( **stringp == '\0' )
{
*stringp = NULL;
goto done;
}
for( p = delim; *p != '\0'; p++ )
if( **stringp == *p )
{
**stringp = '\0';
(*stringp)++;
goto done;
}
}
done:
return( ret );
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
typedef struct {
char buf[512];
char *p;
} verify_print_context;
void verify_print_init( verify_print_context *ctx )
{
memset( ctx, 0, sizeof( verify_print_context ) );
ctx->p = ctx->buf;
}
int verify_print( void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags )
{
int ret;
verify_print_context *ctx = (verify_print_context *) data;
char *p = ctx->p;
size_t n = ctx->buf + sizeof( ctx->buf ) - ctx->p;
((void) flags);
ret = mbedtls_snprintf( p, n, "depth %d - serial ", certificate_depth );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_serial_gets( p, n, &crt->serial );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, " - subject " );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_x509_dn_gets( p, n, &crt->subject );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, " - flags 0x%08x\n", *flags );
MBEDTLS_X509_SAFE_SNPRINTF;
ctx->p = p;
return( 0 );
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_BIGNUM_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_cert_info( char * crt_file, char * result_str )
{
mbedtls_x509_crt crt;
char buf[2000];
int res;
mbedtls_x509_crt_init( &crt );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
res = mbedtls_x509_crt_info( buf, 2000, "", &crt );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
void mbedtls_x509_crl_info( char * crl_file, char * result_str )
{
mbedtls_x509_crl crl;
char buf[2000];
int res;
mbedtls_x509_crl_init( &crl );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
res = mbedtls_x509_crl_info( buf, 2000, "", &crl );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
exit:
mbedtls_x509_crl_free( &crl );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
void mbedtls_x509_crl_parse( char * crl_file, int result )
{
mbedtls_x509_crl crl;
char buf[2000];
mbedtls_x509_crl_init( &crl );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == result );
exit:
mbedtls_x509_crl_free( &crl );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
void mbedtls_x509_csr_info( char * csr_file, char * result_str )
{
mbedtls_x509_csr csr;
char buf[2000];
int res;
mbedtls_x509_csr_init( &csr );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_csr_parse_file( &csr, csr_file ) == 0 );
res = mbedtls_x509_csr_info( buf, 2000, "", &csr );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
exit:
mbedtls_x509_csr_free( &csr );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void x509_verify_info( int flags, char * prefix, char * result_str )
{
char buf[2000];
int res;
memset( buf, 0, sizeof( buf ) );
res = mbedtls_x509_crt_verify_info( buf, sizeof( buf ), prefix, flags );
TEST_ASSERT( res >= 0 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_ECP_RESTARTABLE:MBEDTLS_ECDSA_C */
void x509_verify_restart( char *crt_file, char *ca_file,
int result, int flags_result,
int max_ops, int min_restart, int max_restart )
{
int ret, cnt_restart;
mbedtls_x509_crt_restart_ctx rs_ctx;
mbedtls_x509_crt crt;
mbedtls_x509_crt ca;
uint32_t flags = 0;
/*
* See comments on ecp_test_vect_restart() for op count precision.
