Merge pull request #8830 from paul-elliott-arm/add_framework_meta_tests_2_28
[Backport 2.28] Add metatests for failing TEST_EQUAL and TEST_LE_*
diff --git a/CMakeLists.txt b/CMakeLists.txt
index b001bb7..8444917 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -39,6 +39,8 @@
project("Mbed TLS" C)
endif()
+include(GNUInstallDirs)
+
# Set the project root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
@@ -259,8 +261,7 @@
endif(CMAKE_BUILD_TYPE STREQUAL "Coverage")
if(LIB_INSTALL_DIR)
-else()
- set(LIB_INSTALL_DIR lib)
+ set(CMAKE_INSTALL_LIBDIR "${LIB_INSTALL_DIR}")
endif()
if(ENABLE_ZLIB_SUPPORT)
@@ -278,6 +279,8 @@
add_subdirectory(library)
+add_subdirectory(pkgconfig)
+
#
# The C files in tests/src directory contain test code shared among test suites
# and programs. This shared test code is compiled and linked to test suites and
diff --git a/ChangeLog.d/cmake_use_GnuInstallDirs.txt b/ChangeLog.d/cmake_use_GnuInstallDirs.txt
new file mode 100644
index 0000000..d848755
--- /dev/null
+++ b/ChangeLog.d/cmake_use_GnuInstallDirs.txt
@@ -0,0 +1,5 @@
+Changes
+ * cmake: Use GnuInstallDirs to customize install directories
+ Replace custom LIB_INSTALL_DIR variable with standard CMAKE_INSTALL_LIBDIR
+ variable. For backward compatibility, set CMAKE_INSTALL_LIBDIR if
+ LIB_INSTALL_DIR is set.
diff --git a/ChangeLog.d/fix-ssl-session-serialization-config.txt b/ChangeLog.d/fix-ssl-session-serialization-config.txt
new file mode 100644
index 0000000..ca1cc81
--- /dev/null
+++ b/ChangeLog.d/fix-ssl-session-serialization-config.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix missing bitflags in SSL session serialization headers. Their absence
+ allowed SSL sessions saved in one configuration to be loaded in a
+ different, incompatible configuration.
diff --git a/ChangeLog.d/pkg-config-files-addition.txt b/ChangeLog.d/pkg-config-files-addition.txt
new file mode 100644
index 0000000..5df6ffb
--- /dev/null
+++ b/ChangeLog.d/pkg-config-files-addition.txt
@@ -0,0 +1,3 @@
+Features
+ * Add pc files for pkg-config. eg.:
+ pkg-config --cflags --libs (mbedtls|mbedcrypto|mbedx509)
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index e4e40c0..33ea14d 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -1265,6 +1265,8 @@
/**
* \brief This function reads an elliptic curve private key.
*
+ * \note This function does not support Curve448 yet.
+ *
* \param grp_id The ECP group identifier.
* \param key The destination key.
* \param buf The buffer containing the binary representation of the
@@ -1286,17 +1288,43 @@
/**
* \brief This function exports an elliptic curve private key.
*
+ * \note Note that although this function accepts an output
+ * buffer that is smaller or larger than the key, most key
+ * import interfaces require the output to have exactly
+ * key's nominal length. It is generally simplest to
+ * pass the key's nominal length as \c buflen, after
+ * checking that the output buffer is large enough.
+ * See the description of the \p buflen parameter for
+ * how to calculate the nominal length.
+ *
+ * \note If the private key was not set in \p key,
+ * the output is unspecified. Future versions
+ * may return an error in that case.
+ *
+ * \note This function does not support Curve448 yet.
+ *
* \param key The private key.
* \param buf The output buffer for containing the binary representation
- * of the key. (Big endian integer for Weierstrass curves, byte
- * string for Montgomery curves.)
+ * of the key.
+ * For Weierstrass curves, this is the big-endian
+ * representation, padded with null bytes at the beginning
+ * to reach \p buflen bytes.
+ * For Montgomery curves, this is the standard byte string
+ * representation (which is little-endian), padded with
+ * null bytes at the end to reach \p buflen bytes.
* \param buflen The total length of the buffer in bytes.
+ * The length of the output is
+ * (`grp->nbits` + 7) / 8 bytes
+ * where `grp->nbits` is the private key size in bits.
