Merge pull request #5051 from gilles-peskine-arm/psa-add-aria-2.x
Backport 2.x: Add ARIA to the PSA API
diff --git a/ChangeLog.d/base64-ranges.txt b/ChangeLog.d/base64-ranges.txt
new file mode 100644
index 0000000..e3f3862
--- /dev/null
+++ b/ChangeLog.d/base64-ranges.txt
@@ -0,0 +1,4 @@
+Changes
+ * Improve the performance of base64 constant-flow code. The result is still
+ slower than the original non-constant-flow implementation, but much faster
+ than the previous constant-flow implementation. Fixes #4814.
diff --git a/ChangeLog.d/check-return.txt b/ChangeLog.d/check-return.txt
new file mode 100644
index 0000000..045b180
--- /dev/null
+++ b/ChangeLog.d/check-return.txt
@@ -0,0 +1,17 @@
+Bugfix
+ * Failures of alternative implementations of AES or DES single-block
+ functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
+ MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
+ This does not concern the implementation provided with Mbed TLS,
+ where this function cannot fail, or full-module replacements with
+ MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
+
+Features
+ * Warn if errors from certain functions are ignored. This is currently
+ supported on GCC-like compilers and on MSVC and can be configured through
+ the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled
+ (where supported) for critical functions where ignoring the return
+ value is almost always a bug. Enable the new configuration option
+ MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
+ is currently implemented in the AES and DES modules, and will be extended
+ to other modules in the future.
diff --git a/ChangeLog.d/fix-psa_gen_key-status.txt b/ChangeLog.d/fix-psa_gen_key-status.txt
new file mode 100644
index 0000000..7860988
--- /dev/null
+++ b/ChangeLog.d/fix-psa_gen_key-status.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix the error returned by psa_generate_key() for a public key. Fixes #4551.
diff --git a/ChangeLog.d/no-strerror.txt b/ChangeLog.d/no-strerror.txt
new file mode 100644
index 0000000..69743a8
--- /dev/null
+++ b/ChangeLog.d/no-strerror.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor
+ MBEDTLS_ERROR_STRERROR_DUMMY is enabled.
diff --git a/ChangeLog.d/remove-greentea-support.txt b/ChangeLog.d/remove-greentea-support.txt
new file mode 100644
index 0000000..af4df4b
--- /dev/null
+++ b/ChangeLog.d/remove-greentea-support.txt
@@ -0,0 +1,3 @@
+Removals
+ * Remove the partial support for running unit tests via Greentea on Mbed OS,
+ which had been unmaintained since 2018.
diff --git a/docs/.gitignore b/docs/.gitignore
index 33ae5ac..23f832b 100644
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -1,3 +1,2 @@
*.html
*.pdf
-!PSACryptoDriverModelSpec.pdf
diff --git a/docs/PSACryptoDriverModelSpec.pdf b/docs/PSACryptoDriverModelSpec.pdf
deleted file mode 100644
index cf11380..0000000
--- a/docs/PSACryptoDriverModelSpec.pdf
+++ /dev/null
Binary files differ
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index ab8793c..94ee58a 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -45,6 +45,7 @@
#else
#include MBEDTLS_CONFIG_FILE
#endif
+#include "mbedtls/platform_util.h"
#include <stddef.h>
#include <stdint.h>
@@ -174,6 +175,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
@@ -192,6 +194,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
@@ -212,6 +215,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits );
@@ -232,6 +236,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits );
@@ -260,6 +265,7 @@
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
@@ -307,6 +313,7 @@
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
* on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
int mode,
size_t length,
@@ -351,6 +358,7 @@
* smaller than an AES block in size (16 Bytes) or if \p
* length is larger than 2^20 blocks (16 MiB).
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
int mode,
size_t length,
@@ -399,6 +407,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
int mode,
size_t length,
@@ -443,6 +452,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
int mode,
size_t length,
@@ -497,6 +507,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
size_t length,
size_t *iv_off,
@@ -583,6 +594,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
size_t length,
size_t *nc_off,
@@ -603,6 +615,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
@@ -618,6 +631,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
@@ -667,6 +681,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_aes_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 2730967..87b4e91 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -617,6 +617,29 @@
//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
/**
+ * \def MBEDTLS_CHECK_RETURN_WARNING
+ *
+ * If this macro is defined, emit a compile-time warning if application code
+ * calls a function without checking its return value, but the return value
+ * should generally be checked in portable applications.
+ *
+ * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
+ * implemented. Otherwise this option has no effect.
+ *
+ * Uncomment to get warnings on using fallible functions without checking
+ * their return value.
+ *
+ * \note This feature is a work in progress.
+ * Warnings will be added to more functions in the future.
+ *
+ * \note A few functions are considered critical, and ignoring the return
+ * value of these functions will trigger a warning even if this
+ * macro is not defined. To completely disable return value check
+ * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
+ */
+//#define MBEDTLS_CHECK_RETURN_WARNING
+
+/**
* \def MBEDTLS_CIPHER_MODE_CBC
*
* Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
@@ -3689,6 +3712,29 @@
*/
//#define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
+/** \def MBEDTLS_CHECK_RETURN
+ *
+ * This macro is used at the beginning of the declaration of a function
+ * to indicate that its return value should be checked. It should
+ * instruct the compiler to emit a warning or an error if the function
+ * is called without checking its return value.
+ *
+ * There is a default implementation for popular compilers in platform_util.h.
+ * You can override the default implementation by defining your own here.
+ *
+ * If the implementation here is empty, this will effectively disable the
+ * checking of functions' return values.
+ */
+//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
+
+/** \def MBEDTLS_IGNORE_RETURN
+ *
+ * This macro requires one argument, which should be a C function call.
+ * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
+ * warning is suppressed.
+ */
+//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
+
/* PSA options */
/**
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 6bfe654..325aab5 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -32,6 +32,7 @@
#else
#include MBEDTLS_CONFIG_FILE
#endif
+#include "mbedtls/platform_util.h"
#include <stddef.h>
#include <stdint.h>
@@ -146,6 +147,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
/**
@@ -159,6 +161,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
/**
@@ -173,6 +176,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
/**
@@ -187,6 +191,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
/**
@@ -197,6 +202,7 @@
*
* \return 0
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
@@ -208,6 +214,7 @@
*
* \return 0
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
@@ -219,6 +226,7 @@
*
* \return 0
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
@@ -230,6 +238,7 @@
*
* \return 0
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
@@ -246,6 +255,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
const unsigned char input[8],
unsigned char output[8] );
@@ -273,6 +283,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
int mode,
size_t length,
@@ -290,6 +301,7 @@
*
* \return 0 if successful
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
const unsigned char input[8],
unsigned char output[8] );
@@ -315,6 +327,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
int mode,
size_t length,
@@ -345,6 +358,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_des_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index fbc2a0d..f982db8 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -132,6 +132,95 @@
#endif /* MBEDTLS_DEPRECATED_WARNING */
#endif /* MBEDTLS_DEPRECATED_REMOVED */
+/* Implementation of the check-return facility.
+ * See the user documentation in config.h.
+ *
+ * Do not use this macro directly to annotate function: instead,
+ * use one of MBEDTLS_CHECK_RETURN_CRITICAL or MBEDTLS_CHECK_RETURN_TYPICAL
+ * depending on how important it is to check the return value.
+ */
+#if !defined(MBEDTLS_CHECK_RETURN)
+#if defined(__GNUC__)
+#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
+#elif defined(_MSC_VER) && _MSC_VER >= 1700
+#include <sal.h>
+#define MBEDTLS_CHECK_RETURN _Check_return_
+#else
+#define MBEDTLS_CHECK_RETURN
+#endif
+#endif
+
+/** Critical-failure function
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that its return value should be checked in all applications.
+ * Omitting the check is very likely to indicate a bug in the application
+ * and will result in a compile-time warning if #MBEDTLS_CHECK_RETURN
+ * is implemented for the compiler in use.
+ *
+ * \note The use of this macro is a work in progress.
+ * This macro may be added to more functions in the future.
+ * Such an extension is not considered an API break, provided that
+ * there are near-unavoidable circumstances under which the function
+ * can fail. For example, signature/MAC/AEAD verification functions,
+ * and functions that require a random generator, are considered
+ * return-check-critical.
+ */
+#define MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN
+
+/** Ordinary-failure function
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that its return value should be generally be checked in portable
+ * applications. Omitting the check will result in a compile-time warning if
+ * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
+ * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
+ *
+ * You can use #MBEDTLS_IGNORE_RETURN to explicitly ignore the return value
+ * of a function that is annotated with #MBEDTLS_CHECK_RETURN.
+ *
+ * \note The use of this macro is a work in progress.
+ * This macro will be added to more functions in the future.
+ * Eventually this should appear before most functions returning
+ * an error code (as \c int in the \c mbedtls_xxx API or
+ * as ::psa_status_t in the \c psa_xxx API).
+ */
+#if defined(MBEDTLS_CHECK_RETURN_WARNING)
+#define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
+#else
+#define MBEDTLS_CHECK_RETURN_TYPICAL
+#endif
+
+/** Benign-failure function
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that it is rarely useful to check its return value.
+ *
+ * This macro has an empty expansion. It exists for documentation purposes:
+ * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
+ * has been analyzed for return-check usefuless, whereas the lack of
+ * an annotation indicates that the function has not been analyzed and its
+ * return-check usefulness is unknown.
+ */
+#define MBEDTLS_CHECK_RETURN_OPTIONAL
+
+/** \def MBEDTLS_IGNORE_RETURN
+ *
+ * Call this macro with one argument, a function call, to suppress a warning
+ * from #MBEDTLS_CHECK_RETURN due to that function call.
+ */
+#if !defined(MBEDTLS_IGNORE_RETURN)
+/* GCC doesn't silence the warning with just (void)(result).
+ * (void)!(result) is known to work up at least up to GCC 10, as well
+ * as with Clang and MSVC.
+ *
+ * https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html
+ * https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
+ */
+#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) )
+#endif
+
/**
* \brief Securely zeroize a buffer
*
diff --git a/library/aes.c b/library/aes.c
index 544b583..31824e7 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -903,7 +903,7 @@
const unsigned char input[16],
unsigned char output[16] )
{
- mbedtls_internal_aes_encrypt( ctx, input, output );
+ MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_encrypt( ctx, input, output ) );
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -976,7 +976,7 @@
const unsigned char input[16],
unsigned char output[16] )
{
- mbedtls_internal_aes_decrypt( ctx, input, output );
+ MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_decrypt( ctx, input, output ) );
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
@@ -1029,6 +1029,7 @@
unsigned char *output )
{
int i;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[16];
AES_VALIDATE_RET( ctx != NULL );
@@ -1058,7 +1059,9 @@
while( length > 0 )
{
memcpy( temp, input, 16 );
- mbedtls_aes_crypt_ecb( ctx, mode, input, output );
+ ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
+ if( ret != 0 )
+ goto exit;
for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( output[i] ^ iv[i] );
@@ -1077,7 +1080,9 @@
for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( input[i] ^ iv[i] );
- mbedtls_aes_crypt_ecb( ctx, mode, output, output );
+ ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
+ if( ret != 0 )
+ goto exit;
memcpy( iv, output, 16 );
input += 16;
@@ -1085,8 +1090,10 @@
length -= 16;
}
}
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -1240,6 +1247,7 @@
unsigned char *output )
{
int c;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
AES_VALIDATE_RET( ctx != NULL );
@@ -1260,7 +1268,11 @@
while( length-- )
{
if( n == 0 )
- mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ {
+ ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ if( ret != 0 )
+ goto exit;
+ }
c = *input++;
*output++ = (unsigned char)( c ^ iv[n] );
@@ -1274,7 +1286,11 @@
while( length-- )
{
if( n == 0 )
- mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ {
+ ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ if( ret != 0 )
+ goto exit;
+ }
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
@@ -1283,8 +1299,10 @@
}
*iv_off = n;
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
/*
@@ -1297,6 +1315,7 @@
const unsigned char *input,
unsigned char *output )
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char c;
unsigned char ov[17];
@@ -1309,7 +1328,9 @@
while( length-- )
{
memcpy( ov, iv, 16 );
- mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ if( ret != 0 )
+ goto exit;
if( mode == MBEDTLS_AES_DECRYPT )
ov[16] = *input;
@@ -1321,8 +1342,10 @@
memcpy( iv, ov + 1, 16 );
}
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@@ -1384,6 +1407,7 @@
unsigned char *output )
{
int c, i;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
AES_VALIDATE_RET( ctx != NULL );
@@ -1401,7 +1425,9 @@
while( length-- )
{
if( n == 0 ) {
- mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
+ ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
+ if( ret != 0 )
+ goto exit;
for( i = 16; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
@@ -1414,8 +1440,10 @@
}
*nc_off = n;
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
diff --git a/library/base64.c b/library/base64.c
index 9cf5dd4..a516c1d 100644
--- a/library/base64.c
+++ b/library/base64.c
@@ -22,6 +22,7 @@
#if defined(MBEDTLS_BASE64_C)
#include "mbedtls/base64.h"
+#include "base64_invasive.h"
#include <stdint.h>
@@ -35,127 +36,41 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST */
-static const unsigned char base64_enc_map[64] =
-{
- 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J',
- 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T',
- 'U', 'V', 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd',
- 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
- 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x',
- 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7',
- '8', '9', '+', '/'
-};
-
-static const unsigned char base64_dec_map[128] =
-{
- 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
- 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
- 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
- 127, 127, 127, 127, 127, 127, 127, 127, 127, 127,
- 127, 127, 127, 62, 127, 127, 127, 63, 52, 53,
- 54, 55, 56, 57, 58, 59, 60, 61, 127, 127,
- 127, 64, 127, 127, 127, 0, 1, 2, 3, 4,
- 5, 6, 7, 8, 9, 10, 11, 12, 13, 14,
- 15, 16, 17, 18, 19, 20, 21, 22, 23, 24,
- 25, 127, 127, 127, 127, 127, 127, 26, 27, 28,
- 29, 30, 31, 32, 33, 34, 35, 36, 37, 38,
- 39, 40, 41, 42, 43, 44, 45, 46, 47, 48,
- 49, 50, 51, 127, 127, 127, 127, 127
-};
-
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
-/*
- * Constant flow conditional assignment to unsigned char
+/* Return 0xff if low <= c <= high, 0 otherwise.
+ *
+ * Constant flow with respect to c.
*/
-static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src,
- unsigned char condition )
+MBEDTLS_STATIC_TESTABLE
+unsigned char mbedtls_base64_mask_of_range( unsigned char low,
+ unsigned char high,
+ unsigned char c )
{
- /* MSVC has a warning about unary minus on unsigned integer types,
- * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
- /* Generate bitmask from condition, mask will either be 0xFF or 0 */
- unsigned char mask = ( condition | -condition );
- mask >>= 7;
- mask = -mask;
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
- *dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
+ /* low_mask is: 0 if low <= c, 0x...ff if low > c */
+ unsigned low_mask = ( (unsigned) c - low ) >> 8;
+ /* high_mask is: 0 if c <= high, 0x...ff if c > high */
+ unsigned high_mask = ( (unsigned) high - c ) >> 8;
+ return( ~( low_mask | high_mask ) & 0xff );
}
-/*
- * Constant flow conditional assignment to uint_32
+/* Given a value in the range 0..63, return the corresponding Base64 digit.
+ * The implementation assumes that letters are consecutive (e.g. ASCII
+ * but not EBCDIC).
*/
-static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
- uint32_t condition )
+MBEDTLS_STATIC_TESTABLE
+unsigned char mbedtls_base64_enc_char( unsigned char val )
{
- /* MSVC has a warning about unary minus on unsigned integer types,
- * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
- /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
- uint32_t mask = ( condition | -condition );
- mask >>= 31;
- mask = -mask;
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
- *dest = ( src & mask ) | ( ( *dest ) & ~mask );
-}
-
-/*
- * Constant flow check for equality
- */
-static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
-{
- size_t difference = in_a ^ in_b;
-
- /* MSVC has a warning about unary minus on unsigned integer types,
- * but this is well-defined and precisely what we want to do here. */
-#if defined(_MSC_VER)
-#pragma warning( push )
-#pragma warning( disable : 4146 )
-#endif
-
- difference |= -difference;
-
-#if defined(_MSC_VER)
-#pragma warning( pop )
-#endif
-
- /* cope with the varying size of size_t per platform */
- difference >>= ( sizeof( difference ) * 8 - 1 );
-
- return (unsigned char) ( 1 ^ difference );
-}
-
-/*
- * Constant flow lookup into table.
- */
-static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table,
- const size_t table_size, const size_t table_index )
-{
- size_t i;
- unsigned char result = 0;
-
- for( i = 0; i < table_size; ++i )
- {
- mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) );
- }
-
- return result;
+ unsigned char digit = 0;
+ /* For each range of values, if val is in that range, mask digit with
+ * the corresponding value. Since val can only be in a single range,
+ * only at most one masking will change digit. */
+ digit |= mbedtls_base64_mask_of_range( 0, 25, val ) & ( 'A' + val );
+ digit |= mbedtls_base64_mask_of_range( 26, 51, val ) & ( 'a' + val - 26 );
+ digit |= mbedtls_base64_mask_of_range( 52, 61, val ) & ( '0' + val - 52 );
+ digit |= mbedtls_base64_mask_of_range( 62, 62, val ) & '+';
+ digit |= mbedtls_base64_mask_of_range( 63, 63, val ) & '/';
+ return( digit );
}
/*
@@ -198,17 +113,12 @@
C2 = *src++;
C3 = *src++;
- *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
- ( ( C1 >> 2 ) & 0x3F ) );
-
- *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
- ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
-
- *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
- ( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) );
-
- *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
- ( C3 & 0x3F ) );
+ *p++ = mbedtls_base64_enc_char( ( C1 >> 2 ) & 0x3F );
+ *p++ = mbedtls_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) )
+ & 0x3F );
+ *p++ = mbedtls_base64_enc_char( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) )
+ & 0x3F );
+ *p++ = mbedtls_base64_enc_char( C3 & 0x3F );
}
if( i < slen )
@@ -216,15 +126,12 @@
C1 = *src++;
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
- *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
- ( ( C1 >> 2 ) & 0x3F ) );
-
- *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
- ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
+ *p++ = mbedtls_base64_enc_char( ( C1 >> 2 ) & 0x3F );
+ *p++ = mbedtls_base64_enc_char( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) )
+ & 0x3F );
if( ( i + 1 ) < slen )
- *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
- ( ( ( C2 & 15 ) << 2 ) & 0x3F ) );
+ *p++ = mbedtls_base64_enc_char( ( ( C2 & 15 ) << 2 ) & 0x3F );
else *p++ = '=';
*p++ = '=';
@@ -236,26 +143,58 @@
return( 0 );
}
+/* Given a Base64 digit, return its value.
+ * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
+ * return -1.
+ *
+ * The implementation assumes that letters are consecutive (e.g. ASCII
+ * but not EBCDIC).
+ *
+ * The implementation is constant-flow (no branch or memory access depending
+ * on the value of c) unless the compiler inlines and optimizes a specific
+ * access.
+ */
+MBEDTLS_STATIC_TESTABLE
+signed char mbedtls_base64_dec_value( unsigned char c )
+{
+ unsigned char val = 0;
+ /* For each range of digits, if c is in that range, mask val with
+ * the corresponding value. Since c can only be in a single range,
+ * only at most one masking will change val. Set val to one plus
+ * the desired value so that it stays 0 if c is in none of the ranges. */
+ val |= mbedtls_base64_mask_of_range( 'A', 'Z', c ) & ( c - 'A' + 0 + 1 );
+ val |= mbedtls_base64_mask_of_range( 'a', 'z', c ) & ( c - 'a' + 26 + 1 );
+ val |= mbedtls_base64_mask_of_range( '0', '9', c ) & ( c - '0' + 52 + 1 );
+ val |= mbedtls_base64_mask_of_range( '+', '+', c ) & ( c - '+' + 62 + 1 );
+ val |= mbedtls_base64_mask_of_range( '/', '/', c ) & ( c - '/' + 63 + 1 );
+ /* At this point, val is 0 if c is an invalid digit and v+1 if c is
+ * a digit with the value v. */
+ return( val - 1 );
+}
+
/*
* Decode a base64-formatted buffer
*/
int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
const unsigned char *src, size_t slen )
{
- size_t i, n;
- uint32_t j, x;
+ size_t i; /* index in source */
+ size_t n; /* number of digits or trailing = in source */
+ uint32_t x; /* value accumulator */
+ unsigned accumulated_digits = 0;
+ unsigned equals = 0;
+ int spaces_present = 0;
unsigned char *p;
- unsigned char dec_map_lookup;
/* First pass: check for validity and get output length */
- for( i = n = j = 0; i < slen; i++ )
+ for( i = n = 0; i < slen; i++ )
{
/* Skip spaces before checking for EOL */
- x = 0;
+ spaces_present = 0;
while( i < slen && src[i] == ' ' )
{
++i;
- ++x;
+ spaces_present = 1;
}
/* Spaces at end of buffer are OK */
@@ -270,20 +209,24 @@
continue;
/* Space inside a line is an error */
- if( x != 0 )
+ if( spaces_present )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
- if( src[i] == '=' && ++j > 2 )
+ if( src[i] > 127 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
- dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
-
- if( src[i] > 127 || dec_map_lookup == 127 )
- return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
- if( dec_map_lookup < 64 && j != 0 )
- return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
-
+ if( src[i] == '=' )
+ {
+ if( ++equals > 2 )
+ return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+ }
+ else
+ {
+ if( equals != 0 )
+ return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+ if( mbedtls_base64_dec_value( src[i] ) < 0 )
+ return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
+ }
n++;
}
@@ -298,7 +241,7 @@
* n = ( ( n * 6 ) + 7 ) >> 3;
*/
n = ( 6 * ( n >> 3 ) ) + ( ( 6 * ( n & 0x7 ) + 7 ) >> 3 );
- n -= j;
+ n -= equals;
if( dst == NULL || dlen < n )
{
@@ -306,22 +249,24 @@
return( MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL );
}
- for( j = 3, n = x = 0, p = dst; i > 0; i--, src++ )
- {
+ equals = 0;
+ for( x = 0, p = dst; i > 0; i--, src++ )
+ {
if( *src == '\r' || *src == '\n' || *src == ' ' )
continue;
- dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
+ x = x << 6;
+ if( *src == '=' )
+ ++equals;
+ else
+ x |= mbedtls_base64_dec_value( *src );
- mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) );
- x = ( x << 6 ) | ( dec_map_lookup & 0x3F );
-
- if( ++n == 4 )
+ if( ++accumulated_digits == 4 )
{
- n = 0;
- if( j > 0 ) *p++ = MBEDTLS_BYTE_2( x );
- if( j > 1 ) *p++ = MBEDTLS_BYTE_1( x );
- if( j > 2 ) *p++ = MBEDTLS_BYTE_0( x );
+ accumulated_digits = 0;
+ *p++ = MBEDTLS_BYTE_2( x );
+ if( equals <= 1 ) *p++ = MBEDTLS_BYTE_1( x );
+ if( equals <= 0 ) *p++ = MBEDTLS_BYTE_0( x );
}
}
diff --git a/library/base64_invasive.h b/library/base64_invasive.h
new file mode 100644
index 0000000..9e26471
--- /dev/null
+++ b/library/base64_invasive.h
@@ -0,0 +1,55 @@
+/**
+ * \file base_invasive.h
+ *
+ * \brief Base64 module: interfaces for invasive testing only.
