Merge pull request #8088 from tgonzalezorlandoarm/tg/check_test_cases-new
Make check_test_cases.py recognize test case name templates in ssl-opt.sh
diff --git a/ChangeLog.d/fix-linux-builds-in-conda-forge.txt b/ChangeLog.d/fix-linux-builds-in-conda-forge.txt
new file mode 100644
index 0000000..5cfee85
--- /dev/null
+++ b/ChangeLog.d/fix-linux-builds-in-conda-forge.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix build failure in conda-forge. Fixes #8422.
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
index 8875921..f9b108d 100644
--- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
+++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
@@ -4,7 +4,7 @@
This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.h file.
It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md.
-For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html).
+For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.md).
## Introduction
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 619f842..1251cdf 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -766,7 +766,9 @@
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C) && !defined(MBEDTLS_CIPHER_C )
+#if defined(MBEDTLS_PSA_CRYPTO_C) && \
+ (defined(PSA_HAVE_SOFT_BLOCK_CIPHER) || defined(PSA_HAVE_SOFT_BLOCK_AEAD)) && \
+ !defined(MBEDTLS_CIPHER_C)
#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h
index 088711d..296d624 100644
--- a/include/mbedtls/config_adjust_psa_from_legacy.h
+++ b/include/mbedtls/config_adjust_psa_from_legacy.h
@@ -238,9 +238,12 @@
#if defined(MBEDTLS_CHACHA20_C)
#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+/* ALG_STREAM_CIPHER requires CIPHER_C in order to be supported in PSA */
+#if defined(MBEDTLS_CIPHER_C)
+#define PSA_WANT_ALG_STREAM_CIPHER 1
#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+#endif
#if defined(MBEDTLS_CHACHAPOLY_C)
#define PSA_WANT_ALG_CHACHA20_POLY1305 1
#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
diff --git a/library/aesni.c b/library/aesni.c
index 57d6e09..864d0d6 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -43,6 +43,17 @@
#include <immintrin.h>
#endif
+#if defined(MBEDTLS_ARCH_IS_X86)
+#if defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC push_options
+#pragma GCC target ("pclmul,sse2,aes")
+#define MBEDTLS_POP_TARGET_PRAGMA
+#elif defined(__clang__)
+#pragma clang attribute push (__attribute__((target("pclmul,sse2,aes"))), apply_to=function)
+#define MBEDTLS_POP_TARGET_PRAGMA
+#endif
+#endif
+
#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
/*
* AES-NI support detection routine
@@ -398,6 +409,15 @@
}
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+#if defined(MBEDTLS_POP_TARGET_PRAGMA)
+#if defined(__clang__)
+#pragma clang attribute pop
+#elif defined(__GNUC__)
+#pragma GCC pop_options
+#endif
+#undef MBEDTLS_POP_TARGET_PRAGMA
+#endif
+
#else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
#if defined(__has_feature)
diff --git a/library/aesni.h b/library/aesni.h
index 952e138..f007735 100644
--- a/library/aesni.h
+++ b/library/aesni.h
@@ -50,6 +50,10 @@
#if (defined(__GNUC__) || defined(__clang__)) && defined(__AES__) && defined(__PCLMUL__)
#define MBEDTLS_AESNI_HAVE_INTRINSICS
#endif
+/* For 32-bit, we only support intrinsics */
+#if defined(MBEDTLS_ARCH_IS_X86) && (defined(__GNUC__) || defined(__clang__))
+#define MBEDTLS_AESNI_HAVE_INTRINSICS
+#endif
/* Choose the implementation of AESNI, if one is available.
*
@@ -60,13 +64,11 @@
#if defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
#elif defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64)
+ (defined(__GNUC__) || defined(__clang__)) && defined(MBEDTLS_ARCH_IS_X64)
/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
-#elif defined(__GNUC__) || defined(__clang__)
-# error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
#else
#error "MBEDTLS_AESNI_C defined, but neither intrinsics nor assembly available"
#endif
diff --git a/library/platform_util.c b/library/platform_util.c
index 09216ed..fdafa1f 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -265,7 +265,7 @@
struct timespec tv;
mbedtls_ms_time_t current_ms;
-#if defined(__linux__)
+#if defined(__linux__) && defined(CLOCK_BOOTTIME)
ret = clock_gettime(CLOCK_BOOTTIME, &tv);
#else
ret = clock_gettime(CLOCK_MONOTONIC, &tv);
diff --git a/library/psa_crypto_aead.c b/library/psa_crypto_aead.c
index 85d1f39..6f026a0 100644
--- a/library/psa_crypto_aead.c
+++ b/library/psa_crypto_aead.c
@@ -43,19 +43,15 @@
psa_algorithm_t alg)
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t key_bits;
- const mbedtls_cipher_info_t *cipher_info;
mbedtls_cipher_id_t cipher_id;
-
+ mbedtls_cipher_mode_t mode;
+ size_t key_bits = attributes->core.bits;
(void) key_buffer_size;
- key_bits = attributes->core.bits;
-
- cipher_info = mbedtls_cipher_info_from_psa(alg,
- attributes->core.type, key_bits,
- &cipher_id);
- if (cipher_info == NULL) {
- return PSA_ERROR_NOT_SUPPORTED;
+ status = mbedtls_cipher_values_from_psa(alg, attributes->core.type,
+ &key_bits, &mode, &cipher_id);
+ if (status != PSA_SUCCESS) {
+ return status;
}
switch (PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0)) {
diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index b997a07..38be84b 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -31,14 +31,70 @@
#include <string.h>
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
+/* mbedtls_cipher_values_from_psa() below only checks if the proper build symbols
+ * are enabled, but it does not provide any compatibility check between them
+ * (i.e. if the specified key works with the specified algorithm). This helper
+ * function is meant to provide this support.