+ * For Weierstrass keys, if the output buffer is smaller,
+ * leading zeros are trimmed to fit if possible. For
+ * Montgomery keys, the output buffer must always be large
+ * enough for the nominal length.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL if the \p key
- representation is larger than the available space in \p buf.
- * \return #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the operation for
- * the group is not implemented.
+ * \return #MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL or
+ * #MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if the \p key
+ * representation is larger than the available space in \p buf.
* \return Another negative error code on different kinds of failure.
*/
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index b528251..773c01e 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -400,7 +400,7 @@
((type) | PSA_KEY_TYPE_CATEGORY_FLAG_PAIR)
/** The public key type corresponding to a key pair type.
*
- * You may also pass a key pair type as \p type, it will be left unchanged.
+ * You may also pass a public key type as \p type, it will be left unchanged.
*
* \param type A public key type or key pair type.
*
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 1b2980d..798f42f 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -239,7 +239,7 @@
PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
endif()
install(TARGETS ${target}
- DESTINATION ${LIB_INSTALL_DIR}
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
endforeach(target)
diff --git a/library/ecp.c b/library/ecp.c
index f67b4d0..cfe02b0 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -927,7 +927,7 @@
size_t plen;
ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(pt != NULL);
- ECP_VALIDATE_RET(buf != NULL);
+ ECP_VALIDATE_RET(ilen == 0 || buf != NULL);
if (ilen < 1) {
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
@@ -996,7 +996,7 @@
ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(pt != NULL);
ECP_VALIDATE_RET(buf != NULL);
- ECP_VALIDATE_RET(*buf != NULL);
+ ECP_VALIDATE_RET(buf_len == 0 || *buf != NULL);
/*
* We must have at least two bytes (1 for length, at least one for data)
@@ -1068,7 +1068,7 @@
mbedtls_ecp_group_id grp_id;
ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(buf != NULL);
- ECP_VALIDATE_RET(*buf != NULL);
+ ECP_VALIDATE_RET(len == 0 || *buf != NULL);
if ((ret = mbedtls_ecp_tls_read_group_id(&grp_id, buf, len)) != 0) {
return ret;
@@ -1088,7 +1088,7 @@
const mbedtls_ecp_curve_info *curve_info;
ECP_VALIDATE_RET(grp != NULL);
ECP_VALIDATE_RET(buf != NULL);
- ECP_VALIDATE_RET(*buf != NULL);
+ ECP_VALIDATE_RET(len == 0 || *buf != NULL);
/*
* We expect at least three bytes (see below)
@@ -3358,10 +3358,10 @@
int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
unsigned char *buf, size_t buflen)
{
- int ret = MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
ECP_VALIDATE_RET(key != NULL);
- ECP_VALIDATE_RET(buf != NULL);
+ ECP_VALIDATE_RET(buflen == 0 || buf != NULL);
#if defined(MBEDTLS_ECP_MONTGOMERY_ENABLED)
if (mbedtls_ecp_get_type(&key->grp) == MBEDTLS_ECP_TYPE_MONTGOMERY) {
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fc8e8c6..235959a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5204,6 +5204,12 @@
#define SSL_SERIALIZED_SESSION_CONFIG_CRT 0
#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 1
+#else
+#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT 0
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
#if defined(MBEDTLS_SSL_CLI_C) && defined(MBEDTLS_SSL_SESSION_TICKETS)
#define SSL_SERIALIZED_SESSION_CONFIG_CLIENT_TICKET 1
#else
@@ -5241,6 +5247,7 @@
#define SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT 4
#define SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT 5
#define SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT 6
+#define SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT 7
#define SSL_SERIALIZED_SESSION_CONFIG_BITFLAG \
((uint16_t) ( \
@@ -5252,7 +5259,9 @@
(SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC << \
SSL_SERIALIZED_SESSION_CONFIG_TRUNC_HMAC_BIT) | \
(SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \
- (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT)))
+ (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT) | \
+ (SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT << \
+ SSL_SERIALIZED_SESSION_CONFIG_KEEP_PEER_CRT_BIT)))
static const unsigned char ssl_serialized_session_header[] = {
MBEDTLS_VERSION_MAJOR,
@@ -5278,19 +5287,36 @@
* // the setting of those compile-time
* // configuration options which influence
* // the structure of mbedtls_ssl_session.