+ *
+ * The interfaces in this file are intended for testing purposes only.
+ * They SHOULD NOT be made available in library integrations except when
+ * building the library for testing.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#ifndef MBEDTLS_BASE64_INVASIVE_H
+#define MBEDTLS_BASE64_INVASIVE_H
+
+#include "common.h"
+
+#if defined(MBEDTLS_TEST_HOOKS)
+/* Return 0xff if low <= c <= high, 0 otherwise.
+ *
+ * Constant flow with respect to c.
+ */
+unsigned char mbedtls_base64_mask_of_range( unsigned char low,
+ unsigned char high,
+ unsigned char c );
+
+/* Given a value in the range 0..63, return the corresponding Base64 digit.
+ *
+ * Operates in constant time (no branches or memory access depending on val).
+ */
+unsigned char mbedtls_base64_enc_char( unsigned char val );
+
+/* Given a Base64 digit, return its value.
+ * If c is not a Base64 digit ('A'..'Z', 'a'..'z', '0'..'9', '+' or '/'),
+ * return -1.
+ *
+ * Operates in constant time (no branches or memory access depending on c).
+ */
+signed char mbedtls_base64_dec_value( unsigned char c );
+#endif /* MBEDTLS_TEST_HOOKS */
+
+#endif /* MBEDTLS_SSL_INVASIVE_H */
diff --git a/library/des.c b/library/des.c
index 7f90faa..91d22b5 100644
--- a/library/des.c
+++ b/library/des.c
@@ -28,6 +28,7 @@
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
+#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@@ -642,6 +643,7 @@
unsigned char *output )
{
int i;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
if( length % 8 )
@@ -654,7 +656,9 @@
for( i = 0; i < 8; i++ )
output[i] = (unsigned char)( input[i] ^ iv[i] );
- mbedtls_des_crypt_ecb( ctx, output, output );
+ ret = mbedtls_des_crypt_ecb( ctx, output, output );
+ if( ret != 0 )
+ goto exit;
memcpy( iv, output, 8 );
input += 8;
@@ -667,7 +671,9 @@
while( length > 0 )
{
memcpy( temp, input, 8 );
- mbedtls_des_crypt_ecb( ctx, input, output );
+ ret = mbedtls_des_crypt_ecb( ctx, input, output );
+ if( ret != 0 )
+ goto exit;
for( i = 0; i < 8; i++ )
output[i] = (unsigned char)( output[i] ^ iv[i] );
@@ -679,8 +685,10 @@
length -= 8;
}
}
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -741,6 +749,7 @@
unsigned char *output )
{
int i;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
if( length % 8 )
@@ -753,7 +762,9 @@
for( i = 0; i < 8; i++ )
output[i] = (unsigned char)( input[i] ^ iv[i] );
- mbedtls_des3_crypt_ecb( ctx, output, output );
+ ret = mbedtls_des3_crypt_ecb( ctx, output, output );
+ if( ret != 0 )
+ goto exit;
memcpy( iv, output, 8 );
input += 8;
@@ -766,7 +777,9 @@
while( length > 0 )
{
memcpy( temp, input, 8 );
- mbedtls_des3_crypt_ecb( ctx, input, output );
+ ret = mbedtls_des3_crypt_ecb( ctx, input, output );
+ if( ret != 0 )
+ goto exit;
for( i = 0; i < 8; i++ )
output[i] = (unsigned char)( output[i] ^ iv[i] );
@@ -778,8 +791,10 @@
length -= 8;
}
}
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -872,39 +887,43 @@
switch( i )
{
case 0:
- mbedtls_des_setkey_dec( &ctx, des3_test_keys );
+ ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
break;
case 1:
- mbedtls_des_setkey_enc( &ctx, des3_test_keys );
+ ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
break;
case 2:
- mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
break;
case 3:
- mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
break;
case 4:
- mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
break;
case 5:
- mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
break;
default:
return( 1 );
}
+ if( ret != 0 )
+ goto exit;
for( j = 0; j < 100; j++ )
{
if( u == 0 )
- mbedtls_des_crypt_ecb( &ctx, buf, buf );
+ ret = mbedtls_des_crypt_ecb( &ctx, buf, buf );
else
- mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
+ ret = mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
+ if( ret != 0 )
+ goto exit;
}
if( ( v == MBEDTLS_DES_DECRYPT &&
@@ -947,41 +966,45 @@
switch( i )
{
case 0:
- mbedtls_des_setkey_dec( &ctx, des3_test_keys );
+ ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
break;
case 1:
- mbedtls_des_setkey_enc( &ctx, des3_test_keys );
+ ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
break;
case 2:
- mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
break;
case 3:
- mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
break;
case 4:
- mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
break;
case 5:
- mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
break;
default:
return( 1 );
}
+ if( ret != 0 )
+ goto exit;
if( v == MBEDTLS_DES_DECRYPT )
{
for( j = 0; j < 100; j++ )
{
if( u == 0 )
- mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+ ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
else
- mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+ ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+ if( ret != 0 )
+ goto exit;
}
}
else
@@ -991,9 +1014,11 @@
unsigned char tmp[8];
if( u == 0 )
- mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+ ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
else
- mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+ ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+ if( ret != 0 )
+ goto exit;
memcpy( tmp, prv, 8 );
memcpy( prv, buf, 8 );
@@ -1027,6 +1052,8 @@
mbedtls_des_free( &ctx );
mbedtls_des3_free( &ctx3 );
+ if( ret != 0 )
+ ret = 1;
return( ret );
}
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 283d65e..4ece799 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5236,6 +5236,10 @@
if( psa_get_key_bits( attributes ) == 0 )
return( PSA_ERROR_INVALID_ARGUMENT );
+ /* Reject any attempt to create a public key. */
+ if( PSA_KEY_TYPE_IS_PUBLIC_KEY(attributes->core.type) )
+ return( PSA_ERROR_INVALID_ARGUMENT );
+
status = psa_start_key_creation( PSA_KEY_CREATION_GENERATE, attributes,
&slot, &driver );
if( status != PSA_SUCCESS )
diff --git a/library/version_features.c b/library/version_features.c
index f665a23..40c9520 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -267,6 +267,9 @@
#if defined(MBEDTLS_CAMELLIA_SMALL_MEMORY)
"MBEDTLS_CAMELLIA_SMALL_MEMORY",
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
+#if defined(MBEDTLS_CHECK_RETURN_WARNING)
+ "MBEDTLS_CHECK_RETURN_WARNING",
+#endif /* MBEDTLS_CHECK_RETURN_WARNING */
#if defined(MBEDTLS_CIPHER_MODE_CBC)
"MBEDTLS_CIPHER_MODE_CBC",
#endif /* MBEDTLS_CIPHER_MODE_CBC */
diff --git a/programs/.gitignore b/programs/.gitignore
index 9816c34..5d3c5bd 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -53,6 +53,7 @@
ssl/ssl_server2
test/benchmark
test/cpp_dummy_build
+test/cpp_dummy_build.cpp
test/ecp-bench
test/query_compile_time_config
test/selftest
@@ -65,6 +66,7 @@
x509/cert_req
x509/cert_write
x509/crl_app
+x509/load_roots
x509/req_app
# generated files
diff --git a/programs/Makefile b/programs/Makefile
index 8cd27ea..550887a 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -106,6 +106,7 @@
x509/cert_req$(EXEXT) \
x509/cert_write$(EXEXT) \
x509/crl_app$(EXEXT) \
+ x509/load_roots$(EXEXT) \
x509/req_app$(EXEXT) \
# End of APPS
@@ -309,6 +310,10 @@
echo " CC test/benchmark.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) test/benchmark.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+test/cpp_dummy_build.cpp: test/generate_cpp_dummy_build.sh
+ echo " Gen test/cpp_dummy_build.cpp"
+ test/generate_cpp_dummy_build.sh
+
test/cpp_dummy_build$(EXEXT): test/cpp_dummy_build.cpp $(DEP)
echo " CXX test/cpp_dummy_build.cpp"
$(CXX) $(LOCAL_CXXFLAGS) $(CXXFLAGS) test/cpp_dummy_build.cpp $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -357,6 +362,10 @@
echo " CC x509/cert_req.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/cert_req.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+x509/load_roots$(EXEXT): x509/load_roots.c $(DEP)
+ echo " CC x509/load_roots.c"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/load_roots.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+
x509/req_app$(EXEXT): x509/req_app.c $(DEP)
echo " CC x509/req_app.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) x509/req_app.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -369,10 +378,11 @@
ifndef WINDOWS
rm -f $(APPS)
-rm -f ssl/ssl_pthread_server$(EXEXT)
- -rm -f test/cpp_dummy_build$(EXEXT)
+ -rm -f test/cpp_dummy_build.cpp test/cpp_dummy_build$(EXEXT)
else
if exist *.o del /Q /F *.o
if exist *.exe del /Q /F *.exe
+ if exist test\cpp_dummy_build.cpp del /Q /F test\cpp_dummy_build.cpp
endif
$(MAKE) -C fuzz clean
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index d6e4990..f6c6226 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -274,7 +274,9 @@
mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" );
fflush( stdout );
- mbedtls_aes_setkey_dec( &aes, buf, 256 );
+ ret = mbedtls_aes_setkey_dec( &aes, buf, 256 );
+ if( ret != 0 )
+ goto exit;
memset( buf, 0, sizeof( buf ) );
@@ -284,7 +286,9 @@
goto exit;
}
- mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
+ ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
+ if( ret != 0 )
+ goto exit;
buf[16] = '\0';
mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index dccf095..8f032a3 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -295,9 +295,13 @@
mbedtls_printf( "...\n . Encrypting and sending the ciphertext" );
fflush( stdout );
- mbedtls_aes_setkey_enc( &aes, buf, 256 );
+ ret = mbedtls_aes_setkey_enc( &aes, buf, 256 );
+ if( ret != 0 )
+ goto exit;
memcpy( buf, PLAINTEXT, 16 );
- mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
+ ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
+ if( ret != 0 )
+ goto exit;
if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 )
{
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 6a4d0e4..0d531ea 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -197,7 +197,9 @@
{
int ret = 1;
int exit_code = MBEDTLS_EXIT_FAILURE;
- char buf[1024];
+#if defined(MBEDTLS_ERROR_C)
+ char buf[200];
+#endif
int i;
char *p, *q;
@@ -208,7 +210,9 @@
* Set to sane values
*/
mbedtls_pk_init( &key );
+#if defined(MBEDTLS_ERROR_C)
memset( buf, 0, sizeof( buf ) );
+#endif
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
@@ -296,8 +300,7 @@
if( ret != 0 )
{
- mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%04x", (unsigned int) -ret );
goto exit;
}
@@ -357,8 +360,7 @@
if( ret != 0 )
{
- mbedtls_strerror( ret, (char *) buf, sizeof(buf) );
- mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
+ mbedtls_printf( " failed\n ! mbedtls_pk_parse_public_key returned -0x%04x", (unsigned int) -ret );
goto exit;
}
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 2b1e61e..04ec7fc 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -22,7 +22,17 @@
)
if(TEST_CPP)
- list(APPEND executables_mbedcrypto cpp_dummy_build)
+ set(cpp_dummy_build_cpp "${CMAKE_CURRENT_BINARY_DIR}/cpp_dummy_build.cpp")
+ set(generate_cpp_dummy_build "${CMAKE_CURRENT_SOURCE_DIR}/generate_cpp_dummy_build.sh")
+ add_custom_command(
+ OUTPUT "${cpp_dummy_build_cpp}"
+ COMMAND "${generate_cpp_dummy_build}" "${cpp_dummy_build_cpp}"
+ DEPENDS "${generate_cpp_dummy_build}"
+ WORKING_DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+ )
+ add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}")
+ target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include)
+ target_link_libraries(cpp_dummy_build ${mbedcrypto_target})
endif()
foreach(exe IN LISTS executables_libs executables_mbedcrypto)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 9c5911b..88c9e65 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -449,7 +449,8 @@
{
mbedtls_des3_context des3;
mbedtls_des3_init( &des3 );
- mbedtls_des3_set3key_enc( &des3, tmp );
+ if( mbedtls_des3_set3key_enc( &des3, tmp ) != 0 )
+ mbedtls_exit( 1 );
TIME_AND_TSC( "3DES",
mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
mbedtls_des3_free( &des3 );
@@ -459,7 +460,8 @@
{
mbedtls_des_context des;
mbedtls_des_init( &des );
- mbedtls_des_setkey_enc( &des, tmp );
+ if( mbedtls_des_setkey_enc( &des, tmp ) != 0 )
+ mbedtls_exit( 1 );
TIME_AND_TSC( "DES",
mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
mbedtls_des_free( &des );
@@ -497,7 +499,7 @@
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
- mbedtls_aes_setkey_enc( &aes, tmp, keysize );
+ CHECK_AND_CONTINUE( mbedtls_aes_setkey_enc( &aes, tmp, keysize ) );
TIME_AND_TSC( title,
mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
@@ -518,7 +520,7 @@
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
- mbedtls_aes_xts_setkey_enc( &ctx, tmp, keysize * 2 );
+ CHECK_AND_CONTINUE( mbedtls_aes_xts_setkey_enc( &ctx, tmp, keysize * 2 ) );
TIME_AND_TSC( title,
mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE,
diff --git a/programs/test/cpp_dummy_build.cpp b/programs/test/cpp_dummy_build.cpp
deleted file mode 100644
index d052682..0000000
--- a/programs/test/cpp_dummy_build.cpp
+++ /dev/null
@@ -1,123 +0,0 @@
-/*
- * This program is a dummy C++ program to ensure Mbed TLS library header files
- * can be included and built with a C++ compiler.
- *
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0
- *
- * Licensed under the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
- * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/config.h"
-#else
-#include MBEDTLS_CONFIG_FILE
-#endif
-
-#include "mbedtls/aes.h"
-#include "mbedtls/aesni.h"
-#include "mbedtls/arc4.h"
-#include "mbedtls/aria.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/asn1write.h"
-#include "mbedtls/base64.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/blowfish.h"
-#include "mbedtls/bn_mul.h"
-#include "mbedtls/camellia.h"
-#include "mbedtls/ccm.h"
-#include "mbedtls/certs.h"
-#include "mbedtls/chacha20.h"
-#include "mbedtls/chachapoly.h"
-#include "mbedtls/check_config.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/cipher_internal.h"
-#include "mbedtls/cmac.h"
-#include "mbedtls/compat-1.3.h"
-#include "mbedtls/config_psa.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/debug.h"
-#include "mbedtls/des.h"
-#include "mbedtls/dhm.h"
-#include "mbedtls/ecdh.h"
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/ecjpake.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/ecp_internal.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
-#include "mbedtls/error.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/havege.h"
-#include "mbedtls/hkdf.h"
-#include "mbedtls/hmac_drbg.h"
-#include "mbedtls/md.h"
-#include "mbedtls/md2.h"
-#include "mbedtls/md4.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/md_internal.h"
-#include "mbedtls/net.h"
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/nist_kw.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/padlock.h"
-#include "mbedtls/pem.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
-#include "mbedtls/pkcs11.h"
-#include "mbedtls/pkcs12.h"
-#include "mbedtls/pkcs5.h"
-#include "mbedtls/platform_time.h"
-#include "mbedtls/platform_util.h"
-#include "mbedtls/poly1305.h"
-#include "mbedtls/psa_util.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/ssl_cache.h"
-#include "mbedtls/ssl_ciphersuites.h"
-#include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_internal.h"
-#include "mbedtls/ssl_ticket.h"
-#include "mbedtls/threading.h"
-#include "mbedtls/timing.h"
-#include "mbedtls/version.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_csr.h"
-#include "mbedtls/xtea.h"
-
-#if defined(MBEDTLS_PLATFORM_C)
-#include "mbedtls/platform.h"
-#endif
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-#endif
-
-#include "psa/crypto.h"
-#include "psa/crypto_se_driver.h"
-#include "../library/psa_crypto_its.h"
-
-int main()
-{
- mbedtls_platform_context *ctx = NULL;
- mbedtls_platform_setup(ctx);
- mbedtls_printf("CPP Build test\n");
- mbedtls_platform_teardown(ctx);
-}
diff --git a/programs/test/generate_cpp_dummy_build.sh b/programs/test/generate_cpp_dummy_build.sh
new file mode 100755
index 0000000..90a181d
--- /dev/null
+++ b/programs/test/generate_cpp_dummy_build.sh
@@ -0,0 +1,97 @@
+#!/bin/sh
+
+DEFAULT_OUTPUT_FILE=programs/test/cpp_dummy_build.cpp
+
+if [ "$1" = "--help" ]; then
+ cat <<EOF
+Usage: $0 [OUTPUT]
+Generate a C++ dummy build program that includes all the headers.
+OUTPUT defaults to "programs/test/cpp_dummy_build.cpp".
+Run this program from the root of an Mbed TLS directory tree or from
+its "programs" or "programs/test" subdirectory.
+EOF
+ exit
+fi
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -e
+
+# Ensure a reproducible order for *.h
+export LC_ALL=C
+
+print_cpp () {
+ cat <<'EOF'
+/* Automatically generated file. Do not edit.
+ *
+ * This program is a dummy C++ program to ensure Mbed TLS library header files
+ * can be included and built with a C++ compiler.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "mbedtls/config.h"
+
+EOF
+
+ for header in include/mbedtls/*.h include/psa/*.h; do
+ case ${header#include/} in
+ psa/crypto_config.h) :;; # not meant for direct inclusion
+ # Some of the psa/crypto_*.h headers are not meant to be included directly.
+ # They do have include guards that make them no-ops if psa/crypto.h
+ # has been included before. Since psa/crypto.h comes before psa/crypto_*.h
+ # in the wildcard enumeration, we don't need to skip those headers.
+ *) echo "#include \"${header#include/}\"";;
+ esac
+ done
+
+ cat <<'EOF'
+
+int main()
+{
+ mbedtls_platform_context *ctx = NULL;
+ mbedtls_platform_setup(ctx);
+ mbedtls_printf("CPP Build test passed\n");
+ mbedtls_platform_teardown(ctx);
+}
+EOF
+}
+
+if [ -d include/mbedtls ]; then
+ :
+elif [ -d ../include/mbedtls ]; then
+ cd ..
+elif [ -d ../../include/mbedtls ]; then
+ cd ../..
+else
+ echo >&2 "This script must be run from an Mbed TLS source tree."
+ exit 3
+fi
+
+print_cpp >"${1:-$DEFAULT_OUTPUT_FILE}"
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index 9b9d0c0..5dfe383 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -770,6 +770,14 @@
}
#endif /* MBEDTLS_CAMELLIA_SMALL_MEMORY */
+#if defined(MBEDTLS_CHECK_RETURN_WARNING)
+ if( strcmp( "MBEDTLS_CHECK_RETURN_WARNING", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_RETURN_WARNING );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHECK_RETURN_WARNING */
+
#if defined(MBEDTLS_CIPHER_MODE_CBC)
if( strcmp( "MBEDTLS_CIPHER_MODE_CBC", config ) == 0 )
{
@@ -2642,6 +2650,22 @@
}
#endif /* MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO */
+#if defined(MBEDTLS_CHECK_RETURN)
+ if( strcmp( "MBEDTLS_CHECK_RETURN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_CHECK_RETURN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_CHECK_RETURN */
+
+#if defined(MBEDTLS_IGNORE_RETURN)
+ if( strcmp( "MBEDTLS_IGNORE_RETURN", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_IGNORE_RETURN );
+ return( 0 );
+ }
+#endif /* MBEDTLS_IGNORE_RETURN */
+
#if defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
if( strcmp( "MBEDTLS_PSA_HMAC_DRBG_MD_TYPE", config ) == 0 )
{
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index 29cbeb8..5b1c319 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -15,6 +15,7 @@
cert_req
cert_write
crl_app
+ load_roots
req_app
)
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
new file mode 100644
index 0000000..6a40949
--- /dev/null
+++ b/programs/x509/load_roots.c
@@ -0,0 +1,217 @@
+/*
+ * Root CA reading application
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *
+ * This file is provided under the Apache License 2.0, or the
+ * GNU General Public License v2.0 or later.