+ * mbedtls_cipher_info_from_psa() might be used for the same purpose, but it
+ * requires CIPHER_C to be enabled.
+ */
+static psa_status_t mbedtls_cipher_validate_values(
+ psa_algorithm_t alg,
+ psa_key_type_t key_type)
+{
+ switch (alg) {
+ case PSA_ALG_STREAM_CIPHER:
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
+ if (key_type != PSA_KEY_TYPE_CHACHA20) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ break;
+
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
+ case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
+ case PSA_ALG_CCM_STAR_NO_TAG:
+ if ((key_type != PSA_KEY_TYPE_AES) &&
+ (key_type != PSA_KEY_TYPE_ARIA) &&
+ (key_type != PSA_KEY_TYPE_CAMELLIA)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ break;
+
+ case PSA_ALG_CTR:
+ case PSA_ALG_CFB:
+ case PSA_ALG_OFB:
+ case PSA_ALG_XTS:
+ case PSA_ALG_ECB_NO_PADDING:
+ case PSA_ALG_CBC_NO_PADDING:
+ case PSA_ALG_CBC_PKCS7:
+ case PSA_ALG_CMAC:
+ if ((key_type != PSA_KEY_TYPE_AES) &&
+ (key_type != PSA_KEY_TYPE_ARIA) &&
+ (key_type != PSA_KEY_TYPE_DES) &&
+ (key_type != PSA_KEY_TYPE_CAMELLIA)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+ break;
+
+ default:
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+
+ return PSA_SUCCESS;
+}
+
+psa_status_t mbedtls_cipher_values_from_psa(
psa_algorithm_t alg,
psa_key_type_t key_type,
- size_t key_bits,
+ size_t *key_bits,
+ mbedtls_cipher_mode_t *mode,
mbedtls_cipher_id_t *cipher_id)
{
- mbedtls_cipher_mode_t mode;
mbedtls_cipher_id_t cipher_id_tmp;
+ /* Only DES modifies key_bits */
+#if !defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES)
+ (void) key_bits;
+#endif
if (PSA_ALG_IS_AEAD(alg)) {
alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, 0);
@@ -48,66 +104,66 @@
switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER)
case PSA_ALG_STREAM_CIPHER:
- mode = MBEDTLS_MODE_STREAM;
+ *mode = MBEDTLS_MODE_STREAM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CTR)
case PSA_ALG_CTR:
- mode = MBEDTLS_MODE_CTR;
+ *mode = MBEDTLS_MODE_CTR;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CFB)
case PSA_ALG_CFB:
- mode = MBEDTLS_MODE_CFB;
+ *mode = MBEDTLS_MODE_CFB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_OFB)
case PSA_ALG_OFB:
- mode = MBEDTLS_MODE_OFB;
+ *mode = MBEDTLS_MODE_OFB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING)
case PSA_ALG_ECB_NO_PADDING:
- mode = MBEDTLS_MODE_ECB;
+ *mode = MBEDTLS_MODE_ECB;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING)
case PSA_ALG_CBC_NO_PADDING:
- mode = MBEDTLS_MODE_CBC;
+ *mode = MBEDTLS_MODE_CBC;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7)
case PSA_ALG_CBC_PKCS7:
- mode = MBEDTLS_MODE_CBC;
+ *mode = MBEDTLS_MODE_CBC;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM_STAR_NO_TAG)
case PSA_ALG_CCM_STAR_NO_TAG:
- mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
+ *mode = MBEDTLS_MODE_CCM_STAR_NO_TAG;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, 0):
- mode = MBEDTLS_MODE_CCM;
+ *mode = MBEDTLS_MODE_CCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_GCM)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0):
- mode = MBEDTLS_MODE_GCM;
+ *mode = MBEDTLS_MODE_GCM;
break;
#endif
#if defined(MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305)
case PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CHACHA20_POLY1305, 0):
- mode = MBEDTLS_MODE_CHACHAPOLY;
+ *mode = MBEDTLS_MODE_CHACHAPOLY;