- * uint64 start_time;
- * uint8 ciphersuite[2]; // defined by the standard
- * uint8 compression; // 0 or 1
- * uint8 session_id_len; // at most 32
- * opaque session_id[32];
- * opaque master[48]; // fixed length in the standard
- * uint32 verify_result;
- * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
- * opaque ticket<0..2^24-1>; // length 0 means no ticket
- * uint32 ticket_lifetime;
- * uint8 mfl_code; // up to 255 according to standard
- * uint8 trunc_hmac; // 0 or 1
- * uint8 encrypt_then_mac; // 0 or 1
+ * #if defined(MBEDTLS_HAVE_TIME)
+ * uint64 start_time;
+ * #endif
+ * uint8 ciphersuite[2]; // defined by the standard
+ * uint8 compression; // 0 or 1
+ * uint8 session_id_len; // at most 32
+ * opaque session_id[32];
+ * opaque master[48]; // fixed length in the standard
+ * uint32 verify_result;
+ * #if defined(MBEDTLS_X509_CRT_PARSE_C)
+ * #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ * opaque peer_cert<0..2^24-1>; // length 0 means no peer cert
+ * #else
+ * uint8 peer_cert_digest_type;
+ * opaque peer_cert_digest<0..2^8-1>
+ * #endif
+ * #endif
+ * #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ * opaque ticket<0..2^24-1>; // length 0 means no ticket
+ * uint32 ticket_lifetime;
+ * #endif
+ * #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ * uint8 mfl_code; // up to 255 according to standard
+ * #endif
+ * #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ * uint8 trunc_hmac; // 0 or 1
+ * #endif
+ * #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ * uint8 encrypt_then_mac; // 0 or 1
+ * #endif
*
* The order is the same as in the definition of the structure, except
* verify_result is put before peer_cert so that all mandatory fields come
diff --git a/pkgconfig/CMakeLists.txt b/pkgconfig/CMakeLists.txt
new file mode 100644
index 0000000..6def088
--- /dev/null
+++ b/pkgconfig/CMakeLists.txt
@@ -0,0 +1,28 @@
+if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+ include(JoinPaths.cmake)
+ join_paths(PKGCONFIG_INCLUDEDIR "\${prefix}" "${CMAKE_INSTALL_INCLUDEDIR}")
+ join_paths(PKGCONFIG_LIBDIR "\${prefix}" "${CMAKE_INSTALL_LIBDIR}")
+
+ #define these manually since minimum CMAKE version is not 3.9 for DESCRIPTION and 3.12 for HOMEPAGE_URL usage in project() below.
+ # Prefix with something that won't clash with newer versions of CMAKE.
+ set(PKGCONFIG_PROJECT_DESCRIPTION "Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.")
+ set(PKGCONFIG_PROJECT_HOMEPAGE_URL "https://www.trustedfirmware.org/projects/mbed-tls/")
+
+ # Following the conventsion for DESCRIPTION and HOMEPAGE_URL, VERSION wasn't added until 3.0 and depends on policy CMP0048
+ set(PKGCONFIG_VERSION 2.28.7)
+
+ configure_file(mbedcrypto.pc.in mbedcrypto.pc @ONLY)
+ install(FILES
+ ${CMAKE_CURRENT_BINARY_DIR}/mbedcrypto.pc
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+
+ configure_file(mbedtls.pc.in mbedtls.pc @ONLY)
+ install(FILES
+ ${CMAKE_CURRENT_BINARY_DIR}/mbedtls.pc
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+
+ configure_file(mbedx509.pc.in mbedx509.pc @ONLY)
+ install(FILES
+ ${CMAKE_CURRENT_BINARY_DIR}/mbedx509.pc
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}/pkgconfig)
+endif()
diff --git a/pkgconfig/JoinPaths.cmake b/pkgconfig/JoinPaths.cmake
new file mode 100644
index 0000000..193caed
--- /dev/null
+++ b/pkgconfig/JoinPaths.cmake
@@ -0,0 +1,27 @@
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+# This module provides function for joining paths
+# known from most languages
+#
+# Copyright The Mbed TLS Contributors
+#
+# This script originates from:
+# - https://github.com/jtojnar/cmake-snips
+# Jan has provided re-licensing under Apache 2.0 and GPL 2.0+ and
+# allowed for the change of Copyright.