+ *
+ * **********
+ * Apache License 2.0:
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * **********
+ *
+ * **********
+ * GNU General Public License v2.0 or later:
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * **********
+ */
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#if defined(MBEDTLS_PLATFORM_C)
+#include "mbedtls/platform.h"
+#else
+#include <stdio.h>
+#include <stdlib.h>
+#define mbedtls_time time
+#define mbedtls_time_t time_t
+#define mbedtls_fprintf fprintf
+#define mbedtls_printf printf
+#define mbedtls_exit exit
+#define MBEDTLS_EXIT_SUCCESS EXIT_SUCCESS
+#define MBEDTLS_EXIT_FAILURE EXIT_FAILURE
+#endif /* MBEDTLS_PLATFORM_C */
+
+#if !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
+ !defined(MBEDTLS_TIMING_C)
+int main( void )
+{
+ mbedtls_printf("MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
+ "MBEDTLS_TIMING_C not defined.\n");
+ mbedtls_exit( 0 );
+}
+#else
+
+#include "mbedtls/error.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/x509_crt.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define DFL_ITERATIONS 1
+#define DFL_PRIME_CACHE 1
+
+#define USAGE \
+ "\n usage: load_roots param=<>... [--] FILE...\n" \
+ "\n acceptable parameters:\n" \
+ " iterations=%%d Iteration count (not including cache priming); default: 1\n" \
+ " prime=%%d Prime the disk read cache? Default: 1 (yes)\n" \
+ "\n"
+
+
+/*
+ * global options
+ */
+struct options
+{
+ const char **filenames; /* NULL-terminated list of file names */
+ unsigned iterations; /* Number of iterations to time */
+ int prime_cache; /* Prime the disk read cache? */
+} opt;
+
+
+int read_certificates( const char *const *filenames )
+{
+ mbedtls_x509_crt cas;
+ int ret = 0;
+ const char *const *cur;
+
+ mbedtls_x509_crt_init( &cas );
+
+ for( cur = filenames; *cur != NULL; cur++ )
+ {
+ ret = mbedtls_x509_crt_parse_file( &cas, *cur );
+ if( ret != 0 )
+ {
+#if defined(MBEDTLS_ERROR_C) || defined(MBEDTLS_ERROR_STRERROR_DUMMY)
+ char error_message[200];
+ mbedtls_strerror( ret, error_message, sizeof( error_message ) );
+ printf( "\n%s: -0x%04x (%s)\n",
+ *cur, (unsigned) -ret, error_message );
+#else
+ printf( "\n%s: -0x%04x\n",
+ *cur, (unsigned) -ret );
+#endif
+ goto exit;
+ }
+ }
+
+exit:
+ mbedtls_x509_crt_free( &cas );
+ return( ret == 0 );
+}
+
+int main( int argc, char *argv[] )
+{
+ int exit_code = MBEDTLS_EXIT_FAILURE;
+ unsigned i, j;
+ struct mbedtls_timing_hr_time timer;
+ unsigned long ms;
+
+ if( argc <= 1 )
+ {
+ mbedtls_printf( USAGE );
+ goto exit;
+ }
+
+ opt.filenames = NULL;
+ opt.iterations = DFL_ITERATIONS;
+ opt.prime_cache = DFL_PRIME_CACHE;
+
+ for( i = 1; i < (unsigned) argc; i++ )
+ {
+ char *p = argv[i];
+ char *q = NULL;
+
+ if( strcmp( p, "--" ) == 0 )
+ break;
+ if( ( q = strchr( p, '=' ) ) == NULL )
+ break;
+ *q++ = '\0';
+
+ for( j = 0; p + j < q; j++ )
+ {
+ if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
+ argv[i][j] |= 0x20;
+ }
+
+ if( strcmp( p, "iterations" ) == 0 )
+ {
+ opt.iterations = atoi( q );
+ }
+ else if( strcmp( p, "prime" ) == 0 )
+ {
+ opt.iterations = atoi( q ) != 0;
+ }
+ else
+ {
+ mbedtls_printf( "Unknown option: %s\n", p );
+ mbedtls_printf( USAGE );
+ goto exit;
+ }
+ }
+
+ opt.filenames = (const char**) argv + i;
+ if( *opt.filenames == 0 )
+ {
+ mbedtls_printf( "Missing list of certificate files to parse\n" );
+ goto exit;
+ }
+
+ mbedtls_printf( "Parsing %u certificates", argc - i );
+ if( opt.prime_cache )
+ {
+ if( ! read_certificates( opt.filenames ) )
+ goto exit;
+ mbedtls_printf( " " );
+ }
+
+ (void) mbedtls_timing_get_timer( &timer, 1 );
+ for( i = 1; i <= opt.iterations; i++ )
+ {
+ if( ! read_certificates( opt.filenames ) )
+ goto exit;
+ mbedtls_printf( "." );
+ }
+ ms = mbedtls_timing_get_timer( &timer, 0 );
+ mbedtls_printf( "\n%u iterations -> %lu ms\n", opt.iterations, ms );
+ exit_code = MBEDTLS_EXIT_SUCCESS;
+
+exit:
+ mbedtls_exit( exit_code );
+}
+#endif /* necessary configuration */
diff --git a/tests/Makefile b/tests/Makefile
index 25d9a73..5c59607 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -141,7 +141,7 @@
clean:
ifndef WINDOWS
- rm -rf $(BINARIES) *.c *.datax TESTS
+ rm -rf $(BINARIES) *.c *.datax
rm -f src/*.o src/drivers/*.o src/libmbed*
rm -f include/test/instrument_record_status.h
else
@@ -152,9 +152,6 @@
if exist src/drivers/*.o del /Q /F src/drivers/*.o
if exist src/libmbed* del /Q /F src/libmed*
if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h
-ifneq ($(wildcard TESTS/.*),)
- rmdir /Q /S TESTS
-endif
endif
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
@@ -163,40 +160,6 @@
test: check
-# Create separate targets for generating embedded tests.
-EMBEDDED_TESTS := $(addprefix embedded_,$(APPS))
-
-# Generate test code for target.
-
-.SECONDEXPANSION:
-$(EMBEDDED_TESTS): embedded_%: suites/$$(firstword $$(subst ., ,$$*)).function suites/%.data scripts/generate_test_code.py suites/helpers.function suites/main_test.function suites/target_test.function
- echo " Gen ./TESTS/mbedtls/$*/$*.c"
- $(PYTHON) scripts/generate_test_code.py -f suites/$(firstword $(subst ., ,$*)).function \
- -d suites/$*.data \
- -t suites/main_test.function \
- -p suites/target_test.function \
- -s suites \
- --helpers-file suites/helpers.function \
- -o ./TESTS/mbedtls/$*
-
-generate-target-tests: $(EMBEDDED_TESTS)
-
-define copy_header_to_target
-TESTS/mbedtls/$(1)/$(2): include/test/$(2)
- echo " Copy ./$$@"
-ifndef WINDOWS
- mkdir -p $$(@D)
- cp $$< $$@
-else
- mkdir $$(@D)
- copy $$< $$@
-endif
-
-endef
-$(foreach app, $(APPS), $(foreach file, $(notdir $(wildcard include/test/*.h)), \
- $(eval $(call copy_header_to_target,$(app),$(file)))))
-$(addprefix embedded_,$(filter test_suite_psa_%, $(APPS))): embedded_%: $(patsubst TESTS/mbedtls/%, include/test/%, $(wildcard include/test/*. include/test/*/*.h))
-
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
echo " Gen $@"
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index dfc09cd..5d10190 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -72,6 +72,8 @@
const char *filename;
int line_no;
unsigned long step;
+ char line1[76];
+ char line2[76];
#if defined(MBEDTLS_TEST_MUTEX_USAGE)
const char *mutex_usage_error;
#endif
@@ -131,6 +133,27 @@
void mbedtls_test_info_reset( void );
/**
+ * \brief Record the current test case as a failure if two integers
+ * have a different value.
+ *
+ * This function is usually called via the macro
+ * #TEST_EQUAL.
+ *
+ * \param test Description of the failure or assertion that failed. This
+ * MUST be a string literal. This normally has the form
+ * "EXPR1 == EXPR2" where EXPR1 has the value \p value1
+ * and EXPR2 has the value \p value2.
+ * \param line_no Line number where the failure originated.
+ * \param filename Filename where the failure originated.
+ * \param value1 The first value to compare.
+ * \param value2 The second value to compare.
+ *
+ * \return \c 1 if the values are equal, otherwise \c 0.
+ */
+int mbedtls_test_equal( const char *test, int line_no, const char* filename,
+ unsigned long long value1, unsigned long long value2 );
+
+/**
* \brief This function decodes the hexadecimal representation of
* data.
*
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index b7b6e8f..7b4c2f6 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -84,15 +84,21 @@
} \
} while( 0 )
-/** Evaluate two expressions and fail the test case if they have different
- * values.
+/** Evaluate two integer expressions and fail the test case if they have
+ * different values.
*
- * \param expr1 An expression to evaluate.
- * \param expr2 The expected value of \p expr1. This can be any
- * expression, but it is typically a constant.
+ * The two expressions should have the same signedness, otherwise the
+ * comparison is not meaningful if the signed value is negative.
+ *
+ * \param expr1 An integral-typed expression to evaluate.
+ * \param expr2 Another integral-typed expression to evaluate.
*/
-#define TEST_EQUAL( expr1, expr2 ) \
- TEST_ASSERT( ( expr1 ) == ( expr2 ) )
+#define TEST_EQUAL( expr1, expr2 ) \
+ do { \
+ if( ! mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \
+ expr1, expr2 ) ) \
+ goto exit; \
+ } while( 0 )
/** Allocate memory dynamically and fail the test case if this fails.
* The allocated memory will be filled with zeros.
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index aeb6d7b..aefe029 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1,4 +1,4 @@
-#! /usr/bin/env sh
+#! /usr/bin/env bash
# all.sh
#
@@ -59,6 +59,15 @@
# This script must be invoked from the toplevel directory of a git
# working copy of Mbed TLS.
#
+# The behavior on an error depends on whether --keep-going (alias -k)
+# is in effect.
+# * Without --keep-going: the script stops on the first error without
+# cleaning up. This lets you work in the configuration of the failing
+# component.
+# * With --keep-going: the script runs all requested components and
+# reports failures at the end. In particular the script always cleans
+# up on exit.
+#
# Note that the output is not saved. You may want to run
# script -c tests/scripts/all.sh
# or
@@ -81,6 +90,12 @@
#
# Each component must start by invoking `msg` with a short informative message.
#
+# Warning: due to the way bash detects errors, the failure of a command
+# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
+#
+# Each component is executed in a separate shell process. The component
+# fails if any command in it returns a non-zero status.
+#
# The framework performs some cleanup tasks after each component. This
# means that components can assume that the working directory is in a
# cleaned-up state, and don't need to perform the cleanup themselves.
@@ -91,19 +106,6 @@
# `tests/Makefile` and `programs/fuzz/Makefile` from git.
# This cleans up after an in-tree use of CMake.
#
-# Any command that is expected to fail must be protected so that the
-# script keeps running in --keep-going mode despite `set -e`. In keep-going
-# mode, if a protected command fails, this is logged as a failure and the
-# script will exit with a failure status once it has run all components.
-# Commands can be protected in any of the following ways:
-# * `make` is a function which runs the `make` command with protection.
-# Note that you must write `make VAR=value`, not `VAR=value make`,
-# because the `VAR=value make` syntax doesn't work with functions.
-# * Put `report_status` before the command to protect it.
-# * Put `if_build_successful` before a command. This protects it, and
-# additionally skips it if a prior invocation of `make` in the same
-# component failed.
-#
# The tests are roughly in order from fastest to slowest. This doesn't
# have to be exact, but in general you should add slower tests towards
# the end and fast checks near the beginning.
@@ -114,8 +116,9 @@
#### Initialization and command line parsing
################################################################
-# Abort on errors (and uninitialised variables)
-set -eu
+# Abort on errors (even on the left-hand side of a pipe).
+# Treat uninitialised variables as errors.
+set -e -o pipefail -u
pre_check_environment () {
if [ -d library -a -d include -a -d tests ]; then :; else
@@ -126,9 +129,16 @@
pre_initialize_variables () {
CONFIG_H='include/mbedtls/config.h'
- CONFIG_BAK="$CONFIG_H.bak"
CRYPTO_CONFIG_H='include/psa/crypto_config.h'
- CRYPTO_CONFIG_BAK="$CRYPTO_CONFIG_H.bak"
+
+ # Files that are clobbered by some jobs will be backed up. Use a different
+ # suffix from auxiliary scripts so that all.sh and auxiliary scripts can
+ # independently decide when to remove the backup file.
+ backup_suffix='.all.bak'
+ # Files clobbered by config.py
+ files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H"
+ # Files clobbered by in-tree cmake
+ files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
append_outcome=0
MEMORY=0
@@ -176,8 +186,8 @@
# Gather the list of available components. These are the functions
# defined in this script whose name starts with "component_".
- # Parse the script with sed, because in sh there is no way to list
- # defined functions.
+ # Parse the script with sed. This way we get the functions in the order
+ # they are defined.
ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0")
# Exclude components that are not supported on this platform.
@@ -194,6 +204,8 @@
# Test whether the component $1 is included in the command line patterns.
is_component_included()
{
+ # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
+ # only does word splitting.
set -f
for pattern in $COMMAND_LINE_COMPONENTS; do
set +f
@@ -235,6 +247,11 @@
Prefix for a cross-compiler for arm-linux-gnueabi
(default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
--armcc Run ARM Compiler builds (on by default).
+ --restore First clean up the build tree, restoring backed up
+ files. Do not run any components unless they are
+ explicitly specified.
+ --error-test Error test mode: run a failing function in addition
+ to any specified component. May be repeated.
--except Exclude the COMPONENTs listed on the command line,
instead of running only those.
--no-append-outcome Write a new outcome file and analyze it (default).
@@ -263,13 +280,11 @@
EOF
}
-# remove built files as well as the cmake cache/config
+# Cleanup before/after running a component.
+# Remove built files as well as the cmake cache/config.
+# Does not remove generated source files.
cleanup()
{
- if [ -n "${MBEDTLS_ROOT_DIR+set}" ]; then
- cd "$MBEDTLS_ROOT_DIR"
- fi
-
command make clean
# Remove CMake artefacts
@@ -280,21 +295,26 @@
-iname CMakeCache.txt \) -exec rm {} \+
# Recover files overwritten by in-tree CMake builds
rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
- git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
- git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
rm -f programs/test/cmake_subproject/Makefile
rm -f programs/test/cmake_subproject/cmake_subproject
- if [ -f "$CONFIG_BAK" ]; then
- mv "$CONFIG_BAK" "$CONFIG_H"
- fi
+ # Restore files that may have been clobbered by the job
+ for x in $files_to_back_up; do
+ cp -p "$x$backup_suffix" "$x"
+ done
+}
- if [ -f "$CRYPTO_CONFIG_BAK" ]; then
- mv "$CRYPTO_CONFIG_BAK" "$CRYPTO_CONFIG_H"
- fi
+# Final cleanup when this script exits (except when exiting on a failure
+# in non-keep-going mode).
+final_cleanup () {
+ cleanup
+
+ for x in $files_to_back_up; do
+ rm -f "$x$backup_suffix"
+ done
}
# Executed on exit. May be redefined depending on command line options.
@@ -303,7 +323,7 @@
}
fatal_signal () {
- cleanup
+ final_cleanup
final_report $1
trap - $1
kill -$1 $$
@@ -373,17 +393,11 @@
done
}
-check_headers_in_cpp () {
- ls include/mbedtls | grep "\.h$" >headers.txt
- <programs/test/cpp_dummy_build.cpp sed -n 's/"$//; s!^#include "mbedtls/!!p' |
- sort |
- diff headers.txt -
- rm headers.txt
-}
-
pre_parse_command_line () {
COMMAND_LINE_COMPONENTS=
all_except=0
+ error_test=0
+ restore_first=0
no_armcc=
# Note that legacy options are ignored instead of being omitted from this
@@ -397,6 +411,7 @@
--armcc) no_armcc=;;
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ --error-test) error_test=$((error_test + 1));;
--except) all_except=1;;
--force|-f) FORCE=1;;
--gnutls-cli) shift; GNUTLS_CLI="$1";;
@@ -422,6 +437,7 @@
--quiet|-q) QUIET=1;;
--random-seed) unset SEED;;
--release-test|-r) SEED=$RELEASE_SEED;;
+ --restore) restore_first=1;;
--seed|-s) shift; SEED="$1";;
-*)
echo >&2 "Unknown option: $1"
@@ -434,7 +450,7 @@
done
# With no list of components, run everything.
- if [ -z "$COMMAND_LINE_COMPONENTS" ]; then
+ if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
all_except=1
fi
@@ -444,6 +460,32 @@
COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
fi
+ # Error out if an explicitly requested component doesn't exist.
+ if [ $all_except -eq 0 ]; then
+ unsupported=0
+ # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
+ # only does word splitting.
+ set -f
+ for component in $COMMAND_LINE_COMPONENTS; do
+ set +f
+ # If the requested name includes a wildcard character, don't
+ # check it. Accept wildcard patterns that don't match anything.
+ case $component in
+ *[*?\[]*) continue;;
+ esac
+ case " $SUPPORTED_COMPONENTS " in
+ *" $component "*) :;;
+ *)
+ echo >&2 "Component $component was explicitly requested, but is not known or not supported."
+ unsupported=$((unsupported + 1));;
+ esac
+ done
+ set +f
+ if [ $unsupported -ne 0 ]; then
+ exit 2
+ fi
+ fi
+
# Build the list of components to run.
RUN_COMPONENTS=
for component in $SUPPORTED_COMPONENTS; do
@@ -479,9 +521,36 @@
fi
}
+pre_restore_files () {
+ # If the makefiles have been generated by a framework such as cmake,
+ # restore them from git. If the makefiles look like modifications from
+ # the ones checked into git, take care not to modify them. Whatever
+ # this function leaves behind is what the script will restore before
+ # each component.
+ case "$(head -n1 Makefile)" in
+ *[Gg]enerated*)
+ git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+ git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
+ ;;
+ esac
+}
+
+pre_back_up () {
+ for x in $files_to_back_up; do
+ cp -p "$x" "$x$backup_suffix"
+ done
+}
+
pre_setup_keep_going () {
- failure_summary=
- failure_count=0
+ failure_count=0 # Number of failed components
+ last_failure_status=0 # Last failure status in this component
+
+ # See err_trap
+ previous_failure_status=0
+ previous_failed_command=
+ previous_failure_funcall_depth=0
+ unset report_failed_command
+
start_red=
end_color=
if [ -t 1 ]; then
@@ -492,76 +561,106 @@
;;
esac
fi
- record_status () {
- if "$@"; then
- last_status=0
- else
- last_status=$?
- text="$current_section: $* -> $last_status"
- failure_summary="$failure_summary
-$text"
- failure_count=$((failure_count + 1))
- echo "${start_red}^^^^$text^^^^${end_color}" >&2
- fi
- }
- make () {
- case "$*" in
- *test|*check)
- if [ $build_status -eq 0 ]; then
- record_status command make "$@"
- else
- echo "(skipped because the build failed)"
- fi
- ;;
- *)
- record_status command make "$@"
- build_status=$last_status
- ;;
+
+ # Keep a summary of failures in a file. We'll print it out at the end.
+ failure_summary_file=$PWD/all-sh-failures-$$.log
+ : >"$failure_summary_file"
+
+ # Whether it makes sense to keep a component going after the specified
+ # command fails (test command) or not (configure or build).
+ # This function normally receives the failing simple command
+ # ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
+ # this is passed instead.
+ # This doesn't have to be 100% accurate: all failures are recorded anyway.
+ # False positives result in running things that can't be expected to
+ # work. False negatives result in things not running after something else
+ # failed even though they might have given useful feedback.
+ can_keep_going_after_failure () {
+ case "$1" in
+ "msg "*) false;;
+ "cd "*) false;;
+ *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
+ *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
+ *make*check*) true;;
+ "grep "*) true;;
+ "[ "*) true;;
+ "! "*) true;;
+ *) false;;
esac
}
+
+ # This function runs if there is any error in a component.
+ # It must either exit with a nonzero status, or set
+ # last_failure_status to a nonzero value.
+ err_trap () {
+ # Save $? (status of the failing command). This must be the very
+ # first thing, before $? is overridden.
+ last_failure_status=$?
+ failed_command=${report_failed_command-$BASH_COMMAND}
+
+ if [[ $last_failure_status -eq $previous_failure_status &&
+ "$failed_command" == "$previous_failed_command" &&
+ ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
+ then
+ # The same command failed twice in a row, but this time one level
+ # less deep in the function call stack. This happens when the last
+ # command of a function returns a nonzero status, and the function
+ # returns that same status. Ignore the second failure.
+ previous_failure_funcall_depth=${#FUNCNAME[@]}
+ return
+ fi
+ previous_failure_status=$last_failure_status
+ previous_failed_command=$failed_command
+ previous_failure_funcall_depth=${#FUNCNAME[@]}
+
+ text="$current_section: $failed_command -> $last_failure_status"
+ echo "${start_red}^^^^$text^^^^${end_color}" >&2
+ echo "$text" >>"$failure_summary_file"
+
+ # If the command is fatal (configure or build command), stop this
+ # component. Otherwise (test command) keep the component running
+ # (run more tests from the same build).