break;
#endif
default:
- return NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
}
} else if (alg == PSA_ALG_CMAC) {
- mode = MBEDTLS_MODE_ECB;
+ *mode = MBEDTLS_MODE_ECB;
} else {
- return NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
}
switch (key_type) {
@@ -125,7 +181,7 @@
case PSA_KEY_TYPE_DES:
/* key_bits is 64 for Single-DES, 128 for two-key Triple-DES,
* and 192 for three-key Triple-DES. */
- if (key_bits == 64) {
+ if (*key_bits == 64) {
cipher_id_tmp = MBEDTLS_CIPHER_ID_DES;
} else {
cipher_id_tmp = MBEDTLS_CIPHER_ID_3DES;
@@ -133,8 +189,8 @@
/* mbedtls doesn't recognize two-key Triple-DES as an algorithm,
* but two-key Triple-DES is functionally three-key Triple-DES
* with K1=K3, so that's how we present it to mbedtls. */
- if (key_bits == 128) {
- key_bits = 192;
+ if (*key_bits == 128) {
+ *key_bits = 192;
}
break;
#endif
@@ -149,16 +205,38 @@
break;
#endif
default:
- return NULL;
+ return PSA_ERROR_NOT_SUPPORTED;
}
if (cipher_id != NULL) {
*cipher_id = cipher_id_tmp;
}
- return mbedtls_cipher_info_from_values(cipher_id_tmp,
- (int) key_bits, mode);
+ return mbedtls_cipher_validate_values(alg, key_type);
}
+#if defined(MBEDTLS_CIPHER_C)
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
+ psa_algorithm_t alg,
+ psa_key_type_t key_type,
+ size_t key_bits,
+ mbedtls_cipher_id_t *cipher_id)
+{
+ mbedtls_cipher_mode_t mode;
+ psa_status_t status;
+ mbedtls_cipher_id_t cipher_id_tmp;
+
+ status = mbedtls_cipher_values_from_psa(alg, key_type, &key_bits, &mode, &cipher_id_tmp);
+ if (status != PSA_SUCCESS) {
+ return NULL;
+ }
+ if (cipher_id != NULL) {
+ *cipher_id = cipher_id_tmp;
+ }
+
+ return mbedtls_cipher_info_from_values(cipher_id_tmp, (int) key_bits, mode);
+}
+#endif /* MBEDTLS_CIPHER_C */
+
#if defined(MBEDTLS_PSA_BUILTIN_CIPHER)
static psa_status_t psa_cipher_setup(
diff --git a/library/psa_crypto_cipher.h b/library/psa_crypto_cipher.h
index bf43ff0..5ed8a77 100644
--- a/library/psa_crypto_cipher.h
+++ b/library/psa_crypto_cipher.h
@@ -28,6 +28,28 @@
* as well as the PSA type and size of the key to be used with the cipher
* algorithm.
*
+ * \param[in] alg PSA cipher algorithm identifier
+ * \param[in] key_type PSA key type
+ * \param[in,out] key_bits Size of the key in bits. The value provided in input
+ * might be updated if necessary.
+ * \param[out] mode Mbed TLS cipher mode
+ * \param[out] cipher_id Mbed TLS cipher algorithm identifier
+ *
+ * \return On success \c PSA_SUCCESS is returned and key_bits, mode and cipher_id
+ * are properly updated.
+ * \c PSA_ERROR_NOT_SUPPORTED is returned if the cipher algorithm is not
+ * supported.
+ */
+
+psa_status_t mbedtls_cipher_values_from_psa(psa_algorithm_t alg, psa_key_type_t key_type,
+ size_t *key_bits, mbedtls_cipher_mode_t *mode,
+ mbedtls_cipher_id_t *cipher_id);
+
+#if defined(MBEDTLS_CIPHER_C)
+/** Get Mbed TLS cipher information given the cipher algorithm PSA identifier
+ * as well as the PSA type and size of the key to be used with the cipher
+ * algorithm.
+ *
* \param alg PSA cipher algorithm identifier
* \param key_type PSA key type
* \param key_bits Size of the key in bits
@@ -39,6 +61,7 @@
const mbedtls_cipher_info_t *mbedtls_cipher_info_from_psa(
psa_algorithm_t alg, psa_key_type_t key_type, size_t key_bits,
mbedtls_cipher_id_t *cipher_id);
+#endif /* MBEDTLS_CIPHER_C */
/**
* \brief Set the key for a multipart symmetric encryption operation.