*
* For reference, with mbed TLS 2.6 and default settings:
* - ecdsa_verify() for P-256: ~ 6700
* - ecdsa_verify() for P-384: ~ 18800
* - x509_verify() for server5 -> test-ca2: ~ 18800
* - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
*/
mbedtls_x509_crt_restart_init( &rs_ctx );
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
mbedtls_ecp_set_max_ops( max_ops );
cnt_restart = 0;
do {
ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
&mbedtls_x509_crt_profile_default, NULL, &flags,
NULL, NULL, &rs_ctx );
} while( ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart );
TEST_ASSERT( ret == result );
TEST_ASSERT( flags == (uint32_t) flags_result );
TEST_ASSERT( cnt_restart >= min_restart );
TEST_ASSERT( cnt_restart <= max_restart );
/* Do we leak memory when aborting? */
ret = mbedtls_x509_crt_verify_restartable( &crt, &ca, NULL,
&mbedtls_x509_crt_profile_default, NULL, &flags,
NULL, NULL, &rs_ctx );
TEST_ASSERT( ret == result || ret == MBEDTLS_ERR_ECP_IN_PROGRESS );
exit:
mbedtls_x509_crt_restart_free( &rs_ctx );
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_free( &ca );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
char *cn_name_str, int result, int flags_result,
char *profile_str,
char *verify_callback )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt ca;
mbedtls_x509_crl crl;
uint32_t flags = 0;
int res;
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
char * cn_name = NULL;
const mbedtls_x509_crt_profile *profile;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
TEST_ASSERT( psa_crypto_init() == 0 );
#endif
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
mbedtls_x509_crl_init( &crl );
if( strcmp( cn_name_str, "NULL" ) != 0 )
cn_name = cn_name_str;
if( strcmp( profile_str, "" ) == 0 )
profile = &mbedtls_x509_crt_profile_default;
else if( strcmp( profile_str, "next" ) == 0 )
profile = &mbedtls_x509_crt_profile_next;
else if( strcmp( profile_str, "suite_b" ) == 0 )
profile = &mbedtls_x509_crt_profile_suiteb;
else if( strcmp( profile_str, "compat" ) == 0 )
profile = &compat_profile;
else
TEST_ASSERT( "Unknown algorithm profile" == 0 );
if( strcmp( verify_callback, "NULL" ) == 0 )
f_vrfy = NULL;
else if( strcmp( verify_callback, "verify_none" ) == 0 )
f_vrfy = verify_none;
else if( strcmp( verify_callback, "verify_all" ) == 0 )
f_vrfy = verify_all;
else
TEST_ASSERT( "No known verify callback selected" == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
TEST_ASSERT( res == ( result ) );
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
exit:
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_free( &ca );
mbedtls_x509_crl_free( &crl );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_verify_callback( char *crt_file, char *ca_file, char *name,
int exp_ret, char *exp_vrfy_out )
{
int ret;
mbedtls_x509_crt crt;
mbedtls_x509_crt ca;
uint32_t flags = 0;
verify_print_context vrfy_ctx;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
TEST_ASSERT( psa_crypto_init() == 0 );
#endif
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
verify_print_init( &vrfy_ctx );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
if( strcmp( name, "NULL" ) == 0 )
name = NULL;
ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
&compat_profile,
name, &flags,
verify_print, &vrfy_ctx );
TEST_ASSERT( ret == exp_ret );
TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
exit:
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_free( &ca );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
{
mbedtls_x509_crt crt;
char buf[2000];
int res = 0;
mbedtls_x509_crt_init( &crt );
memset( buf, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
if( strcmp( entity, "subject" ) == 0 )
res = mbedtls_x509_dn_gets( buf, 2000, &crt.subject );
else if( strcmp( entity, "issuer" ) == 0 )
res = mbedtls_x509_dn_gets( buf, 2000, &crt.issuer );
else
TEST_ASSERT( "Unknown entity" == 0 );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_time_is_past( char * crt_file, char * entity, int result )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
if( strcmp( entity, "valid_from" ) == 0 )
TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_from ) == result );
else if( strcmp( entity, "valid_to" ) == 0 )
TEST_ASSERT( mbedtls_x509_time_is_past( &crt.valid_to ) == result );
else
TEST_ASSERT( "Unknown entity" == 0 );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_time_is_future( char * crt_file, char * entity, int result )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
if( strcmp( entity, "valid_from" ) == 0 )
TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_from ) == result );
else if( strcmp( entity, "valid_to" ) == 0 )
TEST_ASSERT( mbedtls_x509_time_is_future( &crt.valid_to ) == result );
else
TEST_ASSERT( "Unknown entity" == 0 );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_FS_IO */