+ if ! can_keep_going_after_failure "$failed_command"; then
+ exit $last_failure_status
+ fi
+ }
+
final_report () {
if [ $failure_count -gt 0 ]; then
echo
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
- echo "${start_red}FAILED: $failure_count${end_color}$failure_summary"
+ echo "${start_red}FAILED: $failure_count components${end_color}"
+ cat "$failure_summary_file"
echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
- exit 1
elif [ -z "${1-}" ]; then
echo "SUCCESS :)"
fi
if [ -n "${1-}" ]; then
echo "Killed by SIG$1."
fi
+ rm -f "$failure_summary_file"
+ if [ $failure_count -gt 0 ]; then
+ exit 1
+ fi
}
}
+# record_status() and if_build_succeeded() are kept temporarily for backward
+# compatibility. Don't use them in new components.
+record_status () {
+ "$@"
+}
if_build_succeeded () {
- if [ $build_status -eq 0 ]; then
- record_status "$@"
- fi
+ "$@"
}
-# to be used instead of ! for commands run with
-# record_status or if_build_succeeded
-not() {
- ! "$@"
-}
-
-pre_setup_quiet_redirect () {
- if [ $QUIET -ne 1 ]; then
- redirect_out () {
- "$@"
- }
- redirect_err () {
- "$@"
- }
- else
- redirect_out () {
- "$@" >/dev/null
- }
- redirect_err () {
- "$@" 2>/dev/null
- }
+# '! true' does not trigger the ERR trap. Arrange to trigger it, with
+# a reasonably informative error message (not just "$@").
+not () {
+ if "$@"; then
+ report_failed_command="! $*"
+ false
+ unset report_failed_command
fi
}
@@ -686,28 +785,28 @@
component_check_recursion () {
msg "Check: recursion.pl" # < 1s
- record_status tests/scripts/recursion.pl library/*.c
+ tests/scripts/recursion.pl library/*.c
}
component_check_generated_files () {
msg "Check: freshness of generated source files" # < 1s
- record_status tests/scripts/check-generated-files.sh
+ tests/scripts/check-generated-files.sh
}
component_check_doxy_blocks () {
msg "Check: doxygen markup outside doxygen blocks" # < 1s
- record_status tests/scripts/check-doxy-blocks.pl
+ tests/scripts/check-doxy-blocks.pl
}
component_check_files () {
msg "Check: file sanity checks (permissions, encodings)" # < 1s
- record_status tests/scripts/check_files.py
+ tests/scripts/check_files.py
}
component_check_changelog () {
msg "Check: changelog entries" # < 1s
rm -f ChangeLog.new
- record_status scripts/assemble_changelog.py -o ChangeLog.new
+ scripts/assemble_changelog.py -o ChangeLog.new
if [ -e ChangeLog.new ]; then
# Show the diff for information. It isn't an error if the diff is
# non-empty.
@@ -718,7 +817,7 @@
component_check_names () {
msg "Check: declared and exported names (builds the library)" # < 3s
- record_status tests/scripts/check_names.py -v
+ tests/scripts/check_names.py -v
}
component_check_test_cases () {
@@ -728,13 +827,13 @@
else
opt=''
fi
- record_status tests/scripts/check_test_cases.py $opt
+ tests/scripts/check_test_cases.py $opt
unset opt
}
component_check_doxygen_warnings () {
msg "Check: doxygen warnings (builds the documentation)" # ~ 3s
- record_status tests/scripts/doxygen.sh
+ tests/scripts/doxygen.sh
}
@@ -754,7 +853,7 @@
make test
msg "selftest: make, default config (out-of-box)" # ~10s
- if_build_succeeded programs/test/selftest
+ programs/test/selftest
export MBEDTLS_TEST_OUTCOME_FILE="$SAVE_MBEDTLS_TEST_OUTCOME_FILE"
unset SAVE_MBEDTLS_TEST_OUTCOME_FILE
@@ -769,16 +868,16 @@
make test
msg "test: selftest (ASan build)" # ~ 10s
- if_build_succeeded programs/test/selftest
+ programs/test/selftest
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
msg "test: compat.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/compat.sh
+ tests/compat.sh
msg "test: context-info.sh (ASan build)" # ~ 15 sec
- if_build_succeeded tests/context-info.sh
+ tests/context-info.sh
}
component_test_full_cmake_gcc_asan () {
@@ -791,16 +890,16 @@
make test
msg "test: selftest (ASan build)" # ~ 10s
- if_build_succeeded programs/test/selftest
+ programs/test/selftest
msg "test: ssl-opt.sh (full config, ASan build)"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
msg "test: compat.sh (full config, ASan build)"
- if_build_succeeded tests/compat.sh
+ tests/compat.sh
msg "test: context-info.sh (full config, ASan build)" # ~ 15 sec
- if_build_succeeded tests/context-info.sh
+ tests/context-info.sh
}
component_test_psa_crypto_key_id_encodes_owner () {
@@ -838,7 +937,7 @@
# Check that if a symbol is renamed by crypto_spe.h, the non-renamed
# version is not present.
echo "Checking for renamed symbols in the library"
- if_build_succeeded check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
+ check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
}
component_test_psa_crypto_client () {
@@ -855,13 +954,13 @@
component_test_zlib_make() {
msg "build: zlib enabled, make"
scripts/config.py set MBEDTLS_ZLIB_SUPPORT
- make ZLIB=1 CFLAGS='-Werror -O1'
+ make ZLIB=1 CFLAGS='-Werror -O2'
msg "test: main suites (zlib, make)"
make test
msg "test: ssl-opt.sh (zlib, make)"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
}
support_test_zlib_make () {
base=support_test_zlib_$$
@@ -878,14 +977,14 @@
component_test_zlib_cmake() {
msg "build: zlib enabled, cmake"
scripts/config.py set MBEDTLS_ZLIB_SUPPORT
- cmake -D ENABLE_ZLIB_SUPPORT=On -D CMAKE_BUILD_TYPE:String=Check .
+ cmake -D ENABLE_ZLIB_SUPPORT=On -D CMAKE_BUILD_TYPE:String=Release .
make
msg "test: main suites (zlib, cmake)"
make test
msg "test: ssl-opt.sh (zlib, cmake)"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
}
support_test_zlib_cmake () {
support_test_zlib_make "$@"
@@ -903,7 +1002,7 @@
component_test_ref_configs () {
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
- record_status tests/scripts/test-ref-configs.pl
+ tests/scripts/test-ref-configs.pl
}
component_test_sslv3 () {
@@ -916,14 +1015,14 @@
make test
msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
+ tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2'
+ env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3'
msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
msg "build: SSLv3 - context-info.sh (ASan build)" # ~ 15 sec
- if_build_succeeded tests/context-info.sh
+ tests/context-info.sh
}
component_test_no_renegotiation () {
@@ -936,7 +1035,7 @@
make test
msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
}
component_test_no_pem_no_fs () {
@@ -952,7 +1051,7 @@
make test
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
}
component_test_rsa_no_crt () {
@@ -965,13 +1064,13 @@
make test
msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s
- if_build_succeeded tests/ssl-opt.sh -f RSA
+ tests/ssl-opt.sh -f RSA
msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min
- if_build_succeeded tests/compat.sh -t RSA
+ tests/compat.sh -t RSA
msg "test: RSA_NO_CRT - RSA-related part of context-info.sh (ASan build)" # ~ 15 sec
- if_build_succeeded tests/context-info.sh
+ tests/context-info.sh
}
component_test_no_ctr_drbg_classic () {
@@ -990,10 +1089,10 @@
# The SSL tests are slow, so run a small subset, just enough to get
# confidence that the SSL code copes with HMAC_DRBG.
msg "test: Full minus CTR_DRBG, classic crypto - ssl-opt.sh (subset)"
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
+ tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
msg "test: Full minus CTR_DRBG, classic crypto - compat.sh (subset)"
- if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
+ tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
}
component_test_no_ctr_drbg_use_psa () {
@@ -1012,10 +1111,10 @@
# The SSL tests are slow, so run a small subset, just enough to get
# confidence that the SSL code copes with HMAC_DRBG.
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
+ tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
- if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
+ tests/compat.sh -m tls1_2 -t 'ECDSA PSK' -V NO -p OpenSSL
}
component_test_no_hmac_drbg_classic () {
@@ -1037,12 +1136,12 @@
# Test SSL with non-deterministic ECDSA. Only test features that
# might be affected by how ECDSA signature is performed.
msg "test: Full minus HMAC_DRBG, classic crypto - ssl-opt.sh (subset)"
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
+ tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
# To save time, only test one protocol version, since this part of
# the protocol is identical in (D)TLS up to 1.2.
msg "test: Full minus HMAC_DRBG, classic crypto - compat.sh (ECDSA)"
- if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA'
+ tests/compat.sh -m tls1_2 -t 'ECDSA'
}
component_test_no_hmac_drbg_use_psa () {
@@ -1064,12 +1163,12 @@
# Test SSL with non-deterministic ECDSA. Only test features that
# might be affected by how ECDSA signature is performed.
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
+ tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
# To save time, only test one protocol version, since this part of
# the protocol is identical in (D)TLS up to 1.2.
msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
- if_build_succeeded tests/compat.sh -m tls1_2 -t 'ECDSA'
+ tests/compat.sh -m tls1_2 -t 'ECDSA'
}
component_test_psa_external_rng_no_drbg_classic () {
@@ -1093,7 +1192,7 @@
make test
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, classic crypto - ssl-opt.sh (subset)"
- if_build_succeeded tests/ssl-opt.sh -f 'Default'
+ tests/ssl-opt.sh -f 'Default'
}
component_test_psa_external_rng_no_drbg_use_psa () {
@@ -1113,7 +1212,7 @@
make test
msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - ssl-opt.sh (subset)"
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque'
+ tests/ssl-opt.sh -f 'Default\|opaque'
}
component_test_psa_external_rng_use_psa_crypto () {
@@ -1128,7 +1227,7 @@
make test
msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|opaque'
+ tests/ssl-opt.sh -f 'Default\|opaque'
}
component_test_ecp_no_internal_rng () {
@@ -1178,11 +1277,11 @@
make test
msg "test: new ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
- if_build_succeeded tests/ssl-opt.sh -f ECDH
+ tests/ssl-opt.sh -f ECDH
msg "test: new ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
+ tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
}
component_test_everest () {
@@ -1196,11 +1295,11 @@
make test
msg "test: Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
- if_build_succeeded tests/ssl-opt.sh -f ECDH
+ tests/ssl-opt.sh -f ECDH
msg "test: Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
+ tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
}
component_test_everest_curve25519_only () {
@@ -1230,7 +1329,7 @@
make
msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet"
+ tests/ssl-opt.sh -f "Max fragment\|Large packet"
}
component_test_small_ssl_in_content_len () {
@@ -1241,7 +1340,7 @@
make
msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment"
+ tests/ssl-opt.sh -f "Max fragment"
}
component_test_small_ssl_dtls_max_buffering () {
@@ -1251,7 +1350,7 @@
make
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test"
- if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
+ tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg"
}
component_test_small_mbedtls_ssl_dtls_max_buffering () {
@@ -1261,38 +1360,38 @@
make
msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test"
- if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
+ tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket"
}
component_test_psa_collect_statuses () {
msg "build+test: psa_collect_statuses" # ~30s
scripts/config.py full
- record_status tests/scripts/psa_collect_statuses.py
+ tests/scripts/psa_collect_statuses.py
# Check that psa_crypto_init() succeeded at least once
- record_status grep -q '^0:psa_crypto_init:' tests/statuses.log
+ grep -q '^0:psa_crypto_init:' tests/statuses.log
rm -f tests/statuses.log
}
component_test_full_cmake_clang () {
msg "build: cmake, full config, clang" # ~ 50s
scripts/config.py full
- CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
+ CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release -D ENABLE_TESTING=On .
make
msg "test: main suites (full config, clang)" # ~ 5s
make test
msg "test: psa_constant_names (full config, clang)" # ~ 1s
- record_status tests/scripts/test_psa_constant_names.py
+ tests/scripts/test_psa_constant_names.py
msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
+ tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private'
msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
+ env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR'
msg "test: compat.sh ARIA + ChachaPoly"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+ env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
component_test_memsan_constant_flow () {
@@ -1399,70 +1498,68 @@
msg "build: make, crypto only"
scripts/config.py crypto
make CFLAGS='-O1 -Werror'
- if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
+ are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
component_build_crypto_full () {
msg "build: make, crypto only, full config"
scripts/config.py crypto_full
make CFLAGS='-O1 -Werror'
- if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
+ are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
component_build_crypto_baremetal () {
msg "build: make, crypto only, baremetal config"
scripts/config.py crypto_baremetal
make CFLAGS='-O1 -Werror'
- if_build_succeeded are_empty_libraries library/libmbedx509.* library/libmbedtls.*
+ are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min
- record_status tests/scripts/curves.pl
+ tests/scripts/curves.pl
}
component_test_depends_curves_psa () {
msg "test/build: curves.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
- record_status tests/scripts/curves.pl
+ tests/scripts/curves.pl
}
component_test_depends_hashes () {
msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min
- record_status tests/scripts/depends-hashes.pl
+ tests/scripts/depends-hashes.pl
}
component_test_depends_hashes_psa () {
msg "test/build: depends-hashes.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
- record_status tests/scripts/depends-hashes.pl
+ tests/scripts/depends-hashes.pl
}
component_test_depends_pkalgs () {
msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min
- record_status tests/scripts/depends-pkalgs.pl
+ tests/scripts/depends-pkalgs.pl
}
component_test_depends_pkalgs_psa () {
msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
- record_status tests/scripts/depends-pkalgs.pl
+ tests/scripts/depends-pkalgs.pl
}
component_build_key_exchanges () {
msg "test/build: key-exchanges (gcc)" # ~ 1 min
- record_status tests/scripts/key-exchanges.pl
+ tests/scripts/key-exchanges.pl
}
-component_build_default_make_gcc_and_cxx () {
- msg "build: Unix make, -Os (gcc)" # ~ 30s
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
+component_test_make_cxx () {
+ msg "build: Unix make, full, gcc + g++"
+ scripts/config.py full
+ make TEST_CPP=1 lib programs
- msg "test: verify header list in cpp_dummy_build.cpp"
- record_status check_headers_in_cpp
-
- msg "build: Unix make, incremental g++"
- make TEST_CPP=1
+ msg "test: cpp_dummy_build"
+ programs/test/cpp_dummy_build
}
component_test_no_use_psa_crypto_full_cmake_asan() {
@@ -1482,16 +1579,16 @@
make test
msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded tests/compat.sh
+ tests/compat.sh
msg "test: compat.sh RC4, DES & NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
+ env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR'
msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
- if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
+ env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
component_test_psa_crypto_config_basic() {
@@ -1547,6 +1644,19 @@
make test
}
+component_test_psa_crypto_config_chachapoly_disabled() {
+ # full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
+ msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_CHACHAPOLY_C
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM
+ scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
+
+ msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
+ make test
+}
+
# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test.
component_build_psa_accel_alg_ecdsa() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA
@@ -1975,7 +2085,8 @@
scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
+ make
}
component_build_no_ssl_srv () {
@@ -2008,7 +2119,7 @@
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
scripts/config.py set MBEDTLS_MEMORY_BACKTRACE
scripts/config.py set MBEDTLS_MEMORY_DEBUG
- CC=gcc cmake .
+ CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
make
msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C and MBEDTLS_MEMORY_BACKTRACE"
@@ -2019,7 +2130,7 @@
msg "build: default config with memory buffer allocator"
scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.py set MBEDTLS_PLATFORM_MEMORY
- CC=gcc cmake .
+ CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
make
msg "test: MBEDTLS_MEMORY_BUFFER_ALLOC_C"
@@ -2027,7 +2138,7 @@
msg "test: ssl-opt.sh, MBEDTLS_MEMORY_BUFFER_ALLOC_C"
# MBEDTLS_MEMORY_BUFFER_ALLOC is slow. Skip tests that tend to time out.
- if_build_succeeded tests/ssl-opt.sh -e '^DTLS proxy'
+ tests/ssl-opt.sh -e '^DTLS proxy'
}
component_test_no_max_fragment_length () {
@@ -2038,7 +2149,7 @@
make
msg "test: ssl-opt.sh, MFL-related tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment length"
+ tests/ssl-opt.sh -f "Max fragment length"
}
component_test_asan_remove_peer_certificate () {
@@ -2051,13 +2162,13 @@
make test
msg "test: ssl-opt.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
msg "test: compat.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
- if_build_succeeded tests/compat.sh
+ tests/compat.sh
msg "test: context-info.sh, !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE"
- if_build_succeeded tests/context-info.sh
+ tests/context-info.sh
}
component_test_no_max_fragment_length_small_ssl_out_content_len () {
@@ -2069,10 +2180,10 @@
make
msg "test: MFL tests (disabled MFL extension case) & large packet tests"
- if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
+ tests/ssl-opt.sh -f "Max fragment length\|Large buffer"
msg "test: context-info.sh (disabled MFL extension case)"
- if_build_succeeded tests/context-info.sh
+ tests/context-info.sh
}
component_test_variable_ssl_in_out_buffer_len () {
@@ -2085,10 +2196,10 @@
make test
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH enabled"
- if_build_succeeded tests/compat.sh
+ tests/compat.sh
}
component_test_variable_ssl_in_out_buffer_len_CID () {
@@ -2103,10 +2214,10 @@
make test
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_DTLS_CONNECTION_ID enabled"
- if_build_succeeded tests/compat.sh
+ tests/compat.sh
}
component_test_variable_ssl_in_out_buffer_len_record_splitting () {
@@ -2121,10 +2232,10 @@
make test
msg "test: ssl-opt.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
msg "test: compat.sh, MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH and MBEDTLS_SSL_CBC_RECORD_SPLITTING enabled"
- if_build_succeeded tests/compat.sh
+ tests/compat.sh
}
component_test_ssl_alloc_buffer_and_mfl () {
@@ -2134,14 +2245,14 @@
scripts/config.py set MBEDTLS_MEMORY_DEBUG
scripts/config.py set MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
scripts/config.py set MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
- CC=gcc cmake .
+ CC=gcc cmake -DCMAKE_BUILD_TYPE:String=Release .
make
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
make test
msg "test: MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, MBEDTLS_MEMORY_BUFFER_ALLOC_C, MBEDTLS_MEMORY_DEBUG and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH"
- if_build_succeeded tests/ssl-opt.sh -f "Handshake memory usage"
+ tests/ssl-opt.sh -f "Handshake memory usage"
}
component_test_when_no_ciphersuites_have_mac () {
@@ -2155,7 +2266,7 @@
make test
msg "test ssl-opt.sh: !MBEDTLS_SSL_SOME_MODES_USE_MAC"
- if_build_succeeded tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
+ tests/ssl-opt.sh -f 'Default\|EtM' -e 'without EtM'
}
component_test_null_entropy () {
@@ -2177,7 +2288,7 @@
component_test_no_date_time () {
msg "build: default config without MBEDTLS_HAVE_TIME_DATE"
scripts/config.py unset MBEDTLS_HAVE_TIME_DATE
- CC=gcc cmake
+ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
make
msg "test: !MBEDTLS_HAVE_TIME_DATE - main suites"
@@ -2207,7 +2318,7 @@
msg "selftest: malloc(0) returns NULL (ASan+UBSan build)"
# Just the calloc selftest. "make test" ran the others as part of the
# test suites.
- if_build_succeeded programs/test/selftest calloc
+ programs/test/selftest calloc
msg "test ssl-opt.sh: malloc(0) returns NULL (ASan+UBSan build)"
# Run a subset of the tests. The choice is a balance between coverage
@@ -2215,7 +2326,7 @@
# The current choice is to skip tests whose description includes
# "proxy", which is an approximation of skipping tests that use the
# UDP proxy, which tend to be slower and flakier.
- if_build_succeeded tests/ssl-opt.sh -e 'proxy'
+ tests/ssl-opt.sh -e 'proxy'
}
component_test_aes_fewer_tables () {
@@ -2358,7 +2469,8 @@
}
component_test_m32_o0 () {
- # Build once with -O0, to compile out the i386 specific inline assembly
+ # Build without optimization, so as to use portable C code (in a 32-bit
+ # build) and not the i386-specific inline assembly.
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
scripts/config.py full
make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O0" LDFLAGS="-m32 $ASAN_CFLAGS"
@@ -2373,19 +2485,20 @@
esac
}
-component_test_m32_o1 () {
- # Build again with -O1, to compile in the i386 specific inline assembly
- msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s
+component_test_m32_o2 () {
+ # Build with optimization, to use the i386 specific inline assembly
+ # and go faster for tests.