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 4629b8f..6e64820 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -705,7 +705,7 @@
}
/* get size of the buffer needed */
- mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len);
+ (void) mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len);
*session_data = mbedtls_calloc(1, *session_data_len);
if (*session_data == NULL) {
mbedtls_printf(" failed\n ! alloc %u bytes for session data\n",
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index b0b32fe..2d80720 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1488,13 +1488,13 @@
}
component_test_full_no_cipher () {
- msg "build: full minus CIPHER"
+ msg "build: full no CIPHER no PSA_CRYPTO_C"
scripts/config.py full
scripts/config.py unset MBEDTLS_CIPHER_C
# Don't pull in cipher via PSA mechanisms
# (currently ignored anyway because we completely disable PSA)
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
- # Direct dependencies
+ # Disable features that depend on CIPHER_C
scripts/config.py unset MBEDTLS_CCM_C
scripts/config.py unset MBEDTLS_CMAC_C
scripts/config.py unset MBEDTLS_GCM_C
@@ -1504,24 +1504,93 @@
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_SSL_TLS_C
scripts/config.py unset MBEDTLS_SSL_TICKET_C
- # Indirect dependencies
- scripts/config.py unset MBEDTLS_SSL_CLI_C
+ # Disable features that depend on PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.py unset MBEDTLS_SSL_DTLS_ANTI_REPLAY
- scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID
- scripts/config.py unset MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py unset MBEDTLS_SSL_SRV_C
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
make
- msg "test: full minus CIPHER"
+ msg "test: full no CIPHER no PSA_CRYPTO_C"
make test
}
+# This is a common configurator and test function that is used in:
+# - component_test_full_no_cipher_with_crypto
+# - component_test_full_no_cipher_with_crypto_config
+# It accepts 2 input parameters:
+# - $1: boolean value which basically reflects status of MBEDTLS_PSA_CRYPTO_CONFIG
+# - $2: a text string which describes the test component
+common_test_full_no_cipher_with_psa_crypto () {
+ USE_CRYPTO_CONFIG="$1"
+ COMPONENT_DESCRIPTION="$2"
+
+ msg "build: $COMPONENT_DESCRIPTION"
+
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_CIPHER_C
+
+ if [ "$USE_CRYPTO_CONFIG" -eq 1 ]; then
+ # The built-in implementation of the following algs/key-types depends
+ # on CIPHER_C so we disable them.
+ # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
+ # so we keep them enabled.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_AES
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_CAMELLIA
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ARIA
+ else
+ # Don't pull in cipher via PSA mechanisms
+ scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
+ # Disable cipher modes/keys that make PSA depend on CIPHER_C.
+ # Keep CHACHA20 and CHACHAPOLY enabled since they do not depend on CIPHER_C.
+ scripts/config.py unset-all MBEDTLS_CIPHER_MODE
+ scripts/config.py unset MBEDTLS_AES_C
+ scripts/config.py unset MBEDTLS_DES_C
+ scripts/config.py unset MBEDTLS_ARIA_C
+ scripts/config.py unset MBEDTLS_CAMELLIA_C
+ # Dependencies on AES_C
+ scripts/config.py unset MBEDTLS_CTR_DRBG_C
+ fi
+ # The following modules directly depends on CIPHER_C
+ scripts/config.py unset MBEDTLS_CCM_C
+ scripts/config.py unset MBEDTLS_CMAC_C
+ scripts/config.py unset MBEDTLS_GCM_C
+ scripts/config.py unset MBEDTLS_NIST_KW_C
+ scripts/config.py unset MBEDTLS_PKCS12_C
+ scripts/config.py unset MBEDTLS_PKCS5_C
+ scripts/config.py unset MBEDTLS_SSL_TLS_C
+ scripts/config.py unset MBEDTLS_SSL_TICKET_C
+
+ make
+
+ # Ensure that CIPHER_C was not re-enabled
+ not grep mbedtls_cipher_init library/cipher.o
+
+ msg "test: $COMPONENT_DESCRIPTION"
+ make test
+}
+
+component_test_full_no_cipher_with_crypto() {
+ common_test_full_no_cipher_with_psa_crypto 0 "full no CIPHER no CRYPTO_CONFIG"
+}
+
+component_test_full_no_cipher_with_crypto_config() {
+ common_test_full_no_cipher_with_psa_crypto 1 "full no CIPHER"
+}
+
component_test_full_no_bignum () {
msg "build: full minus bignum"
scripts/config.py full
@@ -4400,8 +4469,6 @@
not grep -q "AES note: built-in implementation." ./programs/test/selftest
}
-
-
support_test_aesni_m32() {
support_test_m32_o0 && (lscpu | grep -qw aes)
}
@@ -4417,10 +4484,10 @@
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py set MBEDTLS_HAVE_ASM
- # test the intrinsics implementation
- msg "AES tests, test intrinsics"
+ # test the intrinsics implementation with gcc
+ msg "AES tests, test intrinsics (gcc)"
make clean
- make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32'
+ make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
# check that we built intrinsics - this should be used by default when supported by the compiler
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
grep -q "AES note: using AESNI" ./programs/test/selftest
@@ -4442,6 +4509,36 @@
not grep -q mbedtls_aesni_has_support ./programs/test/selftest
}
+support_test_aesni_m32_clang() {
+ support_test_aesni_m32 && if command -v clang > /dev/null ; then
+ # clang >= 4 is required to build with target attributes
+ clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
+ [[ "${clang_ver}" -ge 4 ]]
+ else
+ # clang not available
+ false
+ fi
+}
+
+component_test_aesni_m32_clang() {
+
+ scripts/config.py set MBEDTLS_AESNI_C
+ scripts/config.py set MBEDTLS_PADLOCK_C
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+ scripts/config.py set MBEDTLS_HAVE_ASM
+
+ # test the intrinsics implementation with clang
+ msg "AES tests, test intrinsics (clang)"
+ make clean
+ make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
+ # check that we built intrinsics - this should be used by default when supported by the compiler
+ ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
+ grep -q "AES note: using AESNI" ./programs/test/selftest
+ grep -q "AES note: built-in implementation." ./programs/test/selftest
+ grep -q "AES note: using VIA Padlock" ./programs/test/selftest
+ grep -q mbedtls_aesni_has_support ./programs/test/selftest
+}
+
# For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
component_build_aes_aesce_armcc () {
msg "Build: AESCE test on arm64 platform without plain C."