+#
+# Modelled after Python’s os.path.join
+# https://docs.python.org/3.7/library/os.path.html#os.path.join
+# Windows not supported
+function(join_paths joined_path first_path_segment)
+ set(temp_path "${first_path_segment}")
+ foreach(current_segment IN LISTS ARGN)
+ if(NOT ("${current_segment}" STREQUAL ""))
+ if(IS_ABSOLUTE "${current_segment}")
+ set(temp_path "${current_segment}")
+ else()
+ set(temp_path "${temp_path}/${current_segment}")
+ endif()
+ endif()
+ endforeach()
+ set(${joined_path} "${temp_path}" PARENT_SCOPE)
+endfunction()
diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in
new file mode 100644
index 0000000..d8f6750
--- /dev/null
+++ b/pkgconfig/mbedcrypto.pc.in
@@ -0,0 +1,10 @@
+prefix=@CMAKE_INSTALL_PREFIX@
+includedir=@PKGCONFIG_INCLUDEDIR@
+libdir=@PKGCONFIG_LIBDIR@
+
+Name: @PROJECT_NAME@
+Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+Version: @PKGCONFIG_VERSION@
+Cflags: -I"${includedir}"
+Libs: -L"${libdir}" -lmbedcrypto
diff --git a/pkgconfig/mbedtls.pc.in b/pkgconfig/mbedtls.pc.in
new file mode 100644
index 0000000..3802f6a
--- /dev/null
+++ b/pkgconfig/mbedtls.pc.in
@@ -0,0 +1,11 @@
+prefix=@CMAKE_INSTALL_PREFIX@
+includedir=@PKGCONFIG_INCLUDEDIR@
+libdir=@PKGCONFIG_LIBDIR@
+
+Name: @PROJECT_NAME@
+Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+Version: @PKGCONFIG_VERSION@
+Requires.private: mbedcrypto mbedx509
+Cflags: -I"${includedir}"
+Libs: -L"${libdir}" -lmbedtls
diff --git a/pkgconfig/mbedx509.pc.in b/pkgconfig/mbedx509.pc.in
new file mode 100644
index 0000000..1250947
--- /dev/null
+++ b/pkgconfig/mbedx509.pc.in
@@ -0,0 +1,11 @@
+prefix=@CMAKE_INSTALL_PREFIX@
+includedir=@PKGCONFIG_INCLUDEDIR@
+libdir=@PKGCONFIG_LIBDIR@
+
+Name: @PROJECT_NAME@
+Description: @PKGCONFIG_PROJECT_DESCRIPTION@
+URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
+Version: @PKGCONFIG_VERSION@
+Requires.private: mbedcrypto
+Cflags: -I"${includedir}"
+Libs: -L"${libdir}" -lmbedx509
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 161ff3a..d01202f 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -731,7 +731,7 @@
mbedtls_net_init(&server_fd);
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
- memset(&saved_session, 0, sizeof(mbedtls_ssl_session));
+ mbedtls_ssl_session_init(&saved_session);
rng_init(&rng);
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
mbedtls_x509_crt_init(&cacert);
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 926e497..5c8e55d 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -67,6 +67,10 @@
exit 1
fi
+[ $VERBOSE ] && echo "Bumping PKGCONFIG_VERSION in pkgconfig/CMakeLists.txt"
+sed -e "s/PKGCONFIG_VERSION [0-9.]\{1,\}/PKGCONFIG_VERSION $VERSION/g" < pkgconfig/CMakeLists.txt > tmp
+mv tmp pkgconfig/CMakeLists.txt
+
[ $VERBOSE ] && echo "Bumping VERSION in library/CMakeLists.txt"
sed -e "s/ VERSION [0-9.]\{1,\}/ VERSION $VERSION/g" < library/CMakeLists.txt > tmp
mv tmp library/CMakeLists.txt
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 11604cd..b27f795 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -168,7 +168,7 @@
}
sub get_app_list {
- my $app_list = `cd $programs_dir && make list`;
+ my $app_list = `cd $programs_dir && VERBOSE_LOGS=1 make list`;
die "make list failed: $!\n" if $?;
return split /\s+/, $app_list;
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ca2df4d..01ce3b9 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -195,10 +195,21 @@
# defined in this script whose name starts with "component_".
ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
- # Delay determinig SUPPORTED_COMPONENTS until the command line options have a chance to override
+ # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
# the commands set by the environment
}
+setup_quiet_wrappers()
+{
+ # Pick up "quiet" wrappers for make and cmake, which don't output very much
+ # unless there is an error. This reduces logging overhead in the CI.