+ msg "build: i386, make, gcc -O2 (ASan build)" # ~ 30s
scripts/config.py full
- make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O1" LDFLAGS="-m32 $ASAN_CFLAGS"
+ make CC=gcc CFLAGS="$ASAN_CFLAGS -m32 -O2" LDFLAGS="-m32 $ASAN_CFLAGS"
- msg "test: i386, make, gcc -O1 (ASan build)"
+ msg "test: i386, make, gcc -O2 (ASan build)"
make test
- msg "test ssl-opt.sh, i386, make, gcc-O1"
- if_build_succeeded tests/ssl-opt.sh
+ msg "test ssl-opt.sh, i386, make, gcc-O2"
+ tests/ssl-opt.sh
}
-support_test_m32_o1 () {
+support_test_m32_o2 () {
support_test_m32_o0 "$@"
}
@@ -2399,11 +2512,11 @@
make test
msg "test: i386, Everest ECDH context - ECDH-related part of ssl-opt.sh (ASan build)" # ~ 5s
- if_build_succeeded tests/ssl-opt.sh -f ECDH
+ tests/ssl-opt.sh -f ECDH
msg "test: i386, Everest ECDH context - compat.sh with some ECDH ciphersuites (ASan build)" # ~ 3 min
# Exclude some symmetric ciphers that are redundant here to gain time.
- if_build_succeeded tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
+ tests/compat.sh -f ECDH -V NO -e 'ARCFOUR\|ARIA\|CAMELLIA\|CHACHA\|DES\|RC4'
}
support_test_m32_everest () {
support_test_m32_o0 "$@"
@@ -2543,7 +2656,7 @@
scripts/config.py set MBEDTLS_NO_UDBL_DIVISION
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
- if_build_succeeded not grep __aeabi_uldiv library/*.o
+ not grep __aeabi_uldiv library/*.o
}
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
@@ -2552,7 +2665,7 @@
scripts/config.py set MBEDTLS_NO_64BIT_MULTIPLICATION
make CC="${ARM_NONE_EABI_GCC_PREFIX}gcc" AR="${ARM_NONE_EABI_GCC_PREFIX}ar" LD="${ARM_NONE_EABI_GCC_PREFIX}ld" CFLAGS='-std=c99 -Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
- if_build_succeeded not grep __aeabi_lmul library/*.o
+ not grep __aeabi_lmul library/*.o
}
component_build_armcc () {
@@ -2626,13 +2739,13 @@
make test
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
- if_build_succeeded tests/ssl-opt.sh
+ tests/ssl-opt.sh
# Optional part(s)
if [ "$MEMORY" -gt 0 ]; then
msg "test: compat.sh (MSan)" # ~ 6 min 20s
- if_build_succeeded tests/compat.sh
+ tests/compat.sh
fi
}
@@ -2648,17 +2761,17 @@
# seem to receive signals under valgrind on OS X).
if [ "$MEMORY" -gt 0 ]; then
msg "test: ssl-opt.sh --memcheck (Release)"
- if_build_succeeded tests/ssl-opt.sh --memcheck
+ tests/ssl-opt.sh --memcheck
fi
if [ "$MEMORY" -gt 1 ]; then
msg "test: compat.sh --memcheck (Release)"
- if_build_succeeded tests/compat.sh --memcheck
+ tests/compat.sh --memcheck
fi
if [ "$MEMORY" -gt 0 ]; then
msg "test: context-info.sh --memcheck (Release)"
- if_build_succeeded tests/context-info.sh --memcheck
+ tests/context-info.sh --memcheck
fi
}
@@ -2667,7 +2780,7 @@
MBEDTLS_ROOT_DIR="$PWD"
mkdir "$OUT_OF_SOURCE_DIR"
cd "$OUT_OF_SOURCE_DIR"
- cmake "$MBEDTLS_ROOT_DIR"
+ cmake -D CMAKE_BUILD_TYPE:String=Check "$MBEDTLS_ROOT_DIR"
make
msg "test: cmake 'out-of-source' build"
@@ -2677,15 +2790,13 @@
# "No such file or directory", which would indicate that some required
# file is missing (ssl-opt.sh tolerates the absence of some files so
# may exit with status 0 but emit errors).
- if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
- if [ -s ssl-opt.err ]; then
- cat ssl-opt.err >&2
- record_status [ ! -s ssl-opt.err ]
- rm ssl-opt.err
- fi
+ ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err
+ cat ssl-opt.err >&2
+ # If ssl-opt.err is non-empty, record an error and keep going.
+ [ ! -s ssl-opt.err ]
+ rm ssl-opt.err
cd "$MBEDTLS_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
- unset MBEDTLS_ROOT_DIR
}
component_test_cmake_as_subdirectory () {
@@ -2695,7 +2806,7 @@
cd programs/test/cmake_subproject
cmake .
make
- if_build_succeeded ./cmake_subproject
+ ./cmake_subproject
cd "$MBEDTLS_ROOT_DIR"
unset MBEDTLS_ROOT_DIR
@@ -2720,9 +2831,9 @@
for compiler in clang gcc; do
msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()"
make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag"
- if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
- if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log
- if_build_succeeded not grep -i "error" test_zeroize.log
+ gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log
+ grep "The buffer was correctly zeroized" test_zeroize.log
+ not grep -i "error" test_zeroize.log
rm -f test_zeroize.log
make clean
done
@@ -2733,7 +2844,7 @@
component_check_python_files () {
msg "Lint: Python scripts"
- record_status tests/scripts/check-python-files.sh
+ tests/scripts/check-python-files.sh
}
component_check_generate_test_code () {
@@ -2741,7 +2852,7 @@
# unittest writes out mundane stuff like number or tests run on stderr.
# Our convention is to reserve stderr for actual errors, and write
# harmless info on stdout so it can be suppress with --quiet.
- record_status ./tests/scripts/test_generate_test_code.py 2>&1
+ ./tests/scripts/test_generate_test_code.py 2>&1
}
################################################################
@@ -2750,7 +2861,7 @@
post_report () {
msg "Done, cleaning up"
- cleanup
+ final_cleanup
final_report
}
@@ -2761,26 +2872,71 @@
#### Run all the things
################################################################
+# Function invoked by --error-test to test error reporting.
+pseudo_component_error_test () {
+ msg "Testing error reporting $error_test_i"
+ if [ $KEEP_GOING -ne 0 ]; then
+ echo "Expect three failing commands."
+ fi
+ # If the component doesn't run in a subshell, changing error_test_i to an
+ # invalid integer will cause an error in the loop that runs this function.
+ error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
+ # Expected error: 'grep non_existent /dev/null -> 1'
+ grep non_existent /dev/null
+ # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
+ not grep -q . "$0"
+ # Expected error: 'make unknown_target -> 2'
+ make unknown_target
+ false "this should not be executed"
+}
+
# Run one component and clean up afterwards.
run_component () {
- # Back up the configuration in case the component modifies it.
- # The cleanup function will restore it.
- cp -p "$CONFIG_H" "$CONFIG_BAK"
- cp -p "$CRYPTO_CONFIG_H" "$CRYPTO_CONFIG_BAK"
current_component="$1"
export MBEDTLS_TEST_CONFIGURATION="$current_component"
# Unconditionally create a seedfile that's sufficiently long.
# Do this before each component, because a previous component may
# have messed it up or shortened it.
- redirect_err dd if=/dev/urandom of=./tests/seedfile bs=64 count=1
+ local dd_cmd
+ dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
+ case $OSTYPE in
+ linux*|freebsd*|openbsd*|darwin*) dd_cmd+=(status=none)
+ esac
+ "${dd_cmd[@]}"
- # Run the component code.
- if [ $QUIET -eq 1 ]; then
- # msg() is silenced, so just print the component name here
- echo "${current_component#component_}"
+ # Run the component in a subshell, with error trapping and output
+ # redirection set up based on the relevant options.
+ if [ $KEEP_GOING -eq 1 ]; then
+ # We want to keep running if the subshell fails, so 'set -e' must
+ # be off when the subshell runs.
+ set +e
fi
- redirect_out "$@"
+ (
+ if [ $QUIET -eq 1 ]; then
+ # msg() will be silenced, so just print the component name here.
+ echo "${current_component#component_}"
+ exec >/dev/null
+ fi
+ if [ $KEEP_GOING -eq 1 ]; then
+ # Keep "set -e" off, and run an ERR trap instead to record failures.
+ set -E
+ trap err_trap ERR
+ fi
+ # The next line is what runs the component
+ "$@"
+ if [ $KEEP_GOING -eq 1 ]; then
+ trap - ERR
+ exit $last_failure_status
+ fi
+ )
+ component_status=$?
+ if [ $KEEP_GOING -eq 1 ]; then
+ set -e
+ if [ $component_status -ne 0 ]; then
+ failure_count=$((failure_count + 1))
+ fi
+ fi
# Restore the build tree to a clean state.
cleanup
@@ -2793,22 +2949,23 @@
pre_parse_command_line "$@"
pre_check_git
+pre_restore_files
+pre_back_up
build_status=0
if [ $KEEP_GOING -eq 1 ]; then
pre_setup_keep_going
-else
- record_status () {
- "$@"
- }
fi
-pre_setup_quiet_redirect
pre_prepare_outcome_file
pre_print_configuration
pre_check_tools
cleanup
# Run the requested tests.
+for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
+ run_component pseudo_component_error_test
+done
+unset error_test_i
for component in $RUN_COMPONENTS; do
run_component "component_$component"
done
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index 441b1c2..64c43b2 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -149,8 +149,30 @@
tc.set_arguments([key_type] + list(args))
return tc
+def test_case_for_key_type_invalid_argument(
+ verb: str, key_type: str, bits: int,
+ dependencies: List[str],
+ *args: str,
+ param_descr: str = ''
+) -> test_case.TestCase:
+ """Return one test case exercising a key creation method
+ for an invalid argument when key is public.
+ """
+ hack_dependencies_not_implemented(dependencies)
+ tc = test_case.TestCase()
+ short_key_type = re.sub(r'PSA_(KEY_TYPE|ECC_FAMILY)_', r'', key_type)
+ adverb = 'not' if dependencies else 'never'
+ if param_descr:
+ adverb = param_descr + ' ' + adverb
+ tc.set_description('PSA {} {} {}-bit invalid argument'
+ .format(verb, short_key_type, bits))
+ tc.set_function(verb + '_invalid_argument')
+ tc.set_dependencies(dependencies)
+ tc.set_arguments([key_type] + list(args))
+ return tc
+
class NotSupported:
- """Generate test cases for when something is not supported."""
+ """Generate test cases for when something is not supported or argument is inavlid."""
def __init__(self, info: Information) -> None:
self.constructors = info.constructors
@@ -165,11 +187,13 @@
param: Optional[int] = None,
param_descr: str = '',
) -> Iterator[test_case.TestCase]:
- """Return test cases exercising key creation when the given type is unsupported.
+ """Return test cases exercising key creation when the given type is unsupported
+ or argument is invalid.
If param is present and not None, emit test cases conditioned on this
parameter not being supported. If it is absent or None, emit test cases
- conditioned on the base type not being supported.
+ conditioned on the base type not being supported. If key is public emit test
+ case for invalid argument.
"""
if kt.name in self.ALWAYS_SUPPORTED:
# Don't generate test cases for key types that are always supported.
@@ -197,12 +221,20 @@
# supported or not depending on implementation capabilities,
# only generate the test case once.
continue
- yield test_case_for_key_type_not_supported(
- 'generate', kt.expression, bits,
- finish_family_dependencies(generate_dependencies, bits),
- str(bits),
- param_descr=param_descr,
- )
+ if kt.name.endswith('_PUBLIC_KEY'):
+ yield test_case_for_key_type_invalid_argument(
+ 'generate', kt.expression, bits,
+ finish_family_dependencies(generate_dependencies, bits),
+ str(bits),
+ param_descr=param_descr,
+ )
+ else:
+ yield test_case_for_key_type_not_supported(
+ 'generate', kt.expression, bits,
+ finish_family_dependencies(generate_dependencies, bits),
+ str(bits),
+ param_descr=param_descr,
+ )
# To be added: derive
ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR',
@@ -223,7 +255,6 @@
yield from self.test_cases_for_key_type_not_supported(
kt, 0, param_descr='curve')
-
class StorageKey(psa_storage.Key):
"""Representation of a key for storage format testing."""
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index 7382fb6..f5750aa 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -106,10 +106,6 @@
Platform file contains platform specific setup code and test case
dispatch code. For example, host_test.function reads test data
file from host's file system and dispatches tests.
-In case of on-target target_test.function tests are not dispatched
-on target. Target code is kept minimum and only test functions are
-dispatched. Test case dispatch is done on the host using tools like
-Greentea.
Template file:
---------
diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py
deleted file mode 100755
index 64f12bb..0000000
--- a/tests/scripts/mbedtls_test.py
+++ /dev/null
@@ -1,382 +0,0 @@
-#!/usr/bin/env python3
-
-# Greentea host test script for Mbed TLS on-target test suite testing.
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-
-"""
-Mbed TLS on-target test suite tests are implemented as Greentea
-tests. Greentea tests are implemented in two parts: target test and
-host test. Target test is a C application that is built for the
-target platform and executes on the target. Host test is a Python
-class derived from mbed_host_tests.BaseHostTest. Target communicates
-with the host over serial for the test data and sends back the result.
-
-Python tool mbedgt (Greentea) is responsible for flashing the test
-binary on to the target and dynamically loading this host test module.
-
-Greentea documentation can be found here:
-https://github.com/ARMmbed/greentea
-"""
-
-
-import re
-import os
-import binascii
-
-from mbed_host_tests import BaseHostTest, event_callback # type: ignore # pylint: disable=import-error
-
-
-class TestDataParserError(Exception):
- """Indicates error in test data, read from .data file."""
- pass
-
-
-class TestDataParser:
- """
- Parses test name, dependencies, test function name and test parameters
- from the data file.
- """
-
- def __init__(self):
- """
- Constructor
- """
- self.tests = []
-
- def parse(self, data_file):
- """
- Data file parser.
-
- :param data_file: Data file path
- """
- with open(data_file, 'r') as data_f:
- self.__parse(data_f)
-
- @staticmethod
- def __escaped_split(inp_str, split_char):
- """
- Splits inp_str on split_char except when escaped.
-
- :param inp_str: String to split
- :param split_char: Split character
- :return: List of splits
- """
- split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x)
- if len(split_char) > 1:
- raise ValueError('Expected split character. Found string!')
- out = list(map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str)))
- out = [x for x in out if x]
- return out
-
- def __parse(self, data_f):
- """
- Parses data file using supplied file object.
-
- :param data_f: Data file object
- :return:
- """
- for line in data_f:
- line = line.strip()
- if not line:
- continue
- # Read test name
- name = line
-
- # Check dependencies
- dependencies = []
- line = next(data_f).strip()
- match = re.search('depends_on:(.*)', line)
- if match:
- dependencies = [int(x) for x in match.group(1).split(':')]
- line = next(data_f).strip()
-
- # Read test vectors
- line = line.replace('\\n', '\n')
- parts = self.__escaped_split(line, ':')
- function_name = int(parts[0])
- args = parts[1:]
- args_count = len(args)
- if args_count % 2 != 0:
- err_str_fmt = "Number of test arguments({}) should be even: {}"
- raise TestDataParserError(err_str_fmt.format(args_count, line))
- grouped_args = [(args[i * 2], args[(i * 2) + 1])
- for i in range(int(len(args)/2))]
- self.tests.append((name, function_name, dependencies,
- grouped_args))
-
- def get_test_data(self):
- """
- Returns test data.
- """
- return self.tests
-
-
-class MbedTlsTest(BaseHostTest):
- """
- Host test for Mbed TLS unit tests. This script is loaded at
- run time by Greentea for executing Mbed TLS test suites. Each
- communication from the target is received in this object as
- an event, which is then handled by the event handler method
- decorated by the associated event. Ex: @event_callback('GO').
-
- Target test sends requests for dispatching next test. It reads
- tests from the intermediate data file and sends test function
- identifier, dependency identifiers, expression identifiers and
- the test data in binary form. Target test checks dependencies
- , evaluate integer constant expressions and dispatches the test
- function with received test parameters. After test function is
- finished, target sends the result. This class handles the result
- event and prints verdict in the form that Greentea understands.
-
- """
- # status/error codes from suites/helpers.function
- DEPENDENCY_SUPPORTED = 0
- KEY_VALUE_MAPPING_FOUND = DEPENDENCY_SUPPORTED
- DISPATCH_TEST_SUCCESS = DEPENDENCY_SUPPORTED
-
- KEY_VALUE_MAPPING_NOT_FOUND = -1 # Expression Id not found.
- DEPENDENCY_NOT_SUPPORTED = -2 # Dependency not supported.
- DISPATCH_TEST_FN_NOT_FOUND = -3 # Test function not found.
- DISPATCH_INVALID_TEST_DATA = -4 # Invalid parameter type.
- DISPATCH_UNSUPPORTED_SUITE = -5 # Test suite not supported/enabled.
-
- def __init__(self):
- """
- Constructor initialises test index to 0.
- """
- super(MbedTlsTest, self).__init__()
- self.tests = []
- self.test_index = -1
- self.dep_index = 0
- self.suite_passed = True
- self.error_str = dict()
- self.error_str[self.DEPENDENCY_SUPPORTED] = \
- 'DEPENDENCY_SUPPORTED'
- self.error_str[self.KEY_VALUE_MAPPING_NOT_FOUND] = \
- 'KEY_VALUE_MAPPING_NOT_FOUND'
- self.error_str[self.DEPENDENCY_NOT_SUPPORTED] = \
- 'DEPENDENCY_NOT_SUPPORTED'
- self.error_str[self.DISPATCH_TEST_FN_NOT_FOUND] = \
- 'DISPATCH_TEST_FN_NOT_FOUND'
- self.error_str[self.DISPATCH_INVALID_TEST_DATA] = \
- 'DISPATCH_INVALID_TEST_DATA'
- self.error_str[self.DISPATCH_UNSUPPORTED_SUITE] = \
- 'DISPATCH_UNSUPPORTED_SUITE'
-
- def setup(self):
- """
- Setup hook implementation. Reads test suite data file and parses out
- tests.
- """
- binary_path = self.get_config_item('image_path')
- script_dir = os.path.split(os.path.abspath(__file__))[0]
- suite_name = os.path.splitext(os.path.basename(binary_path))[0]
- data_file = ".".join((suite_name, 'datax'))
- data_file = os.path.join(script_dir, '..', 'mbedtls',
- suite_name, data_file)
- if os.path.exists(data_file):
- self.log("Running tests from %s" % data_file)
- parser = TestDataParser()
- parser.parse(data_file)
- self.tests = parser.get_test_data()
- self.print_test_info()
- else:
- self.log("Data file not found: %s" % data_file)
- self.notify_complete(False)
-
- def print_test_info(self):
- """
- Prints test summary read by Greentea to detect test cases.
- """
- self.log('{{__testcase_count;%d}}' % len(self.tests))
- for name, _, _, _ in self.tests:
- self.log('{{__testcase_name;%s}}' % name)
-
- @staticmethod
- def align_32bit(data_bytes):
- """
- 4 byte aligns input byte array.
-
- :return:
- """
- data_bytes += bytearray((4 - (len(data_bytes))) % 4)
-
- @staticmethod
- def hex_str_bytes(hex_str):
- """
- Converts Hex string representation to byte array
-
- :param hex_str: Hex in string format.
- :return: Output Byte array
- """
- if hex_str[0] != '"' or hex_str[len(hex_str) - 1] != '"':
- raise TestDataParserError("HEX test parameter missing '\"':"
- " %s" % hex_str)
- hex_str = hex_str.strip('"')
- if len(hex_str) % 2 != 0:
- raise TestDataParserError("HEX parameter len should be mod of "
- "2: %s" % hex_str)
-
- data_bytes = binascii.unhexlify(hex_str)
- return data_bytes
-
- @staticmethod
- def int32_to_big_endian_bytes(i):
- """
- Coverts i to byte array in big endian format.
-
- :param i: Input integer
- :return: Output bytes array in big endian or network order
- """
- data_bytes = bytearray([((i >> x) & 0xff) for x in [24, 16, 8, 0]])
- return data_bytes
-
- def test_vector_to_bytes(self, function_id, dependencies, parameters):
- """
- Converts test vector into a byte array that can be sent to the target.
-
- :param function_id: Test Function Identifier
- :param dependencies: Dependency list
- :param parameters: Test function input parameters
- :return: Byte array and its length
- """
- data_bytes = bytearray([len(dependencies)])
- if dependencies:
- data_bytes += bytearray(dependencies)
- data_bytes += bytearray([function_id, len(parameters)])
- for typ, param in parameters:
- if typ in ('int', 'exp'):
- i = int(param, 0)
- data_bytes += b'I' if typ == 'int' else b'E'
- self.align_32bit(data_bytes)
- data_bytes += self.int32_to_big_endian_bytes(i)
- elif typ == 'char*':
- param = param.strip('"')
- i = len(param) + 1 # + 1 for null termination
- data_bytes += b'S'
- self.align_32bit(data_bytes)
- data_bytes += self.int32_to_big_endian_bytes(i)
- data_bytes += bytearray(param, encoding='ascii')
- data_bytes += b'\0' # Null terminate
- elif typ == 'hex':
- binary_data = self.hex_str_bytes(param)
- data_bytes += b'H'
- self.align_32bit(data_bytes)
- i = len(binary_data)
- data_bytes += self.int32_to_big_endian_bytes(i)
- data_bytes += binary_data
- length = self.int32_to_big_endian_bytes(len(data_bytes))
- return data_bytes, length
-
- def run_next_test(self):
- """
- Fetch next test information and execute the test.
-
- """
- self.test_index += 1
- self.dep_index = 0
- if self.test_index < len(self.tests):
- name, function_id, dependencies, args = self.tests[self.test_index]
- self.run_test(name, function_id, dependencies, args)
- else:
- self.notify_complete(self.suite_passed)
-
- def run_test(self, name, function_id, dependencies, args):
- """
- Execute the test on target by sending next test information.