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 706421f..80b6459 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -95,9 +95,21 @@
else:
results.warning('Allow listed test case was executed: {}', key)
+def name_matches_pattern(name, str_or_re):
+ """Check if name matches a pattern, that may be a string or regex.
+ - If the pattern is a string, name must be equal to match.
+ - If the pattern is a regex, name must fully match.
+ """
+ # The CI's python is too old for re.Pattern
+ #if isinstance(str_or_re, re.Pattern):
+ if not isinstance(str_or_re, str):
+ return str_or_re.fullmatch(name)
+ else:
+ return str_or_re == name
+
def analyze_driver_vs_reference(results: Results, outcomes,
component_ref, component_driver,
- ignored_suites, ignored_test=None):
+ ignored_suites, ignored_tests=None):
"""Check that all tests executed in the reference component are also
executed in the corresponding driver component.
Skip:
@@ -105,22 +117,25 @@
- only some specific test inside a test suite, for which the corresponding
output string is provided
"""
- available = check_test_cases.collect_available_test_cases()
-
- for key in available:
- # Continue if test was not executed by any component
- hits = outcomes[key].hits() if key in outcomes else 0
- if hits == 0:
- continue
- # Skip ignored test suites
- full_test_suite = key.split(';')[0] # retrieve full test suite name
- test_string = key.split(';')[1] # retrieve the text string of this test
+ seen_reference_passing = False
+ for key in outcomes:
+ # key is like "test_suite_foo.bar;Description of test case"
+ (full_test_suite, test_string) = key.split(';')
test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name
+
+ # Immediately skip fully-ignored test suites
if test_suite in ignored_suites or full_test_suite in ignored_suites:
continue
- if ((full_test_suite in ignored_test) and
- (test_string in ignored_test[full_test_suite])):
- continue
+
+ # For ignored test cases inside test suites, just remember and:
+ # don't issue an error if they're skipped with drivers,
+ # but issue an error if they're not (means we have a bad entry).
+ ignored = False
+ if full_test_suite in ignored_tests:
+ for str_or_re in ignored_tests[test_suite]:
+ if name_matches_pattern(test_string, str_or_re):
+ ignored = True
+
# Search for tests that run in reference component and not in driver component
driver_test_passed = False
reference_test_passed = False
@@ -129,8 +144,14 @@
driver_test_passed = True
if component_ref in entry:
reference_test_passed = True
- if(reference_test_passed and not driver_test_passed):
- results.error("Did not pass with driver: {}", key)
+ seen_reference_passing = True
+ if reference_test_passed and not driver_test_passed and not ignored:
+ results.error("PASS -> SKIP/FAIL: {}", key)
+ if ignored and driver_test_passed:
+ results.error("uselessly ignored: {}", key)
+
+ if not seen_reference_passing:
+ results.error("no passing test in reference component: bad outcome file?")
def analyze_outcomes(results: Results, outcomes, args):
"""Run all analyses on the given outcome collection."""
@@ -232,15 +253,7 @@
# PEM decryption is not supported so far.
# The rest of PEM (write, unencrypted read) works though.
'test_suite_pem': [
- 'PEM read (AES-128-CBC + invalid iv)'