+ #
+ # Note that the cmake wrapper breaks unless we use an absolute path here.
+ if [[ -e ${PWD}/tests/scripts/quiet ]]; then
+ export PATH=${PWD}/tests/scripts/quiet:$PATH
+ fi
+}
+
# Test whether the component $1 is included in the command line patterns.
is_component_included()
{
@@ -997,6 +1008,9 @@
}
component_test_zlib_cmake() {
+ # This is needed due to something parsing the output from make
+ export VERBOSE_LOGS=1
+
msg "build: zlib enabled, cmake"
scripts/config.py set MBEDTLS_ZLIB_SUPPORT
cmake -D ENABLE_ZLIB_SUPPORT=On -D CMAKE_BUILD_TYPE:String=Release .
@@ -3733,6 +3747,7 @@
pre_initialize_variables
pre_parse_command_line "$@"
+setup_quiet_wrappers
pre_check_git
pre_restore_files
pre_back_up
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index a2a9dfa..837905e 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -172,6 +172,8 @@
b'sh': 'sh',
}
+ path_exemptions = re.compile(r'tests/scripts/quiet/.*')
+
def is_valid_shebang(self, first_line, filepath):
m = re.match(self._shebang_re, first_line)
if not m:
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index c6a438e..346f6ff 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -192,7 +192,10 @@
success = True
for command in self.commands:
log_command(command)
- ret = subprocess.call(command)
+ env = os.environ.copy()
+ if 'MBEDTLS_TEST_CONFIGURATION' in env:
+ env['MBEDTLS_TEST_CONFIGURATION'] += '-' + self.name
+ ret = subprocess.call(command, env=env)
if ret != 0:
if command[0] not in ['make', options.make_command]:
log_line('*** [{}] Error {}'.format(' '.join(command), ret))
diff --git a/tests/scripts/quiet/cmake b/tests/scripts/quiet/cmake
new file mode 100755
index 0000000..a34365b
--- /dev/null
+++ b/tests/scripts/quiet/cmake
@@ -0,0 +1,19 @@
+#! /usr/bin/env bash
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This swallows the output of the wrapped tool, unless there is an error.
+# This helps reduce excess logging in the CI.
+
+# If you are debugging a build / CI issue, you can get complete unsilenced logs
+# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
+
+# export VERBOSE_LOGS=1
+
+# don't silence invocations containing these arguments
+NO_SILENCE=" --version "
+
+TOOL="cmake"
+
+. "$(dirname "$0")/quiet.sh"
diff --git a/tests/scripts/quiet/make b/tests/scripts/quiet/make
new file mode 100755
index 0000000..920e5b8
--- /dev/null
+++ b/tests/scripts/quiet/make
@@ -0,0 +1,19 @@
+#! /usr/bin/env bash
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This swallows the output of the wrapped tool, unless there is an error.
+# This helps reduce excess logging in the CI.
+
+# If you are debugging a build / CI issue, you can get complete unsilenced logs
+# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
+
+# export VERBOSE_LOGS=1
+
+# don't silence invocations containing these arguments
+NO_SILENCE=" --version | test "
+
+TOOL="make"
+
+. "$(dirname "$0")/quiet.sh"
diff --git a/tests/scripts/quiet/quiet.sh b/tests/scripts/quiet/quiet.sh
new file mode 100644
index 0000000..0f26184
--- /dev/null
+++ b/tests/scripts/quiet/quiet.sh
@@ -0,0 +1,79 @@
+# -*-mode: sh; sh-shell: bash -*-
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+#
+# This swallows the output of the wrapped tool, unless there is an error.
+# This helps reduce excess logging in the CI.
+
+# If you are debugging a build / CI issue, you can get complete unsilenced logs
+# by un-commenting the following line (or setting VERBOSE_LOGS in your environment):
+#
+# VERBOSE_LOGS=1
+#
+# This script provides most of the functionality for the adjacent make and cmake
+# wrappers.