-
- :param name: Test name
- :param function_id: function identifier
- :param dependencies: Dependencies list
- :param args: test parameters
- :return:
- """
- self.log("Running: %s" % name)
-
- param_bytes, length = self.test_vector_to_bytes(function_id,
- dependencies, args)
- self.send_kv(
- ''.join('{:02x}'.format(x) for x in length),
- ''.join('{:02x}'.format(x) for x in param_bytes)
- )
-
- @staticmethod
- def get_result(value):
- """
- Converts result from string type to integer
- :param value: Result code in string
- :return: Integer result code. Value is from the test status
- constants defined under the MbedTlsTest class.
- """
- try:
- return int(value)
- except ValueError:
- ValueError("Result should return error number. "
- "Instead received %s" % value)
-
- @event_callback('GO')
- def on_go(self, _key, _value, _timestamp):
- """
- Sent by the target to start first test.
-
- :param _key: Event key
- :param _value: Value. ignored
- :param _timestamp: Timestamp ignored.
- :return:
- """
- self.run_next_test()
-
- @event_callback("R")
- def on_result(self, _key, value, _timestamp):
- """
- Handle result. Prints test start, finish required by Greentea
- to detect test execution.
-
- :param _key: Event key
- :param value: Value. ignored
- :param _timestamp: Timestamp ignored.
- :return:
- """
- int_val = self.get_result(value)
- name, _, _, _ = self.tests[self.test_index]
- self.log('{{__testcase_start;%s}}' % name)
- self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0,
- int_val != 0))
- if int_val != 0:
- self.suite_passed = False
- self.run_next_test()
-
- @event_callback("F")
- def on_failure(self, _key, value, _timestamp):
- """
- Handles test execution failure. That means dependency not supported or
- Test function not supported. Hence marking test as skipped.
-
- :param _key: Event key
- :param value: Value. ignored
- :param _timestamp: Timestamp ignored.
- :return:
- """
- int_val = self.get_result(value)
- if int_val in self.error_str:
- err = self.error_str[int_val]
- else:
- err = 'Unknown error'
- # For skip status, do not write {{__testcase_finish;...}}
- self.log("Error: %s" % err)
- self.run_next_test()
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index bf6c1d9..c53e4fc 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -113,6 +113,31 @@
mbedtls_test_info.test = 0;
mbedtls_test_info.line_no = 0;
mbedtls_test_info.filename = 0;
+ memset( mbedtls_test_info.line1, 0, sizeof( mbedtls_test_info.line1 ) );
+ memset( mbedtls_test_info.line2, 0, sizeof( mbedtls_test_info.line2 ) );
+}
+
+int mbedtls_test_equal( const char *test, int line_no, const char* filename,
+ unsigned long long value1, unsigned long long value2 )
+{
+ if( value1 == value2 )
+ return( 1 );
+ if( mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED )
+ {
+ /* We've already recorded the test as having failed. Don't
+ * overwrite any previous information about the failure. */
+ return( 0 );
+ }
+ mbedtls_test_fail( test, line_no, filename );
+ (void) mbedtls_snprintf( mbedtls_test_info.line1,
+ sizeof( mbedtls_test_info.line1 ),
+ "lhs = 0x%016llx = %lld",
+ value1, (long long) value1 );
+ (void) mbedtls_snprintf( mbedtls_test_info.line2,
+ sizeof( mbedtls_test_info.line2 ),
+ "rhs = 0x%016llx = %lld",
+ value2, (long long) value2 );
+ return( 0 );
}
int mbedtls_test_unhexify( unsigned char *obuf,
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index e4e55c9..923d2c1 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -663,7 +663,7 @@
TEST_EQUAL( mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_SEQUENCE |
MBEDTLS_ASN1_CONSTRUCTED ), 0 );
- TEST_EQUAL( p + len, end );
+ TEST_EQUAL( len, end - p );
if( ! mbedtls_test_asn1_skip_integer( &p, end, 0, 0, 0 ) )
goto exit;
if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
@@ -684,7 +684,7 @@
goto exit;
if( ! mbedtls_test_asn1_skip_integer( &p, end, 1, bits / 2 + 1, 0 ) )
goto exit;
- TEST_EQUAL( p, end );
+ TEST_EQUAL( p - end, 0 );
TEST_ASSERT( exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE );
}
@@ -716,12 +716,12 @@
MBEDTLS_ASN1_SEQUENCE |
MBEDTLS_ASN1_CONSTRUCTED ),
0 );
- TEST_EQUAL( p + len, end );
+ TEST_EQUAL( len, end - p );
if( ! mbedtls_test_asn1_skip_integer( &p, end, bits, bits, 1 ) )
goto exit;
if( ! mbedtls_test_asn1_skip_integer( &p, end, 2, bits, 1 ) )
goto exit;
- TEST_EQUAL( p, end );
+ TEST_EQUAL( p - end, 0 );
TEST_ASSERT( exported_length <=
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f17f2fd..6f25cff 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -77,6 +77,14 @@
O_LEGACY_CLI=false
fi
+if [ -n "${OPENSSL_NEXT:-}" ]; then
+ O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key"
+ O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
+else
+ O_NEXT_SRV=false
+ O_NEXT_CLI=false
+fi
+
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
else
@@ -355,6 +363,19 @@
fi
}
+requires_openssl_next() {
+ if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
+ if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
+ OPENSSL_NEXT_AVAILABLE="YES"
+ else
+ OPENSSL_NEXT_AVAILABLE="NO"
+ fi
+ fi
+ if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
+ SKIP_NEXT="YES"
+ fi
+}
+
# skip next test if IPv6 isn't available on this host
requires_ipv6() {
if [ -z "${HAS_IPV6:-}" ]; then
@@ -464,6 +485,32 @@
fi
}
+# True if the presence of the given pattern in a log definitely indicates
+# that the test has failed. False if the presence is inconclusive.
+#
+# Inputs:
+# * $1: pattern found in the logs
+# * $TIMES_LEFT: >0 if retrying is an option
+#
+# Outputs:
+# * $outcome: set to a retry reason if the pattern is inconclusive,
+# unchanged otherwise.
+# * Return value: 1 if the pattern is inconclusive,
+# 0 if the failure is definitive.
+log_pattern_presence_is_conclusive() {
+ # If we've run out of attempts, then don't retry no matter what.
+ if [ $TIMES_LEFT -eq 0 ]; then
+ return 0
+ fi
+ case $1 in
+ "resend")
+ # An undesired resend may have been caused by the OS dropping or
+ # delaying a packet at an inopportune time.
+ outcome="RETRY(resend)"
+ return 1;;
+ esac
+}
+
# fail <message>
fail() {
record_outcome "FAIL" "$1"
@@ -538,6 +585,8 @@
# Wait for process $2 named $3 to be listening on port $1. Print error to $4.
if type lsof >/dev/null 2>/dev/null; then
wait_app_start() {
+ newline='
+'
START_TIME=$(date +%s)
if [ "$DTLS" -eq 1 ]; then
proto=UDP
@@ -545,7 +594,15 @@
proto=TCP
fi
# Make a tight loop, server normally takes less than 1s to start.
- while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
+ while true; do
+ SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p)
+ # When we use a proxy, it will be listening on the same port we
+ # are checking for as well as the server and lsof will list both.
+ # If multiple PIDs are returned, each one will be on a separate
+ # line, each prepended with 'p'.
+ case ${newline}${SERVER_PIDS}${newline} in
+ *${newline}p${2}${newline}*) break;;
+ esac
if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
echo "$3 START TIMEOUT"
echo "$3 START TIMEOUT" >> $4
@@ -665,7 +722,7 @@
# check if the given command uses dtls and sets global variable DTLS
detect_dtls() {
case "$1" in
- *dtls=1*|-dtls|-u) DTLS=1;;
+ *dtls=1*|*-dtls*|*-u*) DTLS=1;;
*) DTLS=0;;
esac
}
@@ -702,6 +759,267 @@
fi
}
+# Analyze the commands that will be used in a test.
+#
+# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass
+# extra arguments or go through wrappers.
+# Set $DTLS (0=TLS, 1=DTLS).
+analyze_test_commands() {
+ # update DTLS variable
+ detect_dtls "$SRV_CMD"
+
+ # if the test uses DTLS but no custom proxy, add a simple proxy
+ # as it provides timing info that's useful to debug failures
+ if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then
+ PXY_CMD="$P_PXY"
+ case " $SRV_CMD " in
+ *' server_addr=::1 '*)
+ PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";;
+ esac
+ fi
+
+ # update CMD_IS_GNUTLS variable
+ is_gnutls "$SRV_CMD"
+
+ # if the server uses gnutls but doesn't set priority, explicitly
+ # set the default priority
+ if [ "$CMD_IS_GNUTLS" -eq 1 ]; then
+ case "$SRV_CMD" in
+ *--priority*) :;;
+ *) SRV_CMD="$SRV_CMD --priority=NORMAL";;
+ esac
+ fi
+
+ # update CMD_IS_GNUTLS variable
+ is_gnutls "$CLI_CMD"
+
+ # if the client uses gnutls but doesn't set priority, explicitly
+ # set the default priority
+ if [ "$CMD_IS_GNUTLS" -eq 1 ]; then
+ case "$CLI_CMD" in
+ *--priority*) :;;
+ *) CLI_CMD="$CLI_CMD --priority=NORMAL";;
+ esac
+ fi
+
+ # fix client port
+ if [ -n "$PXY_CMD" ]; then
+ CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
+ else
+ CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
+ fi
+
+ # prepend valgrind to our commands if active
+ if [ "$MEMCHECK" -gt 0 ]; then
+ if is_polar "$SRV_CMD"; then
+ SRV_CMD="valgrind --leak-check=full $SRV_CMD"
+ fi
+ if is_polar "$CLI_CMD"; then
+ CLI_CMD="valgrind --leak-check=full $CLI_CMD"
+ fi
+ fi
+}
+
+# Check for failure conditions after a test case.
+#
+# Inputs from run_test:
+# * positional parameters: test options (see run_test documentation)
+# * $CLI_EXIT: client return code
+# * $CLI_EXPECT: expected client return code
+# * $SRV_RET: server return code
+# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs
+# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed
+#
+# Outputs:
+# * $outcome: one of PASS/RETRY*/FAIL
+check_test_failure() {
+ outcome=FAIL
+
+ if [ $TIMES_LEFT -gt 0 ] &&
+ grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null
+ then
+ outcome="RETRY(client-timeout)"
+ return
+ fi
+
+ # check if the client and server went at least to the handshake stage
+ # (useful to avoid tests with only negative assertions and non-zero
+ # expected client exit to incorrectly succeed in case of catastrophic
+ # failure)
+ if is_polar "$SRV_CMD"; then
+ if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
+ else
+ fail "server or client failed to reach handshake stage"
+ return
+ fi
+ fi
+ if is_polar "$CLI_CMD"; then
+ if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
+ else
+ fail "server or client failed to reach handshake stage"
+ return
+ fi
+ fi
+
+ # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't
+ # exit with status 0 when interrupted by a signal, and we don't really
+ # care anyway), in case e.g. the server reports a memory leak.
+ if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then
+ fail "Server exited with status $SRV_RET"
+ return
+ fi
+
+ # check client exit code
+ if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
+ \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
+ then
+ fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)"
+ return
+ fi
+
+ # check other assertions
+ # lines beginning with == are added by valgrind, ignore them
+ # lines with 'Serious error when reading debug info', are valgrind issues as well
+ while [ $# -gt 0 ]
+ do
+ case $1 in
+ "-s")
+ if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
+ fail "pattern '$2' MUST be present in the Server output"
+ return
+ fi
+ ;;
+
+ "-c")
+ if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
+ fail "pattern '$2' MUST be present in the Client output"
+ return
+ fi
+ ;;
+
+ "-S")
+ if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
+ if log_pattern_presence_is_conclusive "$2"; then
+ fail "pattern '$2' MUST NOT be present in the Server output"
+ fi
+ return
+ fi
+ ;;
+
+ "-C")
+ if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
+ if log_pattern_presence_is_conclusive "$2"; then
+ fail "pattern '$2' MUST NOT be present in the Client output"
+ fi
+ return
+ fi
+ ;;
+
+ # The filtering in the following two options (-u and -U) do the following
+ # - ignore valgrind output
+ # - filter out everything but lines right after the pattern occurrences
+ # - keep one of each non-unique line
+ # - count how many lines remain
+ # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
+ # if there were no duplicates.
+ "-U")
+ if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
+ fail "lines following pattern '$2' must be unique in Server output"
+ return
+ fi
+ ;;
+
+ "-u")
+ if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
+ fail "lines following pattern '$2' must be unique in Client output"
+ return
+ fi
+ ;;
+ "-F")
+ if ! $2 "$SRV_OUT"; then
+ fail "function call to '$2' failed on Server output"
+ return
+ fi
+ ;;
+ "-f")
+ if ! $2 "$CLI_OUT"; then
+ fail "function call to '$2' failed on Client output"
+ return
+ fi
+ ;;
+ "-g")
+ if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then
+ fail "function call to '$2' failed on Server and Client output"
+ return
+ fi
+ ;;
+
+ *)
+ echo "Unknown test: $1" >&2
+ exit 1
+ esac
+ shift 2
+ done
+
+ # check valgrind's results
+ if [ "$MEMCHECK" -gt 0 ]; then
+ if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
+ fail "Server has memory errors"
+ return
+ fi
+ if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
+ fail "Client has memory errors"
+ return
+ fi
+ fi
+
+ # if we're here, everything is ok
+ outcome=PASS
+}
+
+# Run the current test case: start the server and if applicable the proxy, run
+# the client, wait for all processes to finish or time out.
+#
+# Inputs:
+# * $NAME: test case name
+# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run
+# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs
+#
+# Outputs:
+# * $CLI_EXIT: client return code
+# * $SRV_RET: server return code
+do_run_test_once() {
+ # run the commands
+ if [ -n "$PXY_CMD" ]; then
+ printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT
+ $PXY_CMD >> $PXY_OUT 2>&1 &
+ PXY_PID=$!
+ wait_proxy_start "$PXY_PORT" "$PXY_PID"
+ fi
+
+ check_osrv_dtls
+ printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
+ provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
+ SRV_PID=$!
+ wait_server_start "$SRV_PORT" "$SRV_PID"
+
+ printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
+ eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
+ wait_client_done
+
+ sleep 0.05
+
+ # terminate the server (and the proxy)
+ kill $SRV_PID
+ wait $SRV_PID
+ SRV_RET=$?
+
+ if [ -n "$PXY_CMD" ]; then
+ kill $PXY_PID >/dev/null 2>&1
+ wait $PXY_PID
+ fi
+}
+
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
# Options: -s pattern pattern that must be present in server output
# -c pattern pattern that must be present in client output
@@ -764,230 +1082,23 @@
return
fi
- # update DTLS variable
- detect_dtls "$SRV_CMD"
-
- # if the test uses DTLS but no custom proxy, add a simple proxy
- # as it provides timing info that's useful to debug failures
- if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then
- PXY_CMD="$P_PXY"
- case " $SRV_CMD " in
- *' server_addr=::1 '*)
- PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";;
- esac
- fi
-
- # update CMD_IS_GNUTLS variable
- is_gnutls "$SRV_CMD"
-
- # if the server uses gnutls but doesn't set priority, explicitly
- # set the default priority
- if [ "$CMD_IS_GNUTLS" -eq 1 ]; then
- case "$SRV_CMD" in
- *--priority*) :;;
- *) SRV_CMD="$SRV_CMD --priority=NORMAL";;
- esac
- fi
-
- # update CMD_IS_GNUTLS variable
- is_gnutls "$CLI_CMD"
-
- # if the client uses gnutls but doesn't set priority, explicitly
- # set the default priority
- if [ "$CMD_IS_GNUTLS" -eq 1 ]; then
- case "$CLI_CMD" in
- *--priority*) :;;
- *) CLI_CMD="$CLI_CMD --priority=NORMAL";;
- esac
- fi
-
- # fix client port
- if [ -n "$PXY_CMD" ]; then
- CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
- else
- CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
- fi
-
- # prepend valgrind to our commands if active
- if [ "$MEMCHECK" -gt 0 ]; then
- if is_polar "$SRV_CMD"; then
- SRV_CMD="valgrind --leak-check=full $SRV_CMD"
- fi
- if is_polar "$CLI_CMD"; then
- CLI_CMD="valgrind --leak-check=full $CLI_CMD"
- fi
- fi
+ analyze_test_commands "$@"
TIMES_LEFT=2
while [ $TIMES_LEFT -gt 0 ]; do
TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
- # run the commands
- if [ -n "$PXY_CMD" ]; then
- printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT
- $PXY_CMD >> $PXY_OUT 2>&1 &
- PXY_PID=$!
- wait_proxy_start "$PXY_PORT" "$PXY_PID"
- fi
+ do_run_test_once
- check_osrv_dtls
- printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
- provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
- SRV_PID=$!
- wait_server_start "$SRV_PORT" "$SRV_PID"
-
- printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
- eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
- wait_client_done
-
- sleep 0.05
-
- # terminate the server (and the proxy)
- kill $SRV_PID
- wait $SRV_PID
- SRV_RET=$?
-
- if [ -n "$PXY_CMD" ]; then
- kill $PXY_PID >/dev/null 2>&1
- wait $PXY_PID
- fi
-
- # retry only on timeouts
- if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
- printf "RETRY "
- else
- TIMES_LEFT=0
- fi
- done
-
- # check if the client and server went at least to the handshake stage
- # (useful to avoid tests with only negative assertions and non-zero
- # expected client exit to incorrectly succeed in case of catastrophic
- # failure)
- if is_polar "$SRV_CMD"; then
- if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
- else
- fail "server or client failed to reach handshake stage"
- return
- fi
- fi
- if is_polar "$CLI_CMD"; then
- if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
- else
- fail "server or client failed to reach handshake stage"
- return
- fi
- fi
-
- # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't
- # exit with status 0 when interrupted by a signal, and we don't really
- # care anyway), in case e.g. the server reports a memory leak.
- if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then
- fail "Server exited with status $SRV_RET"
- return
- fi
-
- # check client exit code
- if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
- \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
- then
- fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)"
- return
- fi
-
- # check other assertions
- # lines beginning with == are added by valgrind, ignore them
- # lines with 'Serious error when reading debug info', are valgrind issues as well
- while [ $# -gt 0 ]
- do
- case $1 in
- "-s")
- if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
- fail "pattern '$2' MUST be present in the Server output"
- return
- fi
- ;;
-
- "-c")
- if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
- fail "pattern '$2' MUST be present in the Client output"
- return
- fi
- ;;
-
- "-S")
- if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
- fail "pattern '$2' MUST NOT be present in the Server output"
- return
- fi
- ;;
-
- "-C")
- if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
- fail "pattern '$2' MUST NOT be present in the Client output"
- return
- fi
- ;;
-
- # The filtering in the following two options (-u and -U) do the following
- # - ignore valgrind output
- # - filter out everything but lines right after the pattern occurrences
- # - keep one of each non-unique line
- # - count how many lines remain
- # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
- # if there were no duplicates.
- "-U")
- if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
- fail "lines following pattern '$2' must be unique in Server output"
- return
- fi
- ;;
-
- "-u")
- if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
- fail "lines following pattern '$2' must be unique in Client output"
- return
- fi
- ;;
- "-F")
- if ! $2 "$SRV_OUT"; then
- fail "function call to '$2' failed on Server output"
- return
- fi
- ;;
- "-f")
- if ! $2 "$CLI_OUT"; then
- fail "function call to '$2' failed on Client output"
- return
- fi
- ;;
- "-g")
- if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then
- fail "function call to '$2' failed on Server and Client output"
- return
- fi
- ;;
-
- *)
- echo "Unknown test: $1" >&2
- exit 1
+ check_test_failure "$@"
+ case $outcome in
+ PASS) break;;
+ RETRY*) printf "$outcome ";;
+ FAIL) return;;
esac
- shift 2
done
- # check valgrind's results
- if [ "$MEMCHECK" -gt 0 ]; then
- if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
- fail "Server has memory errors"
- return
- fi
- if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
- fail "Client has memory errors"
- return
- fi
- fi
-
- # if we're here, everything is ok
+ # If we get this far, the test case passed.
record_outcome "PASS"
if [ "$PRESERVE_LOGS" -gt 0 ]; then
mv $SRV_OUT o-srv-${TESTS}.log
@@ -1212,17 +1323,24 @@
# fix commands to use this port, force IPv4 while at it
# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
+# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
+# machines that will resolve to ::1, and we don't want ipv6 here.
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
O_SRV="$O_SRV -accept $SRV_PORT"
-O_CLI="$O_CLI -connect localhost:+SRV_PORT"
+O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT"
if [ -n "${OPENSSL_LEGACY:-}" ]; then
O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
- O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
+ O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT"
+fi
+
+if [ -n "${OPENSSL_NEXT:-}" ]; then
+ O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
+ O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
@@ -2938,10 +3056,13 @@
-c "parse new session ticket" \
-c "a session has been resumed"
+# For reasons that aren't fully understood, this test randomly fails with high
+# probability with OpenSSL 1.0.2g on the CI, see #5012.
+requires_openssl_next
run_test "Session resume using tickets, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=1" \
- "( $O_CLI -dtls1 -sess_out $SESSION; \
- $O_CLI -dtls1 -sess_in $SESSION; \
+ "( $O_NEXT_CLI -dtls1 -sess_out $SESSION; \
+ $O_NEXT_CLI -dtls1 -sess_in $SESSION; \
rm -f $SESSION )" \
0 \
-s "found session ticket extension" \
@@ -3138,10 +3259,13 @@
-s "a session has been resumed" \
-c "a session has been resumed"
+# For reasons that aren't fully understood, this test randomly fails with high
+# probability with OpenSSL 1.0.2g on the CI, see #5012.