- 'PEM read (DES-CBC + invalid iv)',
- 'PEM read (DES-EDE3-CBC + invalid iv)',
- 'PEM read (malformed PEM AES-128-CBC)',
- 'PEM read (malformed PEM DES-CBC)',
- 'PEM read (malformed PEM DES-EDE3-CBC)',
- 'PEM read (unknown encryption algorithm)',
- 'PEM read (AES-128-CBC + invalid iv)',
- 'PEM read (DES-CBC + invalid iv)',
+ re.compile(r'PEM read .*(AES|DES|\bencrypt).*'),
],
# Following tests depend on AES_C/DES_C but are not about
# them really, just need to know some error code is there.
@@ -255,258 +268,21 @@
# The en/decryption part of PKCS#12 is not supported so far.
# The rest of PKCS#12 (key derivation) works though.
'test_suite_pkcs12': [
- 'PBE Decrypt, (Invalid padding & PKCS7 padding enabled)',
- 'PBE Decrypt, pad = 7 (OK)',
- 'PBE Decrypt, pad = 8 (Invalid output size)',
- 'PBE Decrypt, pad = 8 (OK)',
- 'PBE Encrypt, pad = 7 (OK)',
- 'PBE Encrypt, pad = 8 (Invalid output size)',
- 'PBE Encrypt, pad = 8 (OK)',
+ re.compile(r'PBE Encrypt, .*'),
+ re.compile(r'PBE Decrypt, .*'),
],
# The en/decryption part of PKCS#5 is not supported so far.
# The rest of PKCS#5 (PBKDF2) works though.
'test_suite_pkcs5': [
- 'PBES2 Decrypt (Invalid output size)',
- 'PBES2 Decrypt (Invalid padding & PKCS7 padding enabled)',
- 'PBES2 Decrypt (KDF != PBKDF2)',
- 'PBES2 Decrypt (OK)',
- 'PBES2 Decrypt (OK, PBKDF2 params explicit keylen)',
- 'PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)',
- 'PBES2 Decrypt (bad KDF AlgId: not a sequence)',
- 'PBES2 Decrypt (bad KDF AlgId: overlong)',
- 'PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)',
- 'PBES2 Decrypt (bad PBKDF2 params iter: not an int)',
- 'PBES2 Decrypt (bad PBKDF2 params iter: overlong)',
- 'PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)',
- 'PBES2 Decrypt (bad PBKDF2 params salt: overlong)',
- 'PBES2 Decrypt (bad PBKDF2 params: not a sequence)',
- 'PBES2 Decrypt (bad PBKDF2 params: overlong)',
- 'PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)',
- 'PBES2 Decrypt (bad enc_scheme_alg params: not an octet string)',
- 'PBES2 Decrypt (bad enc_scheme_alg params: overlong)',
- 'PBES2 Decrypt (bad enc_scheme_alg: not a sequence)',
- 'PBES2 Decrypt (bad enc_scheme_alg: overlong)',
- 'PBES2 Decrypt (bad enc_scheme_alg: unknown oid)',
- 'PBES2 Decrypt (bad iter value)',
- 'PBES2 Decrypt (bad params tag)',
- 'PBES2 Decrypt (bad password)',
- 'PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*)',
- 'PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)',
- 'PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong)',
- 'PBES2 Decrypt (bad, PBKDF2 params extra data)',
- 'PBES2 Encrypt, pad=6 (OK)',
- 'PBES2 Encrypt, pad=8 (Invalid output size)',
- 'PBES2 Encrypt, pad=8 (OK)',
+ re.compile(r'PBES2 Encrypt, .*'),
+ re.compile(r'PBES2 Decrypt .*'),
],
# Encrypted keys are not supported so far.
# pylint: disable=line-too-long
'test_suite_pkparse': [
'Key ASN1 (Encrypted key PKCS12, trailing garbage data)',
'Key ASN1 (Encrypted key PKCS5, trailing garbage data)',
- 'Parse RSA Key #20 (PKCS#8 encrypted SHA1-3DES)',
- 'Parse RSA Key #20.1 (PKCS#8 encrypted SHA1-3DES, wrong PW)',
- 'Parse RSA Key #20.2 (PKCS#8 encrypted SHA1-3DES, no PW)',
- 'Parse RSA Key #21 (PKCS#8 encrypted SHA1-3DES, 2048-bit)',
- 'Parse RSA Key #21.1 (PKCS#8 encrypted SHA1-3DES, 2048-bit, wrong PW)',
- 'Parse RSA Key #21.2 (PKCS#8 encrypted SHA1-3DES, 2048-bit, no PW)',
- 'Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit)',
- 'Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW)',
- 'Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW)',
- 'Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER)',
- 'Parse RSA Key #24 (PKCS#8 encrypted SHA1-3DES DER, 2048-bit)',
- 'Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit)',
- 'Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES)',
- 'Parse RSA Key #26.1 (PKCS#8 encrypted SHA1-2DES, wrong PW)',
- 'Parse RSA Key #26.2 (PKCS#8 encrypted SHA1-2DES, no PW)',
- 'Parse RSA Key #27 (PKCS#8 encrypted SHA1-2DES, 2048-bit)',
- 'Parse RSA Key #27.1 (PKCS#8 encrypted SHA1-2DES, 2048-bit, wrong PW)',
- 'Parse RSA Key #27.2 (PKCS#8 encrypted SHA1-2DES, 2048-bit no PW)',
- 'Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit)',
- 'Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW)',
- 'Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW)',
- 'Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER)',
- 'Parse RSA Key #30 (PKCS#8 encrypted SHA1-2DES DER, 2048-bit)',
- 'Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit)',
- 'Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)',
- 'Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBKDF2 3DES, wrong PW)',
- 'Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBKDF2 3DES, no PW)',
- 'Parse RSA Key #39 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit)',
- 'Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, wrong PW)',
- 'Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, no PW)',
- 'Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit)',
- 'Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW)',
- 'Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW)',
- 'Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER)',
- 'Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, wrong PW)',
- 'Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, no PW)',
- 'Parse RSA Key #42 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit)',
- 'Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, no PW)',
- 'Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit)',
- 'Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW)',
- 'Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES)',
- 'Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBKDF2 DES, wrong PW)',
- 'Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBKDF2 DES, no PW)',
- 'Parse RSA Key #45 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit)',
- 'Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, wrong PW)',
- 'Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, no PW)',
- 'Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit)',
- 'Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW)',
- 'Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW)',
- 'Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER)',
- 'Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, wrong PW)',
- 'Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, no PW)',
- 'Parse RSA Key #48 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit)',
- 'Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, no PW)',
- 'Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit)',
- 'Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)',
- 'Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)',
- 'Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW)',
- 'Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW)',
- 'Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit)',
- 'Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW)',
- 'Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW)',
- 'Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit)',
- 'Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW)',
- 'Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW)',
- 'Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER)',
- 'Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW)',
- 'Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW)',
- 'Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit)',
- 'Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW)',
- 'Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit)',
- 'Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW)',
- 'Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224)',
- 'Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW)',
- 'Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW)',
- 'Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit)',
- 'Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW)',
- 'Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW)',
- 'Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit)',
- 'Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW)',
- 'Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW)',
- 'Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER)',
- 'Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW)',