+#
+# It requires two variables to be set:
+#
+# TOOL - the name of the tool that is being wrapped (with no path), e.g. "make"
+#
+# NO_SILENCE - a regex that describes the commandline arguments for which output will not
+# be silenced, e.g. " --version | test ". In this example, "make lib test" will
+# not be silent, but "make lib" will be.
+
+# Identify path to original tool. There is an edge-case here where the quiet wrapper is on the path via
+# a symlink or relative path, but "type -ap" yields the wrapper with it's normalised path. We use
+# the -ef operator to compare paths, to avoid picking the wrapper in this case (to avoid infinitely
+# recursing).
+while IFS= read -r ORIGINAL_TOOL; do
+ if ! [[ $ORIGINAL_TOOL -ef "$0" ]]; then break; fi
+done < <(type -ap -- "$TOOL")
+
+print_quoted_args() {
+ # similar to printf '%q' "$@"
+ # but produce more human-readable results for common/simple cases like "a b"
+ for a in "$@"; do
+ # Get bash to quote the string
+ printf -v q '%q' "$a"
+ simple_pattern="^([-[:alnum:]_+./:@]+=)?([^']*)$"
+ if [[ "$a" != "$q" && $a =~ $simple_pattern ]]; then
+ # a requires some quoting (a != q), but has no single quotes, so we can
+ # simplify the quoted form - e.g.:
+ # a b -> 'a b'
+ # CFLAGS=a b -> CFLAGS='a b'
+ q="${BASH_REMATCH[1]}'${BASH_REMATCH[2]}'"
+ fi
+ printf " %s" "$q"
+ done
+}
+
+if [[ ! " $* " =~ " --version " ]]; then
+ # Display the command being invoked - if it succeeds, this is all that will
+ # be displayed. Don't do this for invocations with --version, because
+ # this output is often parsed by scripts, so we don't want to modify it.
+ printf %s "${TOOL}" 1>&2
+ print_quoted_args "$@" 1>&2
+ echo 1>&2
+fi
+
+if [[ " $@ " =~ $NO_SILENCE || -n "${VERBOSE_LOGS}" ]]; then
+ # Run original command with no output supression
+ exec "${ORIGINAL_TOOL}" "$@"
+else
+ # Run original command and capture output & exit status
+ TMPFILE=$(mktemp "quiet-${TOOL}.XXXXXX")
+ "${ORIGINAL_TOOL}" "$@" > "${TMPFILE}" 2>&1
+ EXIT_STATUS=$?
+
+ if [[ $EXIT_STATUS -ne 0 ]]; then
+ # On error, display the full output
+ cat "${TMPFILE}"
+ fi
+
+ # Remove tmpfile
+ rm "${TMPFILE}"
+
+ # Propagate the exit status
+ exit $EXIT_STATUS
+fi
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 6211fb7..a244bc4 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -550,6 +550,122 @@
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
mbedtls_ecp_read_key:MBEDTLS_ECP_DP_CURVE25519:"70076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c6a":0:1
+ECP write key: secp256r1, nominal
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":32:0
+
+ECP write key: secp256r1, output longer by 1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":33:0
+
+ECP write key: secp256r1, output longer by 32
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":64:0
+
+ECP write key: secp256r1, output longer by 33
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":65:0
+
+ECP write key: secp256r1, output short by 1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":31:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+ECP write key: secp256r1, output_size=1
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+ECP write key: secp256r1, output_size=0
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+ECP write key: secp256r1, top byte = 0, output_size=32
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":32:0
+
+ECP write key: secp256r1, top byte = 0, output_size=31 (fits)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":31:0
+
+ECP write key: secp256r1, top byte = 0, output_size=30 (too small)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"00ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff":30:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+ECP write key: secp256r1, mostly-0 key, output_size=32
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":32:0
+
+ECP write key: secp256r1, mostly-0 key, output_size=31 (fits)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":31:0
+
+ECP write key: secp256r1, mostly-0 key, output_size=1 (fits)
+depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP256R1:"0000000000000000000000000000000000000000000000000000000000000001":1:0
+
+ECP write key: secp384r1, nominal
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":48:0
+
+ECP write key: secp384r1, output longer by 1
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":49:0
+
+ECP write key: secp384r1, output longer by 48
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":96:0
+
+ECP write key: secp384r1, output longer by 49
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":97:0
+