void x509parse_crt_file( char * crt_file, int result )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == result );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void x509parse_crt( data_t * buf, char * result_str, int result )
{
mbedtls_x509_crt crt;
unsigned char output[2000];
int res;
mbedtls_x509_crt_init( &crt );
memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_init( &crt );
memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
void x509parse_crl( data_t * buf, char * result_str, int result )
{
mbedtls_x509_crl crl;
unsigned char output[2000];
int res;
mbedtls_x509_crl_init( &crl );
memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crl_parse( &crl, buf->x, buf->len ) == ( result ) );
if( ( result ) == 0 )
{
res = mbedtls_x509_crl_info( (char *) output, 2000, "", &crl );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
exit:
mbedtls_x509_crl_free( &crl );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
{
mbedtls_x509_csr csr;
char my_out[1000];
int my_ret;
mbedtls_x509_csr_init( &csr );
memset( my_out, 0, sizeof( my_out ) );
my_ret = mbedtls_x509_csr_parse_der( &csr, csr_der->x, csr_der->len );
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
{
size_t my_out_len = mbedtls_x509_csr_info( my_out, sizeof( my_out ), "", &csr );
TEST_ASSERT( my_out_len == strlen( ref_out ) );
TEST_ASSERT( strcmp( my_out, ref_out ) == 0 );
}
exit:
mbedtls_x509_csr_free( &csr );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_crt_parse_path( char * crt_path, int ret, int nb_crt )
{
mbedtls_x509_crt chain, *cur;
int i;
mbedtls_x509_crt_init( &chain );
TEST_ASSERT( mbedtls_x509_crt_parse_path( &chain, crt_path ) == ret );
/* Check how many certs we got */
for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
if( cur->raw.p != NULL )
i++;
TEST_ASSERT( i == nb_crt );
exit:
mbedtls_x509_crt_free( &chain );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int,
int ret_chk, int flags_chk )
{
char file_buf[128];
int ret;
uint32_t flags;
mbedtls_x509_crt trusted, chain;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
TEST_ASSERT( psa_crypto_init() == 0 );
#endif
/*
* We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
* with NN.crt signed by NN-1.crt
*/
mbedtls_x509_crt_init( &trusted );
mbedtls_x509_crt_init( &chain );
/* Load trusted root */
TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 );
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
nb_int + 1 );
TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 );
/* Try to verify that chain */
ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags,
NULL, NULL );
TEST_ASSERT( ret == ret_chk );
TEST_ASSERT( flags == (uint32_t) flags_chk );
exit:
mbedtls_x509_crt_free( &chain );
mbedtls_x509_crt_free( &trusted );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca,
int flags_result, int result,
char *profile_name, int vrfy_fatal_lvls )
{
char* act;
uint32_t flags;
int res;
mbedtls_x509_crt trusted, chain;
const mbedtls_x509_crt_profile *profile = NULL;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
TEST_ASSERT( psa_crypto_init() == 0 );
#endif
mbedtls_x509_crt_init( &chain );
mbedtls_x509_crt_init( &trusted );
while( ( act = mystrsep( &chain_paths, " " ) ) != NULL )
TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, act ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, trusted_ca ) == 0 );
if( strcmp( profile_name, "" ) == 0 )
profile = &mbedtls_x509_crt_profile_default;
else if( strcmp( profile_name, "next" ) == 0 )
profile = &mbedtls_x509_crt_profile_next;
else if( strcmp( profile_name, "suiteb" ) == 0 )
profile = &mbedtls_x509_crt_profile_suiteb;
else if( strcmp( profile_name, "rsa3072" ) == 0 )
profile = &profile_rsa3072;
else if( strcmp( profile_name, "sha512" ) == 0 )
profile = &profile_sha512;
res = mbedtls_x509_crt_verify_with_profile( &chain, &trusted, NULL, profile,
NULL, &flags, verify_fatal, &vrfy_fatal_lvls );
TEST_ASSERT( res == ( result ) );
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
exit:
mbedtls_x509_crt_free( &trusted );
mbedtls_x509_crt_free( &chain );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
void x509_oid_desc( data_t * buf, char * ref_desc )
{
mbedtls_x509_buf oid;
const char *desc = NULL;
int ret;
oid.tag = MBEDTLS_ASN1_OID;
oid.p = buf->x;
oid.len = buf->len;
ret = mbedtls_oid_get_extended_key_usage( &oid, &desc );
if( strcmp( ref_desc, "notfound" ) == 0 )
{
TEST_ASSERT( ret != 0 );
TEST_ASSERT( desc == NULL );
}
else
{
TEST_ASSERT( ret == 0 );
TEST_ASSERT( desc != NULL );
TEST_ASSERT( strcmp( desc, ref_desc ) == 0 );
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
void x509_oid_numstr( data_t * oid_buf, char * numstr, int blen, int ret )
{
mbedtls_x509_buf oid;
char num_buf[100];
memset( num_buf, 0x2a, sizeof num_buf );
oid.tag = MBEDTLS_ASN1_OID;
oid.p = oid_buf->x;
oid.len = oid_buf->len;