- 'Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW)',
- 'Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit)',
- 'Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW)',
- 'Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit)',
- 'Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW)',
- 'Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256)',
- 'Parse RSA Key #62.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, wrong PW)',
- 'Parse RSA Key #62.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, no PW)',
- 'Parse RSA Key #63 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit)',
- 'Parse RSA Key #63.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, wrong PW)',
- 'Parse RSA Key #63.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, no PW)',
- 'Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit)',
- 'Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW)',
- 'Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW)',
- 'Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER)',
- 'Parse RSA Key #65.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, wrong PW)',
- 'Parse RSA Key #65.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, no PW)',
- 'Parse RSA Key #66 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit)',
- 'Parse RSA Key #66.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #66.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, no PW)',
- 'Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit)',
- 'Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW)',
- 'Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256)',
- 'Parse RSA Key #69.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, wrong PW)',
- 'Parse RSA Key #69.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, no PW)',
- 'Parse RSA Key #70 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit)',
- 'Parse RSA Key #70.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, wrong PW)',
- 'Parse RSA Key #70.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, no PW)',
- 'Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit)',
- 'Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW)',
- 'Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW)',
- 'Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER)',
- 'Parse RSA Key #72.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, wrong PW)',
- 'Parse RSA Key #72.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, no PW)',
- 'Parse RSA Key #73 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit)',
- 'Parse RSA Key #73.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #73.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, no PW)',
- 'Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit)',
- 'Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW)',
- 'Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384)',
- 'Parse RSA Key #75.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, wrong PW)',
- 'Parse RSA Key #75.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, no PW)',
- 'Parse RSA Key #76 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit)',
- 'Parse RSA Key #76.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, wrong PW)',
- 'Parse RSA Key #76.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, no PW)',
- 'Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit)',
- 'Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW)',
- 'Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW)',
- 'Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER)',
- 'Parse RSA Key #78.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, wrong PW)',
- 'Parse RSA Key #78.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, no PW)',
- 'Parse RSA Key #79 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit)',
- 'Parse RSA Key #79.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #79.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, no PW)',
- 'Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit)',
- 'Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW)',
- 'Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384)',
- 'Parse RSA Key #81.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, wrong PW)',
- 'Parse RSA Key #81.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, no PW)',
- 'Parse RSA Key #82 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit)',
- 'Parse RSA Key #82.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, wrong PW)',
- 'Parse RSA Key #82.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, no PW)',
- 'Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit)',
- 'Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW)',
- 'Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW)',
- 'Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER)',
- 'Parse RSA Key #84.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, wrong PW)',
- 'Parse RSA Key #85.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, no PW)',
- 'Parse RSA Key #86 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit)',
- 'Parse RSA Key #86.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #86.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, no PW)',
- 'Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit)',
- 'Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW)',
- 'Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512)',
- 'Parse RSA Key #88.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, wrong PW)',
- 'Parse RSA Key #88.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, no PW)',
- 'Parse RSA Key #89 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit)',
- 'Parse RSA Key #89.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, wrong PW)',
- 'Parse RSA Key #89.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, no PW)',
- 'Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit)',
- 'Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW)',
- 'Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW)',
- 'Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER)',
- 'Parse RSA Key #91.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, wrong PW)',
- 'Parse RSA Key #91.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, no PW)',
- 'Parse RSA Key #92 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit)',
- 'Parse RSA Key #92.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #92.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, no PW)',
- 'Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit)',
- 'Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW)',
- 'Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512)',
- 'Parse RSA Key #94.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, wrong PW)',
- 'Parse RSA Key #94.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, no PW)',
- 'Parse RSA Key #95 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit)',
- 'Parse RSA Key #95.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, wrong PW)',
- 'Parse RSA Key #95.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, no PW)',
- 'Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit)',
- 'Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW)',
- 'Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW)',
- 'Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER)',
- 'Parse RSA Key #97.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, wrong PW)',
- 'Parse RSA Key #97.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, no PW)',
- 'Parse RSA Key #98 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit)',
- 'Parse RSA Key #98.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #98.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, no PW)',
- 'Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit)',
- 'Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW)',
+ re.compile(r'Parse RSA Key .*\(PKCS#8 encrypted .*\)'),
],
}
}
@@ -517,11 +293,13 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_ecp_light_only',
'component_driver': 'test_psa_crypto_config_accel_ecc_ecp_light_only',
'ignored_suites': [
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
+ # Modules replaced by drivers
+ 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ # This test wants a legacy function that takes f_rng, p_rng
+ # arguments, and uses legacy ECDSA for that. The test is
+ # really about the wrapper around the PSA RNG, not ECDSA.