+ECP write key: secp384r1, output short by 1
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":47:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+ECP write key: secp384r1, output_size=1
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":1:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+ECP write key: secp384r1, output_size=0
+depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_SECP384R1:"d27335ea71664af244dd14e9fd1260715dfd8a7965571c48d709ee7a7962a156d706a90cbcb5df2986f05feadb9376f1":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+ECP write key: Curve25519, nominal
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":32:0
+
+ECP write key: Curve25519, output longer by 1
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":33:0
+
+ECP write key: Curve25519, output longer by 32
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":64:0
+
+ECP write key: Curve25519, output longer by 33
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":65:0
+
+ECP write key: Curve25519, output short by 1
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+
+ECP write key: Curve25519, output_size=1
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":1:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+
+ECP write key: Curve25519, output_size=0
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"a046e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449a44":0:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+
+ECP write key: Curve25519, mostly-0 key, output_size=32
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":32:0
+
+ECP write key: Curve25519, mostly-0 key, output_size=31
+depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
+ecp_write_key:MBEDTLS_ECP_DP_CURVE25519:"0000000000000000000000000000000000000000000000000000000000000040":31:MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
+
ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits)
depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED
ecp_fast_mod:MBEDTLS_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100"
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 443bc08..da13720 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -1383,6 +1383,66 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void ecp_write_key(int grp_id, data_t *in_key,
+ int exported_size, int expected_ret)
+{
+ mbedtls_ecp_keypair key;
+ mbedtls_ecp_keypair_init(&key);
+ unsigned char *exported = NULL;
+
+ TEST_EQUAL(mbedtls_ecp_read_key(grp_id, &key, in_key->x, in_key->len), 0);
+
+ TEST_CALLOC(exported, exported_size);
+ TEST_EQUAL(mbedtls_ecp_write_key(&key, exported, exported_size),
+ expected_ret);
+
+ if (expected_ret == 0) {
+ size_t length = (key.grp.nbits + 7) / 8;
+ const unsigned char *key_start = NULL;
+ const unsigned char *zeros_start = NULL;
+ switch (mbedtls_ecp_get_type(&key.grp)) {
+ case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
+ if ((size_t) exported_size < length) {
+ length = exported_size;
+ }
+ key_start = exported + exported_size - length;
+ zeros_start = exported;
+ break;
+ case MBEDTLS_ECP_TYPE_MONTGOMERY:
+ TEST_LE_U(length, exported_size);
+ key_start = exported;
+ zeros_start = exported + length;
+ break;
+ default:
+ TEST_FAIL("Unknown ECP curve type");
+ break;
+ }
+
+ if (length < in_key->len) {
+ /* Shorter output (only possible with Weierstrass keys) */
+ for (size_t i = 0; i < in_key->len - length; i++) {
+ mbedtls_test_set_step(i);
+ TEST_EQUAL(in_key->x[i], 0);
+ }
+ TEST_MEMORY_COMPARE(in_key->x + in_key->len - length, length,
+ key_start, length);
+ } else {
+ TEST_MEMORY_COMPARE(in_key->x, in_key->len,
+ key_start, length);
+ for (size_t i = 0; i < exported_size - length; i++) {
+ mbedtls_test_set_step(i);
+ TEST_EQUAL(zeros_start[i], 0);
+ }
+ }
+ }
+
+exit:
+ mbedtls_ecp_keypair_free(&key);
+ mbedtls_free(exported);
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:HAVE_FIX_NEGATIVE */
void fix_negative(data_t *N_bin, int c, int bits)
{
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 2111926..9d3570e 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -18,6 +18,13 @@
#define RSA_KEY_SIZE 512
#define RSA_KEY_LEN 64
+#if defined(MBEDTLS_RSA_C) || \
+ defined(MBEDTLS_PK_RSA_ALT_SUPPORT) || \
+ defined(MBEDTLS_ECDSA_C) || \
+ defined(MBEDTLS_USE_PSA_CRYPTO)
+#define PK_CAN_SIGN_SOME
+#endif
+
/** Generate a key of the desired type.
*
* \param pk The PK object to fill. It must have been initialized
@@ -894,7 +901,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:PK_CAN_SIGN_SOME */
void pk_sign_verify(int type, int parameter, int sign_ret, int verify_ret)
{
mbedtls_pk_context pk;