TEST_ASSERT( (size_t) blen <= sizeof num_buf );
TEST_ASSERT( mbedtls_oid_get_numeric_string( num_buf, blen, &oid ) == ret );
if( ret >= 0 )
{
TEST_ASSERT( num_buf[ret] == 0 );
TEST_ASSERT( strcmp( num_buf, numstr ) == 0 );
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_KEY_USAGE */
void x509_check_key_usage( char * crt_file, int usage, int ret )
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_check_key_usage( &crt, usage ) == ret );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
void x509_check_extended_key_usage( char * crt_file, data_t * oid, int ret
)
{
mbedtls_x509_crt crt;
mbedtls_x509_crt_init( &crt );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_check_extended_key_usage( &crt, (const char *)oid->x, oid->len ) == ret );
exit:
mbedtls_x509_crt_free( &crt );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
void x509_get_time( int tag, char * time_str, int ret, int year, int mon,
int day, int hour, int min, int sec )
{
mbedtls_x509_time time;
unsigned char buf[21];
unsigned char* start = buf;
unsigned char* end = buf;
memset( &time, 0x00, sizeof( time ) );
*end = (unsigned char)tag; end++;
*end = strlen( time_str );
TEST_ASSERT( *end < 20 );
end++;
memcpy( end, time_str, (size_t)*(end - 1) );
end += *(end - 1);
TEST_ASSERT( mbedtls_x509_get_time( &start, end, &time ) == ret );
if( ret == 0 )
{
TEST_ASSERT( year == time.year );
TEST_ASSERT( mon == time.mon );
TEST_ASSERT( day == time.day );
TEST_ASSERT( hour == time.hour );
TEST_ASSERT( min == time.min );
TEST_ASSERT( sec == time.sec );
}
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT */
void x509_parse_rsassa_pss_params( data_t * hex_params, int params_tag,
int ref_msg_md, int ref_mgf_md,
int ref_salt_len, int ref_ret )
{
int my_ret;
mbedtls_x509_buf params;
mbedtls_md_type_t my_msg_md, my_mgf_md;
int my_salt_len;
params.p = hex_params->x;
params.len = hex_params->len;
params.tag = params_tag;
my_ret = mbedtls_x509_get_rsassa_pss_params( &params, &my_msg_md, &my_mgf_md,
&my_salt_len );
TEST_ASSERT( my_ret == ref_ret );
if( ref_ret == 0 )
{
TEST_ASSERT( my_msg_md == (mbedtls_md_type_t) ref_msg_md );
TEST_ASSERT( my_mgf_md == (mbedtls_md_type_t) ref_mgf_md );
TEST_ASSERT( my_salt_len == ref_salt_len );
}
exit:
;;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
void x509_selftest( )
{
TEST_ASSERT( mbedtls_x509_self_test( 1 ) == 0 );
}
/* END_CASE */

105
tests/suites/test_suite_x509write.data
View File

@ -1,105 +0,0 @@
Certificate Request check Server1 SHA1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0
Certificate Request check Server1 SHA224
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0
Certificate Request check Server1 SHA256
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0
Certificate Request check Server1 SHA384
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0
Certificate Request check Server1 SHA512
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0
Certificate Request check Server1 MD4
depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0
Certificate Request check Server1 MD5
depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0
Certificate Request check Server1 key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0
Certificate Request check Server1 key_usage empty
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0
Certificate Request check Server1 ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
Certificate Request check Server1 ns_cert_type empty
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1
Certificate Request check Server1 key_usage + ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
Certificate Request check Server5 ECDSA, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0
Certificate Request check opaque Server5 ECDSA, key_usage
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
Certificate write check Server1 SHA1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0
Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0
Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0
Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
Certificate write check Server1 SHA1, RSA_ALT
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1
Certificate write check Server1 SHA1, RSA_ALT, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1
Certificate write check Server1 SHA1, RSA_ALT, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
X509 String to Names #1
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
X509 String to Names #2
mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_UNKNOWN_OID
X509 String to Names #3 (Name precisely 255 bytes)
mbedtls_x509_string_to_names:"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345,OU=PolarSSL":"C=NL, O=123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345, OU=PolarSSL":0
X509 String to Names #4 (Name larger than 255 bytes)
mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
X509 String to Names #5 (Escape non-allowed characters)
mbedtls_x509_string_to_names:"C=NL, O=Offspark\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
X509 String to Names #6 (Escape at end)
mbedtls_x509_string_to_names:"C=NL, O=Offspark\":"":MBEDTLS_ERR_X509_INVALID_NAME

338
tests/suites/test_suite_x509write.function
View File

@ -1,338 +0,0 @@
/* BEGIN_HEADER */
#include "mbedtls/bignum.h"
#include "mbedtls/x509_crt.h"
#include "mbedtls/x509_csr.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
#include "mbedtls/rsa.h"
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#include "psa/crypto.h"
#include "mbedtls/psa_util.h"
#endif
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len )
{
return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen,
input, output, output_max_len ) );
}
int mbedtls_rsa_sign_func( void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig )
{
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode,
md_alg, hashlen, hash, sig ) );
}
size_t mbedtls_rsa_key_len_func( void *ctx )
{
return( ((const mbedtls_rsa_context *) ctx)->len );
}
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
{
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
const mbedtls_md_info_t *md_info;
mbedtls_x509_csr csr;
if( mbedtls_x509_csr_parse( &csr, buf, buflen ) != 0 )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
md_info = mbedtls_md_info_from_type( csr.sig_md );
if( mbedtls_md( md_info, csr.cri.p, csr.cri.len, hash ) != 0 )
{
/* Note: this can't happen except after an internal error */
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
}
if( mbedtls_pk_verify_ext( csr.sig_pk, csr.sig_opts, &csr.pk,
csr.sig_md, hash, mbedtls_md_get_size( md_info ),
csr.sig.p, csr.sig.len ) != 0 )
{
return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
}
return( 0 );
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_BIGNUM_C:MBEDTLS_FS_IO:MBEDTLS_PK_PARSE_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
int key_usage, int set_key_usage, int cert_type,
int set_cert_type )
{
mbedtls_pk_context key;
mbedtls_x509write_csr req;
unsigned char buf[4096];
unsigned char check_buf[4000];
int ret;
size_t olen = 0, pem_len = 0;
int der_len = -1;
FILE *f;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
rnd_pseudo_info rnd_info;
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, md_type );
mbedtls_x509write_csr_set_key( &req, &key );
TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
if( set_key_usage != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
if( set_cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf );
f = fopen( cert_req_check_file, "r" );
TEST_ASSERT( f != NULL );
olen = fread( check_buf, 1, sizeof( check_buf ), f );
fclose( f );
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
der_len = mbedtls_x509write_csr_der( &req, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( der_len >= 0 );
if( der_len == 0 )
goto exit;
ret = mbedtls_x509write_csr_der( &req, buf, (size_t)( der_len - 1 ),
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
exit:
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
void x509_csr_check_opaque( char *key_file, int md_type, int key_usage,
int cert_type )
{
mbedtls_pk_context key;
psa_key_handle_t slot;
psa_algorithm_t md_alg_psa;
mbedtls_x509write_csr req;
unsigned char buf[4096];
int ret;
size_t pem_len = 0;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
rnd_pseudo_info rnd_info;
psa_crypto_init();
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
md_alg_psa = mbedtls_psa_translate_md( (mbedtls_md_type_t) md_type );
TEST_ASSERT( md_alg_psa != MBEDTLS_MD_NONE );
mbedtls_pk_init( &key );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &key, key_file, NULL ) == 0 );
TEST_ASSERT( mbedtls_pk_wrap_as_opaque( &key, &slot, md_alg_psa ) == 0 );
mbedtls_x509write_csr_init( &req );
mbedtls_x509write_csr_set_md_alg( &req, md_type );
mbedtls_x509write_csr_set_key( &req, &key );
TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
if( key_usage != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
if( cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ) - 1,
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf );
buf[pem_len] = '\0';
TEST_ASSERT( x509_crt_verifycsr( buf, pem_len + 1 ) == 0 );
exit:
mbedtls_x509write_csr_free( &req );
mbedtls_pk_free( &key );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CRT_WRITE_C:MBEDTLS_SHA1_C */
void x509_crt_check( char *subject_key_file, char *subject_pwd,
char *subject_name, char *issuer_key_file,
char *issuer_pwd, char *issuer_name,
char *serial_str, char *not_before, char *not_after,
int md_type, int key_usage, int set_key_usage,
int cert_type, int set_cert_type, int auth_ident,
int ver, char *cert_check_file, int rsa_alt )
{
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