+requires_openssl_next
run_test "Session resume using cache, DTLS: openssl client" \
"$P_SRV dtls=1 debug_level=3 tickets=0" \
- "( $O_CLI -dtls1 -sess_out $SESSION; \
- $O_CLI -dtls1 -sess_in $SESSION; \
+ "( $O_NEXT_CLI -dtls1 -sess_out $SESSION; \
+ $O_NEXT_CLI -dtls1 -sess_in $SESSION; \
rm -f $SESSION )" \
0 \
-s "found session ticket extension" \
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index a5fd717..17926eb 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -778,6 +778,12 @@
mbedtls_fprintf( stdout, "line %d, %s",
mbedtls_test_info.line_no,
mbedtls_test_info.filename );
+ if( mbedtls_test_info.line1[0] != 0 )
+ mbedtls_fprintf( stdout, "\n %s",
+ mbedtls_test_info.line1 );
+ if( mbedtls_test_info.line2[0] != 0 )
+ mbedtls_fprintf( stdout, "\n %s",
+ mbedtls_test_info.line2 );
}
fflush( stdout );
}
diff --git a/tests/suites/target_test.function b/tests/suites/target_test.function
deleted file mode 100644
index 637a79d..0000000
--- a/tests/suites/target_test.function
+++ /dev/null
@@ -1,449 +0,0 @@
-#line 2 "suites/target_test.function"
-
-#include "greentea-client/test_env.h"
-
-/**
- * \brief Increments pointer and asserts that it does not overflow.
- *
- * \param p Pointer to byte array
- * \param start Pointer to start of byte array
- * \param len Length of byte array
- * \param step Increment size
- *
- */
-#define INCR_ASSERT(p, start, len, step) do \
-{ \
- TEST_HELPER_ASSERT( ( p ) >= ( start ) ); \
- TEST_HELPER_ASSERT( sizeof( *( p ) ) == sizeof( *( start ) ) ); \
- /* <= is checked to support use inside a loop where \
- pointer is incremented after reading data. */ \
- TEST_HELPER_ASSERT( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\
- ( p ) += ( step ); \
-} \
-while( 0 )
-
-
-/**
- * \brief 4 byte align unsigned char pointer
- *
- * \param p Pointer to byte array
- * \param start Pointer to start of byte array
- * \param len Length of byte array
- *
- */
-#define ALIGN_32BIT(p, start, len) do \
-{ \
- uint32_t align = ( - (uintptr_t)( p ) ) % 4; \
- INCR_ASSERT( ( p ), ( start ), ( len ), align );\
-} \
-while( 0 )
-
-
-/**
- * \brief Verify dependencies. Dependency identifiers are
- * encoded in the buffer as 8 bit unsigned integers.
- *
- * \param count Number of dependencies.
- * \param dep_p Pointer to buffer.
- *
- * \return DEPENDENCY_SUPPORTED if success else DEPENDENCY_NOT_SUPPORTED.
- */
-int verify_dependencies( uint8_t count, uint8_t * dep_p )
-{
- uint8_t i;
- for ( i = 0; i < count; i++ )
- {
- if ( dep_check( (int)(dep_p[i]) ) != DEPENDENCY_SUPPORTED )
- return( DEPENDENCY_NOT_SUPPORTED );
- }
- return( DEPENDENCY_SUPPORTED );
-}
-
-/**
- * \brief Receives hex string on serial interface, and converts to a byte.
- *
- * \param none
- *
- * \return unsigned int8
- */
-uint8_t receive_byte()
-{
- uint8_t byte;
- uint8_t c[3];
- size_t len;
-
- c[0] = greentea_getc();
- c[1] = greentea_getc();
- c[2] = '\0';
-
- TEST_HELPER_ASSERT( mbedtls_test_unhexify( &byte, sizeof( byte ),
- c, &len ) == 0 );
- TEST_HELPER_ASSERT( len != 2 );
-
- return( byte );
-}
-
-/**
- * \brief Receives unsigned integer on serial interface.
- * Integers are encoded in network order, and sent as hex ascii string.
- *
- * \param none
- *
- * \return unsigned int
- */
-uint32_t receive_uint32()
-{
- uint32_t value;
- size_t len;
- const uint8_t c_be[8] = { greentea_getc(),
- greentea_getc(),
- greentea_getc(),
- greentea_getc(),
- greentea_getc(),
- greentea_getc(),
- greentea_getc(),
- greentea_getc()
- };
- const uint8_t c[9] = { c_be[6], c_be[7], c_be[4], c_be[5], c_be[2],
- c_be[3], c_be[0], c_be[1], '\0' };
-
- TEST_HELPER_ASSERT( mbedtls_test_unhexify( (uint8_t*)&value, sizeof( value ),
- c, &len ) == 0 );
- TEST_HELPER_ASSERT( len != 8 );
-
- return( value );
-}
-
-/**
- * \brief Parses out an unsigned 32 int value from the byte array.
- * Integers are encoded in network order.
- *
- * \param p Pointer to byte array
- *
- * \return unsigned int
- */
-uint32_t parse_uint32( uint8_t * p )
-{
- uint32_t value;
- value = *p++ << 24;
- value |= *p++ << 16;
- value |= *p++ << 8;
- value |= *p;
- return( value );
-}
-
-
-/**
- * \brief Receives test data on serial as greentea key,value pair:
- * {{<length>;<byte array>}}
- *
- * \param data_len Out pointer to hold received data length.
- *
- * \return Byte array.
- */
-uint8_t * receive_data( uint32_t * data_len )
-{
- uint32_t i = 0, errors = 0;
- char c;
- uint8_t * data = NULL;
-
- /* Read opening braces */
- i = 0;
- while ( i < 2 )
- {
- c = greentea_getc();
- /* Ignore any prevous CR LF characters */
- if ( c == '\n' || c == '\r' )
- continue;
- i++;
- if ( c != '{' )
- return( NULL );
- }
-
- /* Read data length */
- *data_len = receive_uint32();
- data = (uint8_t *)malloc( *data_len );
- TEST_HELPER_ASSERT( data != NULL );
-
- greentea_getc(); // read ';' received after key i.e. *data_len
-
- for( i = 0; i < *data_len; i++ )
- data[i] = receive_byte();
-
- /* Read closing braces */
- for( i = 0; i < 2; i++ )
- {
- c = greentea_getc();
- if ( c != '}' )
- {
- errors++;
- break;
- }
- }
-
- if ( errors )
- {
- free( data );
- data = NULL;
- *data_len = 0;
- }
-
- return( data );
-}
-
-/**
- * \brief Parse the received byte array and count the number of arguments
- * to the test function passed as type hex.
- *
- * \param count Parameter count
- * \param data Received Byte array
- * \param data_len Byte array length
- *
- * \return count of hex params
- */
-uint32_t find_hex_count( uint8_t count, uint8_t * data, uint32_t data_len )
-{
- uint32_t i = 0, sz = 0;
- char c;
- uint8_t * p = NULL;
- uint32_t hex_count = 0;
-
- p = data;
-
- for( i = 0; i < count; i++ )
- {
- c = (char)*p;
- INCR_ASSERT( p, data, data_len, 1 );
-
- /* Align p to 4 bytes for int, expression, string len or hex length */
- ALIGN_32BIT( p, data, data_len );
-
- /* Network to host conversion */
- sz = (int32_t)parse_uint32( p );
-
- INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
-
- if ( c == 'H' || c == 'S' )
- {
- INCR_ASSERT( p, data, data_len, sz );
- hex_count += ( c == 'H' )?1:0;
- }
- }
-
- return( hex_count );
-}
-
-/**
- * \brief Parses received byte array for test parameters.
- *
- * \param count Parameter count
- * \param data Received Byte array
- * \param data_len Byte array length
- * \param error Parsing error out variable.
- *
- * \return Array of parsed parameters allocated on heap.
- * Note: Caller has the responsibility to delete
- * the memory after use.
- */
-void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len,
- int * error )
-{
- uint32_t i = 0, hex_count = 0;
- char c;
- void ** params = NULL;
- void ** cur = NULL;
- uint8_t * p = NULL;
-
- hex_count = find_hex_count(count, data, data_len);
-
- params = (void **)malloc( sizeof( void *) * ( count + hex_count ) );
- TEST_HELPER_ASSERT( params != NULL );
- cur = params;
-
- p = data;
-
- /* Parameters */
- for( i = 0; i < count; i++ )
- {
- c = (char)*p;
- INCR_ASSERT( p, data, data_len, 1 );
-
- /* Align p to 4 bytes for int, expression, string len or hex length */
- ALIGN_32BIT( p, data, data_len );
-
- /* Network to host conversion */
- *( (int32_t *)p ) = (int32_t)parse_uint32( p );
-
- switch( c )
- {
- case 'E':
- {
- if ( get_expression( *( (int32_t *)p ), (int32_t *)p ) )
- {
- *error = KEY_VALUE_MAPPING_NOT_FOUND;
- goto exit;
- }
- } /* Intentional fall through */
- case 'I':
- {
- *cur++ = (void *)p;
- INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
- }
- break;
- case 'H': /* Intentional fall through */
- case 'S':
- {
- uint32_t * sz = (uint32_t *)p;
- INCR_ASSERT( p, data, data_len, sizeof( int32_t ) );
- *cur++ = (void *)p;
- if ( c == 'H' )
- *cur++ = (void *)sz;
- INCR_ASSERT( p, data, data_len, ( *sz ) );
- }
- break;
- default:
- {
- *error = DISPATCH_INVALID_TEST_DATA;
- goto exit;
- }
- break;
- }
- }
-
-exit:
- if ( *error )
- {
- free( params );
- params = NULL;
- }
-
- return( params );
-}
-
-/**
- * \brief Sends greentea key and int value pair to host.
- *
- * \param key key string
- * \param value integer value
- *
- * \return void
- */
-void send_key_integer( char * key, int value )
-{
- char str[50];
- snprintf( str, sizeof( str ), "%d", value );
- greentea_send_kv( key, str );
-}
-
-/**
- * \brief Sends test setup failure to the host.
- *
- * \param failure Test set failure
- *
- * \return void
- */
-void send_failure( int failure )
-{
- send_key_integer( "F", failure );
-}
-
-/**
- * \brief Sends test status to the host.
- *
- * \param status Test status (PASS=0/FAIL=!0)
- *
- * \return void
- */
-void send_status( int status )
-{
- send_key_integer( "R", status );
-}
-
-
-/**
- * \brief Embedded implementation of execute_tests().
- * Ignores command line and received test data
- * on serial.
- *
- * \param argc not used
- * \param argv not used
- *
- * \return Program exit status.
- */
-int execute_tests( int args, const char ** argv )
-{
- int ret = 0;
- uint32_t data_len = 0;
- uint8_t count = 0, function_id;
- void ** params = NULL;
- uint8_t * data = NULL, * p = NULL;
-
- GREENTEA_SETUP( 800, "mbedtls_test" );
- greentea_send_kv( "GO", " " );
-
- while ( 1 )
- {
- ret = 0;
- mbedtls_test_info_reset( );
- data_len = 0;
-
- data = receive_data( &data_len );
- if ( data == NULL )
- continue;
- p = data;
-
- do
- {
- /* Read dependency count */
- count = *p;
- TEST_HELPER_ASSERT( count < data_len );
- INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
- ret = verify_dependencies( count, p );
- if ( ret != DEPENDENCY_SUPPORTED )
- break;
-
- if ( count )
- INCR_ASSERT( p, data, data_len, count );
-
- /* Read function id */
- function_id = *p;
- INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
- if ( ( ret = check_test( function_id ) ) != DISPATCH_TEST_SUCCESS )
- break;
-
- /* Read number of parameters */
- count = *p;
- INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
-
- /* Parse parameters if present */
- if ( count )
- {
- params = parse_parameters( count, p, data_len - ( p - data ), &ret );
- if ( ret )
- break;
- }
-
- ret = dispatch_test( function_id, params );
- }
- while ( 0 );
-
- if ( data )
- {
- free( data );
- data = NULL;
- }
-
- if ( params )
- {
- free( params );
- params = NULL;
- }
-
- if ( ret )
- send_failure( ret );
- else
- send_status( mbedtls_test_info.result );
- }
- return( 0 );
-}
-
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index a90277d..5a64099 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -67,7 +67,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
@@ -92,7 +92,7 @@
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0)
{
@@ -244,7 +244,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
@@ -266,7 +266,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
@@ -287,7 +287,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
@@ -309,7 +309,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
diff --git a/tests/suites/test_suite_base64.data b/tests/suites/test_suite_base64.data
index 3a892f4..5556668 100644
--- a/tests/suites/test_suite_base64.data
+++ b/tests/suites/test_suite_base64.data
@@ -1,3 +1,33 @@
+mask_of_range empty (1..0)
+mask_of_range:1:0
+
+mask_of_range empty (255..0)
+mask_of_range:255:0
+
+mask_of_range empty (42..7)
+mask_of_range:42:7
+
+mask_of_range 0..0
+mask_of_range:0:0
+
+mask_of_range 42..42
+mask_of_range:42:42
+
+mask_of_range 255..255
+mask_of_range:255:255
+
+mask_of_range 0..255
+mask_of_range:0:255
+
+mask_of_range 'A'..'Z'
+mask_of_range:65:90
+
+enc_char (all digits)
+enc_chars:
+
+dec_value (all characters)
+dec_chars:
+
Test case mbedtls_base64_encode #1 buffer just right
mbedtls_base64_encode:"":"":0:0
diff --git a/tests/suites/test_suite_base64.function b/tests/suites/test_suite_base64.function
index be9b6e8..67fbb67 100644
--- a/tests/suites/test_suite_base64.function
+++ b/tests/suites/test_suite_base64.function
@@ -1,6 +1,13 @@
/* BEGIN_HEADER */
#include "mbedtls/base64.h"
+#include "base64_invasive.h"
#include <test/constant_flow.h>
+
+#if defined(MBEDTLS_TEST_HOOKS)
+static const char base64_digits[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+#endif /* MBEDTLS_TEST_HOOKS */
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -8,6 +15,65 @@
* END_DEPENDENCIES
*/
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void mask_of_range( int low_arg, int high_arg )
+{
+ unsigned char low = low_arg, high = high_arg;
+ unsigned c;
+ for( c = 0; c <= 0xff; c++ )
+ {
+ mbedtls_test_set_step( c );
+ TEST_CF_SECRET( &c, sizeof( c ) );
+ unsigned char m = mbedtls_base64_mask_of_range( low, high, c );
+ TEST_CF_PUBLIC( &c, sizeof( c ) );
+ TEST_CF_PUBLIC( &m, sizeof( m ) );
+ if( low <= c && c <= high )
+ TEST_EQUAL( m, 0xff );
+ else
+ TEST_EQUAL( m, 0 );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void enc_chars( )
+{
+ for( unsigned value = 0; value < 64; value++ )
+ {
+ mbedtls_test_set_step( value );
+ TEST_CF_SECRET( &value, sizeof( value ) );
+ unsigned char digit = mbedtls_base64_enc_char( value );
+ TEST_CF_PUBLIC( &value, sizeof( value ) );
+ TEST_CF_PUBLIC( &digit, sizeof( digit ) );
+ TEST_EQUAL( digit, base64_digits[value] );
+ }
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */
+void dec_chars( )
+{
+ char *p;
+ signed char expected;
+
+ for( unsigned c = 0; c <= 0xff; c++ )
+ {
+ mbedtls_test_set_step( c );
+ /* base64_digits is 0-terminated. sizeof()-1 excludes the trailing 0. */
+ p = memchr( base64_digits, c, sizeof( base64_digits ) - 1 );
+ if( p == NULL )
+ expected = -1;
+ else
+ expected = p - base64_digits;
+ TEST_CF_SECRET( &c, sizeof( c ) );
+ signed char actual = mbedtls_base64_dec_value( c );
+ TEST_CF_PUBLIC( &c, sizeof( c ) );
+ TEST_CF_PUBLIC( &actual, sizeof( actual ) );
+ TEST_EQUAL( actual, expected );
+ }
+}
+/* END_CASE */
+
/* BEGIN_CASE */
void mbedtls_base64_encode( char * src_string, char * dst_string,
int dst_buf_size, int result )
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 5b24935..7256fb5 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -24,7 +24,7 @@
mbedtls_des_init( &ctx );
- mbedtls_des_setkey_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
@@ -44,7 +44,7 @@
mbedtls_des_init( &ctx );
- mbedtls_des_setkey_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
@@ -65,7 +65,7 @@
mbedtls_des_init( &ctx );
- mbedtls_des_setkey_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
@@ -91,7 +91,7 @@
mbedtls_des_init( &ctx );
- mbedtls_des_setkey_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
@@ -117,9 +117,9 @@
if( key_count == 2 )
- mbedtls_des3_set2key_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 );
else if( key_count == 3 )
- mbedtls_des3_set3key_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 );
else
TEST_ASSERT( 0 );
@@ -144,9 +144,9 @@
if( key_count == 2 )
- mbedtls_des3_set2key_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 );
else if( key_count == 3 )
- mbedtls_des3_set3key_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 );
else
TEST_ASSERT( 0 );
@@ -172,9 +172,9 @@
if( key_count == 2 )
- mbedtls_des3_set2key_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 );
else if( key_count == 3 )
- mbedtls_des3_set3key_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 );
else
TEST_ASSERT( 0 );
@@ -205,9 +205,9 @@
if( key_count == 2 )
- mbedtls_des3_set2key_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 );
else if( key_count == 3 )
- mbedtls_des3_set3key_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 );
else
TEST_ASSERT( 0 );
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 03e4a27..62a93a9 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -3442,19 +3442,19 @@
PSA key derivation: HKDF SHA-256, request maximum capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":255 * 32:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256):"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":""
PSA key derivation: HKDF SHA-1, request maximum capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
-derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":255 * 20:"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
+derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_1):PSA_KEY_DERIVATION_INPUT_SALT:"":PSA_KEY_DERIVATION_INPUT_SECRET:"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c":PSA_KEY_DERIVATION_INPUT_INFO:"":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1):"2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48":""
PSA key derivation: HKDF SHA-256, request too much capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * 32 + 1:PSA_ERROR_INVALID_ARGUMENT
+derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_256):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: HKDF SHA-1, request too much capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_1
-derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * 20 + 1:PSA_ERROR_INVALID_ARGUMENT
+derive_set_capacity:PSA_ALG_HKDF(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT
PSA key derivation: over capacity 42: output 42+1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
@@ -3474,19 +3474,19 @@
PSA key derivation: HKDF SHA-256, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1
+derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
PSA key derivation: HKDF SHA-256, read maximum capacity
depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
-derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32
+derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)
PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32 - 1
+derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * 32
+derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)
PSA key derivation: HKDF SHA-256, exercise AES128-CTR
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
@@ -3717,7 +3717,7 @@
PSA generate key: bad type (RSA public key)
depends_on:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
-generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_NOT_SUPPORTED:0
+generate_key:PSA_KEY_TYPE_RSA_PUBLIC_KEY:512:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
PSA generate key: raw data, 0 bits: invalid argument
# The spec allows either INVALID_ARGUMENT or NOT_SUPPORTED
diff --git a/tests/suites/test_suite_psa_crypto_not_supported.function b/tests/suites/test_suite_psa_crypto_not_supported.function
index e3253d8..0665230 100644
--- a/tests/suites/test_suite_psa_crypto_not_supported.function
+++ b/tests/suites/test_suite_psa_crypto_not_supported.function
@@ -50,3 +50,22 @@
PSA_DONE( );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void generate_invalid_argument( int key_type, int bits )
+{
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
+
+ PSA_ASSERT( psa_crypto_init( ) );
+ psa_set_key_type( &attributes, key_type );
+ psa_set_key_bits( &attributes, bits );
+ TEST_EQUAL( psa_generate_key( &attributes, &key_id ),
+ PSA_ERROR_INVALID_ARGUMENT );
+ TEST_ASSERT( mbedtls_svc_key_id_equal( key_id, MBEDTLS_SVC_KEY_ID_INIT ) );
+
+exit:
+ psa_destroy_key( key_id );
+ PSA_DONE( );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_not_supported.generated.data b/tests/suites/test_suite_psa_crypto_not_supported.generated.data
index 2c8ed48..321cc34 100644
--- a/tests/suites/test_suite_psa_crypto_not_supported.generated.data
+++ b/tests/suites/test_suite_psa_crypto_not_supported.generated.data
@@ -196,15 +196,15 @@
depends_on:!PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
import_not_supported:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"30818902818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc30203010001"
-PSA generate RSA_PUBLIC_KEY 1024-bit never supported
-generate_not_supported:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024
+PSA generate RSA_PUBLIC_KEY 1024-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1024
PSA import RSA_PUBLIC_KEY 1536-bit not supported
depends_on:!PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY
import_not_supported:PSA_KEY_TYPE_RSA_PUBLIC_KEY:"3081c90281c100c870feb6ca6b1d2bd9f2dd99e20f1fe2d7e5192de662229dbe162bd1ba66336a7182903ca0b72796cd441c83d24bcdc3e9a2f5e4399c8a043f1c3ddf04754a66d4cfe7b3671a37dd31a9b4c13bfe06ee90f9d94ddaa06de67a52ac863e68f756736ceb014405a6160579640f831dddccc34ad0b05070e3f9954a58d1815813e1b83bcadba814789c87f1ef2ba5d738b793ec456a67360eea1b5faf1c7cc7bf24f3b2a9d0f8958b1096e0f0c335f8888d0c63a51c3c0337214fa3f5efdf6dcc350203010001"
-PSA generate RSA_PUBLIC_KEY 1536-bit never supported
-generate_not_supported:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536
+PSA generate RSA_PUBLIC_KEY 1536-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_RSA_PUBLIC_KEY:1536
PSA import ECC_KEY_PAIR(BRAINPOOL_P_R1) 160-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET
@@ -322,50 +322,50 @@
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"04d4b9186816358e2f9c59cf70748cb70641b22fbab65473db4b4e22a361ed7e3de7e8a8ddc4130c5c"
-PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160
+PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):160
PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_192:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"043fdd168c179ff5363dd71dcd58de9617caad791ae0c37328be9ca0bfc79cebabf6a95d1c52df5b5f3c8b1a2441cf6c88"
-PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192
+PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 192-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):192
PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_224:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"045fbea378fc8583b3837e3f21a457c31eaf20a54e18eb11d104b3adc47f9d1c97eb9ea4ac21740d70d88514b98bf0bc31addac1d19c4ab3cc"
-PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224
+PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 224-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):224
PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_256
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"04768c8cae4abca6306db0ed81b0c4a6215c378066ec6d616c146e13f1c7df809b96ab6911c27d8a02339f0926840e55236d3d1efbe2669d090e4c4c660fada91d"
-PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256
+PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 256-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):256
PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_320:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"049caed8fb4742956cc2ad12a9a1c995e21759ef26a07bc2054136d3d2f28bb331a70e26c4c687275ab1f434be7871e115d2350c0c5f61d4d06d2bcdb67f5cb63fdb794e5947c87dc6849a58694e37e6cd"
-PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320
+PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 320-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):320
PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_384
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"04719f9d093a627e0d350385c661cebf00c61923566fe9006a3107af1d871bc6bb68985fd722ea32be316f8e783b7cd1957785f66cfc0cb195dd5c99a8e7abaa848553a584dfd2b48e76d445fe00dd8be59096d877d4696d23b4bc8db14724e66a"
-PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384
+PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 384-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):384
PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_BRAINPOOL_P_R1_512
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):"0438b7ec92b61c5c6c7fbc28a4ec759d48fcd4e2e374defd5c4968a54dbef7510e517886fbfc38ea39aa529359d70a7156c35d3cbac7ce776bdb251dd64bce71234424ee7049eed072f0dbc4d79996e175d557e263763ae97095c081e73e7db2e38adc3d4c9a0487b1ede876dc1fca61c902e9a1d8722b8612928f18a24845591a"
-PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512
+PSA generate ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 512-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_BRAINPOOL_P_R1):512
PSA import ECC_PUBLIC_KEY(BRAINPOOL_P_R1) 160-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_BRAINPOOL_P_R1_160:DEPENDENCY_NOT_IMPLEMENTED_YET
@@ -431,15 +431,15 @@
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_255
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):"8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a"
-PSA generate ECC_PUBLIC_KEY(MONTGOMERY) 255-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):255
+PSA generate ECC_PUBLIC_KEY(MONTGOMERY) 255-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):255
PSA import ECC_PUBLIC_KEY(MONTGOMERY) 448-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_MONTGOMERY_448
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):"c0d3a5a2b416a573dc9909f92f134ac01323ab8f8e36804e578588ba2d09fe7c3e737f771ca112825b548a0ffded6d6a2fd09a3e77dec30e"
-PSA generate ECC_PUBLIC_KEY(MONTGOMERY) 448-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448
+PSA generate ECC_PUBLIC_KEY(MONTGOMERY) 448-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_MONTGOMERY):448
PSA import ECC_PUBLIC_KEY(MONTGOMERY) 255-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_MONTGOMERY_255
@@ -501,22 +501,22 @@
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_K1_192
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):"0426b7bb38da649ac2138fc050c6548b32553dab68afebc36105d325b75538c12323cb0764789ecb992671beb2b6bef2f5"
-PSA generate ECC_PUBLIC_KEY(SECP_K1) 192-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192
+PSA generate ECC_PUBLIC_KEY(SECP_K1) 192-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):192
PSA import ECC_PUBLIC_KEY(SECP_K1) 224-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_K1_224
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):"042cc7335f4b76042bed44ef45959a62aa215f7a5ff0c8111b8c44ed654ee71c1918326ad485b2d599fe2a6eab096ee26d977334d2bac6d61d"
-PSA generate ECC_PUBLIC_KEY(SECP_K1) 224-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):224
+PSA generate ECC_PUBLIC_KEY(SECP_K1) 224-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):224
PSA import ECC_PUBLIC_KEY(SECP_K1) 256-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_K1_256
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):"045c39154579efd667adc73a81015a797d2c8682cdfbd3c3553c4a185d481cdc50e42a0e1cbc3ca29a32a645e927f54beaed14c9dbbf8279d725f5495ca924b24d"
-PSA generate ECC_PUBLIC_KEY(SECP_K1) 256-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):256
+PSA generate ECC_PUBLIC_KEY(SECP_K1) 256-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_K1):256
PSA import ECC_PUBLIC_KEY(SECP_K1) 192-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_K1_192
@@ -598,29 +598,29 @@
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_225:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"046f00eadaa949fee3e9e1c7fa1247eecec86a0dce46418b9bd3117b981d4bd0ae7a990de912f9d060d6cb531a42d22e394ac29e81804bf160"
-PSA generate ECC_PUBLIC_KEY(SECP_R1) 225-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):225
+PSA generate ECC_PUBLIC_KEY(SECP_R1) 225-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):225
PSA import ECC_PUBLIC_KEY(SECP_R1) 256-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_256
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"047772656f814b399279d5e1f1781fac6f099a3c5ca1b0e35351834b08b65e0b572590cdaf8f769361bcf34acfc11e5e074e8426bdde04be6e653945449617de45"
-PSA generate ECC_PUBLIC_KEY(SECP_R1) 256-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):256
+PSA generate ECC_PUBLIC_KEY(SECP_R1) 256-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):256
PSA import ECC_PUBLIC_KEY(SECP_R1) 384-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04d9c662b50ba29ca47990450e043aeaf4f0c69b15676d112f622a71c93059af999691c5680d2b44d111579db12f4a413a2ed5c45fcfb67b5b63e00b91ebe59d09a6b1ac2c0c4282aa12317ed5914f999bc488bb132e8342cc36f2ca5e3379c747"
-PSA generate ECC_PUBLIC_KEY(SECP_R1) 384-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):384
+PSA generate ECC_PUBLIC_KEY(SECP_R1) 384-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):384
PSA import ECC_PUBLIC_KEY(SECP_R1) 521-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_521
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):"04001de142d54f69eb038ee4b7af9d3ca07736fd9cf719eb354d69879ee7f3c136fb0fbf9f08f86be5fa128ec1a051d3e6c643e85ada8ffacf3663c260bd2c844b6f5600cee8e48a9e65d09cadd89f235dee05f3b8a646be715f1f67d5b434e0ff23a1fc07ef7740193e40eeff6f3bcdfd765aa9155033524fe4f205f5444e292c4c2f6ac1"
-PSA generate ECC_PUBLIC_KEY(SECP_R1) 521-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):521
+PSA generate ECC_PUBLIC_KEY(SECP_R1) 521-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1):521
PSA import ECC_PUBLIC_KEY(SECP_R1) 225-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_R1_225:DEPENDENCY_NOT_IMPLEMENTED_YET
@@ -658,8 +658,8 @@
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):"049570d541398665adb5cfa16f5af73b3196926bbd4b876bdb80f8eab20d0f540c22f4de9c140f6d7b"
-PSA generate ECC_PUBLIC_KEY(SECP_R2) 160-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160
+PSA generate ECC_PUBLIC_KEY(SECP_R2) 160-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R2):160
PSA import ECC_PUBLIC_KEY(SECP_R2) 160-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECP_R2_160:DEPENDENCY_NOT_IMPLEMENTED_YET
@@ -765,43 +765,43 @@
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"0406f88f90b4b65950f06ce433afdb097e320f433dc2062b8a65db8fafd3c110f46bc45663fbf021ee7eb9"
-PSA generate ECC_PUBLIC_KEY(SECT_K1) 163-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163
+PSA generate ECC_PUBLIC_KEY(SECT_K1) 163-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):163
PSA import ECC_PUBLIC_KEY(SECT_K1) 233-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_233:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"0401e9d7189189f773bd8f71be2c10774ba18842434dfa9312595ea545104400f45a9d5675647513ba75b079fe66a29daac2ec86a6a5d4e75c5f290c1f"
-PSA generate ECC_PUBLIC_KEY(SECT_K1) 233-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233
+PSA generate ECC_PUBLIC_KEY(SECT_K1) 233-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):233
PSA import ECC_PUBLIC_KEY(SECT_K1) 239-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_239:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"04068d76b9f4508762c2379db9ee8b87ad8d86d9535132ffba3b5680440cfa28eb133d4232faf1c9aba96af11aefe634a551440800d5f8185105d3072d"
-PSA generate ECC_PUBLIC_KEY(SECT_K1) 239-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239
+PSA generate ECC_PUBLIC_KEY(SECT_K1) 239-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):239
PSA import ECC_PUBLIC_KEY(SECT_K1) 283-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_283:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"0405f48374debceaadb46ba385fd92048fcc5b9af1a1c90408bf94a68b9378df1cbfdfb6fb026a96bea06d8f181bf10c020adbcc88b6ecff96bdc564a9649c247cede601c4be63afc3"
-PSA generate ECC_PUBLIC_KEY(SECT_K1) 283-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283
+PSA generate ECC_PUBLIC_KEY(SECT_K1) 283-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):283
PSA import ECC_PUBLIC_KEY(SECT_K1) 409-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_409:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"04012c587f69f68b308ba6dcb238797f4e22290ca939ae806604e2b5ab4d9caef5a74a98fd87c4f88d292dd39d92e556e16c6ecc3c019a105826eef507cd9a04119f54d5d850b3720b3792d5d03410e9105610f7e4b420166ed45604a7a1f229d80975ba6be2060e8b"
-PSA generate ECC_PUBLIC_KEY(SECT_K1) 409-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409
+PSA generate ECC_PUBLIC_KEY(SECT_K1) 409-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):409
PSA import ECC_PUBLIC_KEY(SECT_K1) 571-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_K1_571:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):"04050172a7fd7adf98e4e2ed2742faa5cd12731a15fb0dbbdf75b1c3cc771a4369af6f2fa00e802735650881735759ea9c79961ded18e0daa0ac59afb1d513b5bbda9962e435f454fc020b4afe1445c2302ada07d295ec2580f8849b2dfa7f956b09b4cbe4c88d3b1c217049f75d3900d36df0fa12689256b58dd2ef784ebbeb0564600cf47a841485f8cf897a68accd5a"
-PSA generate ECC_PUBLIC_KEY(SECT_K1) 571-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571
+PSA generate ECC_PUBLIC_KEY(SECT_K1) 571-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_K1):571
PSA import ECC_PUBLIC_KEY(SECT_K1) 163-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_K1_163:DEPENDENCY_NOT_IMPLEMENTED_YET
@@ -911,36 +911,36 @@
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"0400465eeb9e7258b11e33c02266bfe834b20bcb118700772796ee4704ec67651bd447e3011959a79a04cb"
-PSA generate ECC_PUBLIC_KEY(SECT_R1) 163-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163
+PSA generate ECC_PUBLIC_KEY(SECT_R1) 163-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):163
PSA import ECC_PUBLIC_KEY(SECT_R1) 233-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_233:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"0400cd68c8af4430c92ec7a7048becfdf00a6bae8d1b4c37286f2d336f2a0e017eca3748f4ad6d435c85867aa014eea1bd6d9d005bbd8319cab629001d"
-PSA generate ECC_PUBLIC_KEY(SECT_R1) 233-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233
+PSA generate ECC_PUBLIC_KEY(SECT_R1) 233-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):233
PSA import ECC_PUBLIC_KEY(SECT_R1) 283-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_283:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"04052f9ff887254c2d1440ba9e30f13e2185ba53c373b2c410dae21cf8c167f796c08134f601cbc4c570bffbc2433082cf4d9eb5ba173ecb8caec15d66a02673f60807b2daa729b765"
-PSA generate ECC_PUBLIC_KEY(SECT_R1) 283-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283
+PSA generate ECC_PUBLIC_KEY(SECT_R1) 283-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):283
PSA import ECC_PUBLIC_KEY(SECT_R1) 409-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_409:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"0401aa25466b1d291846db365957b25431591e50d9c109fe2106e93bb369775896925b15a7bfec397406ab4fe6f6b1a13bf8fdcb9300fa5500a813228676b0a6c572ed96b0f4aec7e87832e7e20f17ca98ecdfd36f59c82bddb8665f1f357a73900e827885ec9e1f22"
-PSA generate ECC_PUBLIC_KEY(SECT_R1) 409-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409
+PSA generate ECC_PUBLIC_KEY(SECT_R1) 409-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):409
PSA import ECC_PUBLIC_KEY(SECT_R1) 571-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R1_571:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):"040708f3403ee9948114855c17572152a08f8054d486defef5f29cbffcfb7cfd9280746a1ac5f751a6ad902ec1e0525120e9be56f03437af196fbe60ee7856e3542ab2cf87880632d80290e39b1a2bd03c6bbf6225511c567bd2ff41d2325dc58346f2b60b1feee4dc8b2af2296c2dc52b153e0556b5d24152b07f690c3fa24e4d1d19efbdeb1037833a733654d2366c74"
-PSA generate ECC_PUBLIC_KEY(SECT_R1) 571-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571
+PSA generate ECC_PUBLIC_KEY(SECT_R1) 571-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R1):571
PSA import ECC_PUBLIC_KEY(SECT_R1) 163-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R1_163:DEPENDENCY_NOT_IMPLEMENTED_YET
@@ -982,8 +982,8 @@
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):"0403692601144c32a6cfa369ae20ae5d43c1c764678c037bafe80c6fd2e42b7ced96171d9c5367fd3dca6f"
-PSA generate ECC_PUBLIC_KEY(SECT_R2) 163-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163
+PSA generate ECC_PUBLIC_KEY(SECT_R2) 163-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECT_R2):163
PSA import ECC_PUBLIC_KEY(SECT_R2) 163-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_SECT_R2_163:DEPENDENCY_NOT_IMPLEMENTED_YET
@@ -1025,15 +1025,15 @@
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"
-PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255
+PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):255
PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit type not supported
depends_on:!PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_TWISTED_EDWARDS_448:DEPENDENCY_NOT_IMPLEMENTED_YET
import_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):"5fd7449b59b461fd2ce787ec616ad46a1da1342485a70e1f8a0ea75d80e96778edf124769b46c7061bd6783df1e50f6cd1fa1abeafe8256180"
-PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit type never supported
-generate_not_supported:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448
+PSA generate ECC_PUBLIC_KEY(TWISTED_EDWARDS) 448-bit invalid argument
+generate_invalid_argument:PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_TWISTED_EDWARDS):448
PSA import ECC_PUBLIC_KEY(TWISTED_EDWARDS) 255-bit curve not supported
depends_on:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:!PSA_WANT_ECC_TWISTED_EDWARDS_255:DEPENDENCY_NOT_IMPLEMENTED_YET
diff --git a/visualc/VS2010/load_roots.vcxproj b/visualc/VS2010/load_roots.vcxproj
new file mode 100644
index 0000000..1eed657
--- /dev/null
+++ b/visualc/VS2010/load_roots.vcxproj
@@ -0,0 +1,167 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+ <ItemGroup Label="ProjectConfigurations">
+ <ProjectConfiguration Include="Debug|Win32">
+ <Configuration>Debug</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Debug|x64">
+ <Configuration>Debug</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|Win32">
+ <Configuration>Release</Configuration>
+ <Platform>Win32</Platform>
+ </ProjectConfiguration>
+ <ProjectConfiguration Include="Release|x64">
+ <Configuration>Release</Configuration>
+ <Platform>x64</Platform>
+ </ProjectConfiguration>
+ </ItemGroup>
+ <ItemGroup>
+ <ClCompile Include="..\..\programs\x509\load_roots.c" />
+ </ItemGroup>
+ <ItemGroup>
+ <ProjectReference Include="mbedTLS.vcxproj">
+ <Project>{46cf2d25-6a36-4189-b59c-e4815388e554}</Project>
+ <LinkLibraryDependencies>true</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemGroup>
+ <PropertyGroup Label="Globals">
+ <ProjectGuid>{65EB85E6-C928-689F-8335-126F78025220}</ProjectGuid>
+ <Keyword>Win32Proj</Keyword>
+ <RootNamespace>load_roots</RootNamespace>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>true</UseDebugLibraries>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
+ <ConfigurationType>Application</ConfigurationType>
+ <UseDebugLibraries>false</UseDebugLibraries>
+ <WholeProgramOptimization>true</WholeProgramOptimization>
+ <CharacterSet>Unicode</CharacterSet>
+ </PropertyGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
+ <ImportGroup Label="ExtensionSettings">
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <ImportGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="PropertySheets">
+ <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
+ </ImportGroup>
+ <PropertyGroup Label="UserMacros" />
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <LinkIncremental>true</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <LinkIncremental>true</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <LinkIncremental>false</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <LinkIncremental>false</LinkIncremental>
+ <IntDir>$(Configuration)\$(TargetName)\</IntDir>
+ </PropertyGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>
+../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include </AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
+ </Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>false</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>Disabled</Optimization>
+ <PreprocessorDefinitions>%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>
+../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include </AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalLibraryDirectories>Debug</AdditionalLibraryDirectories>
+ </Link>
+ <ProjectReference>
+ <LinkLibraryDependencies>false</LinkLibraryDependencies>
+ </ProjectReference>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>
+../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include </AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
+ <AdditionalDependencies>kernel32.lib;user32.lib;gdi32.lib;winspool.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ </Link>
+ </ItemDefinitionGroup>
+ <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
+ <ClCompile>
+ <WarningLevel>Level3</WarningLevel>
+ <Optimization>MaxSpeed</Optimization>
+ <FunctionLevelLinking>true</FunctionLevelLinking>
+ <IntrinsicFunctions>true</IntrinsicFunctions>
+ <PreprocessorDefinitions>NDEBUG;%(PreprocessorDefinitions)</PreprocessorDefinitions>
+ <AdditionalIncludeDirectories>
+../../include;../../3rdparty/everest/include/;../../3rdparty/everest/include/everest;../../3rdparty/everest/include/everest/vs2010;../../3rdparty/everest/include/everest/kremlib;../../tests/include </AdditionalIncludeDirectories>
+ </ClCompile>
+ <Link>
+ <SubSystem>Console</SubSystem>
+ <GenerateDebugInformation>true</GenerateDebugInformation>
+ <EnableCOMDATFolding>true</EnableCOMDATFolding>
+ <OptimizeReferences>true</OptimizeReferences>
+ <AdditionalLibraryDirectories>Release</AdditionalLibraryDirectories>
+ <AdditionalDependencies>%(AdditionalDependencies);</AdditionalDependencies>
+ </Link>
+ </ItemDefinitionGroup>
+ <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
+ <ImportGroup Label="ExtensionTargets">
+ </ImportGroup>
+</Project>
diff --git a/visualc/VS2010/mbedTLS.sln b/visualc/VS2010/mbedTLS.sln
index d1e884e..3624735 100644
--- a/visualc/VS2010/mbedTLS.sln
+++ b/visualc/VS2010/mbedTLS.sln
@@ -253,6 +253,11 @@
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
+Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "load_roots", "load_roots.vcxproj", "{65EB85E6-C928-689F-8335-126F78025220}"
+ ProjectSection(ProjectDependencies) = postProject
+ {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
+ EndProjectSection
+EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "req_app", "req_app.vcxproj", "{486B1375-5CFA-C2D2-DD89-C9F497BADCB3}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@@ -674,6 +679,14 @@
{DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|Win32.Build.0 = Release|Win32
{DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.ActiveCfg = Release|x64
{DB904B85-AD31-B7FB-114F-88760CC485F2}.Release|x64.Build.0 = Release|x64
+ {65EB85E6-C928-689F-8335-126F78025220}.Debug|Win32.ActiveCfg = Debug|Win32
+ {65EB85E6-C928-689F-8335-126F78025220}.Debug|Win32.Build.0 = Debug|Win32
+ {65EB85E6-C928-689F-8335-126F78025220}.Debug|x64.ActiveCfg = Debug|x64
+ {65EB85E6-C928-689F-8335-126F78025220}.Debug|x64.Build.0 = Debug|x64
+ {65EB85E6-C928-689F-8335-126F78025220}.Release|Win32.ActiveCfg = Release|Win32
+ {65EB85E6-C928-689F-8335-126F78025220}.Release|Win32.Build.0 = Release|Win32
+ {65EB85E6-C928-689F-8335-126F78025220}.Release|x64.ActiveCfg = Release|x64
+ {65EB85E6-C928-689F-8335-126F78025220}.Release|x64.Build.0 = Release|x64
{486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|Win32.ActiveCfg = Debug|Win32
{486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|Win32.Build.0 = Debug|Win32
{486B1375-5CFA-C2D2-DD89-C9F497BADCB3}.Debug|x64.ActiveCfg = Debug|x64
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index cd68bb0..5d5b1d3 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -253,6 +253,7 @@
<ClInclude Include="..\..\tests\include\test\drivers\signature.h" />
<ClInclude Include="..\..\tests\include\test\drivers\size.h" />
<ClInclude Include="..\..\tests\include\test\drivers\test_driver.h" />
+ <ClInclude Include="..\..\library\base64_invasive.h" />
<ClInclude Include="..\..\library\check_crypto_config.h" />
<ClInclude Include="..\..\library\common.h" />
<ClInclude Include="..\..\library\ecp_invasive.h" />