mbedtls_pk_context *key = &issuer_key;
mbedtls_x509write_cert crt;
unsigned char buf[4096];
unsigned char check_buf[5000];
mbedtls_mpi serial;
int ret;
size_t olen = 0, pem_len = 0;
int der_len = -1;
FILE *f;
rnd_pseudo_info rnd_info;
memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) );
mbedtls_mpi_init( &serial );
mbedtls_pk_init( &subject_key );
mbedtls_pk_init( &issuer_key );
mbedtls_pk_init( &issuer_key_alt );
mbedtls_x509write_crt_init( &crt );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file,
subject_pwd ) == 0 );
TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file,
issuer_pwd ) == 0 );
#if defined(MBEDTLS_RSA_C)
/* For RSA PK contexts, create a copy as an alternative RSA context. */
if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA )
{
TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt,
mbedtls_pk_rsa( issuer_key ),
mbedtls_rsa_decrypt_func,
mbedtls_rsa_sign_func,
mbedtls_rsa_key_len_func ) == 0 );
key = &issuer_key_alt;
}
#else
(void) rsa_alt;
#endif
TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 );
if( ver != -1 )
mbedtls_x509write_crt_set_version( &crt, ver );
TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 );
TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before,
not_after ) == 0 );
mbedtls_x509write_crt_set_md_alg( &crt, md_type );
TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 );
TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 );
mbedtls_x509write_crt_set_subject_key( &crt, &subject_key );
mbedtls_x509write_crt_set_issuer_key( &crt, key );
if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 )
{
TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 );
TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
if( auth_ident )
TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
if( set_key_usage != 0 )
TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
if( set_cert_type != 0 )
TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
}
ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == 0 );
pem_len = strlen( (char *) buf );
f = fopen( cert_check_file, "r" );
TEST_ASSERT( f != NULL );
olen = fread( check_buf, 1, sizeof( check_buf ), f );
fclose( f );
TEST_ASSERT( olen < sizeof( check_buf ) );
TEST_ASSERT( olen >= pem_len - 1 );
TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ),
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( der_len >= 0 );
if( der_len == 0 )
goto exit;
ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ),
rnd_pseudo_rand, &rnd_info );
TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
exit:
mbedtls_x509write_crt_free( &crt );
mbedtls_pk_free( &issuer_key_alt );
mbedtls_pk_free( &subject_key );
mbedtls_pk_free( &issuer_key );
mbedtls_mpi_free( &serial );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
void mbedtls_x509_string_to_names( char * name, char * parsed_name, int result
)
{
int ret;
size_t len = 0;
mbedtls_asn1_named_data *names = NULL;
mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
unsigned char buf[1024], out[1024], *c;
memset( &parsed, 0, sizeof( parsed ) );
memset( out, 0, sizeof( out ) );
memset( buf, 0, sizeof( buf ) );
c = buf + sizeof( buf );
ret = mbedtls_x509_string_to_names( &names, name );
TEST_ASSERT( ret == result );
if( ret != 0 )
goto exit;
ret = mbedtls_x509_write_names( &c, buf, names );
TEST_ASSERT( ret > 0 );
TEST_ASSERT( mbedtls_asn1_get_tag( &c, buf + sizeof( buf ), &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) == 0 );
TEST_ASSERT( mbedtls_x509_get_name( &c, buf + sizeof( buf ), &parsed ) == 0 );
ret = mbedtls_x509_dn_gets( (char *) out, sizeof( out ), &parsed );
TEST_ASSERT( ret > 0 );
TEST_ASSERT( strcmp( (char *) out, parsed_name ) == 0 );
exit:
mbedtls_asn1_free_named_data_list( &names );
parsed_cur = parsed.next;
while( parsed_cur != 0 )
{
parsed_prv = parsed_cur;
parsed_cur = parsed_cur->next;
mbedtls_free( parsed_prv );
}
}
/* END_CASE */

2
visualc/VS2010/query_compile_time_config.vcxproj
View File

@ -20,7 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\test\query_compile_time_config.c" />
<ClCompile Include="..\..\programs\ssl\query_config.c" />
<ClCompile Include="..\..\programs\test\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">

2
visualc/VS2010/ssl_client2.vcxproj
View File

@ -20,7 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\ssl\ssl_client2.c" />
<ClCompile Include="..\..\programs\ssl\query_config.c" />
<ClCompile Include="..\..\programs\test\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">

2
visualc/VS2010/ssl_server2.vcxproj
View File

@ -20,7 +20,7 @@
</ItemGroup>
<ItemGroup>
<ClCompile Include="..\..\programs\ssl\ssl_server2.c" />
<ClCompile Include="..\..\programs\ssl\query_config.c" />
<ClCompile Include="..\..\programs\test\query_config.c" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="mbedTLS.vcxproj">