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
@@ -529,49 +307,14 @@
# so we must ignore disparities in the tests for which ECP_C
# is required.
'test_suite_ecp': [
- 'ECP check public-private #1 (OK)',
- 'ECP check public-private #2 (group none)',
- 'ECP check public-private #3 (group mismatch)',
- 'ECP check public-private #4 (Qx mismatch)',
- 'ECP check public-private #5 (Qy mismatch)',
- 'ECP check public-private #6 (wrong Qx)',
- 'ECP check public-private #7 (wrong Qy)',
- 'ECP gen keypair [#1]',
- 'ECP gen keypair [#2]',
- 'ECP gen keypair [#3]',
- 'ECP gen keypair wrapper',
- 'ECP point muladd secp256r1 #1',
- 'ECP point muladd secp256r1 #2',
- 'ECP point multiplication Curve25519 (element of order 2: origin) #3',
- 'ECP point multiplication Curve25519 (element of order 4: 1) #4',
- 'ECP point multiplication Curve25519 (element of order 8) #5',
- 'ECP point multiplication Curve25519 (normalized) #1',
- 'ECP point multiplication Curve25519 (not normalized) #2',
- 'ECP point multiplication rng fail Curve25519',
- 'ECP point multiplication rng fail secp256r1',
- 'ECP test vectors Curve25519',
- 'ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate)',
- 'ECP test vectors brainpoolP256r1 rfc 7027',
- 'ECP test vectors brainpoolP384r1 rfc 7027',
- 'ECP test vectors brainpoolP512r1 rfc 7027',
- 'ECP test vectors secp192k1',
- 'ECP test vectors secp192r1 rfc 5114',
- 'ECP test vectors secp224k1',
- 'ECP test vectors secp224r1 rfc 5114',
- 'ECP test vectors secp256k1',
- 'ECP test vectors secp256r1 rfc 5114',
- 'ECP test vectors secp384r1 rfc 5114',
- 'ECP test vectors secp521r1 rfc 5114',
- ],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
+ re.compile(r'ECP check public-private .*'),
+ re.compile(r'ECP gen keypair .*'),
+ re.compile(r'ECP point muladd .*'),
+ re.compile(r'ECP point multiplication .*'),
+ re.compile(r'ECP test vectors .*'),
],
'test_suite_ssl': [
+ # This deprecated function is only present when ECP_C is On.
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
}
@@ -583,32 +326,14 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_no_ecp_at_all',
'component_driver': 'test_psa_crypto_config_accel_ecc_no_ecp_at_all',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
'test_suite_pkparse': [
# When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
# is automatically enabled in build_info.h (backward compatibility)
@@ -616,23 +341,10 @@
# consequence compressed points are supported in the reference
# component but not in the accelerated one, so they should be skipped
# while checking driver's coverage.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
],
+ # See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
@@ -645,90 +357,31 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum',
'component_driver': 'test_psa_crypto_config_accel_ecc_no_bignum',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
- 'bignum_core',
- 'bignum_random',
- 'bignum_mod',
- 'bignum_mod_raw',
- 'bignum.generated',
- 'bignum.misc',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
+ # See no_ecp_at_all
'test_suite_pkparse': [
- # See the description provided above in the
- # analyze_driver_vs_reference_no_ecp_at_all component.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
],
'test_suite_asn1parse': [
- # This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
- # Following tests depends on BIGNUM_C
- 'ASN.1 Write mpi 0 (1 limb)',
- 'ASN.1 Write mpi 0 (null)',
- 'ASN.1 Write mpi 0x100',
- 'ASN.1 Write mpi 0x7f',
- 'ASN.1 Write mpi 0x7f with leading 0 limb',
- 'ASN.1 Write mpi 0x80',
- 'ASN.1 Write mpi 0x80 with leading 0 limb',
- 'ASN.1 Write mpi 0xff',
- 'ASN.1 Write mpi 1',
- 'ASN.1 Write mpi, 127*8 bits',
- 'ASN.1 Write mpi, 127*8+1 bits',
- 'ASN.1 Write mpi, 127*8-1 bits',
- 'ASN.1 Write mpi, 255*8 bits',
- 'ASN.1 Write mpi, 255*8-1 bits',
- 'ASN.1 Write mpi, 256*8-1 bits',
+ re.compile(r'ASN.1 Write mpi.*'),
],
'test_suite_debug': [
- # Following tests depends on BIGNUM_C
- 'Debug print mbedtls_mpi #2: 3 bits',
- 'Debug print mbedtls_mpi: 0 (empty representation)',
- 'Debug print mbedtls_mpi: 0 (non-empty representation)',
- 'Debug print mbedtls_mpi: 49 bits',
- 'Debug print mbedtls_mpi: 759 bits',
- 'Debug print mbedtls_mpi: 764 bits #1',
- 'Debug print mbedtls_mpi: 764 bits #2',
+ re.compile(r'Debug print mbedtls_mpi.*'),
],
+ # See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
@@ -741,91 +394,31 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum',
'component_driver': 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
- 'bignum_core',
- 'bignum_random',
- 'bignum_mod',
- 'bignum_mod_raw',
- 'bignum.generated',
- 'bignum.misc',
- 'dhm',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
+ # See no_ecp_at_all
'test_suite_pkparse': [
- # See the description provided above in the
- # analyze_driver_vs_reference_no_ecp_at_all component.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
],
'test_suite_asn1parse': [
- # This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
- # Following tests depends on BIGNUM_C
- 'ASN.1 Write mpi 0 (1 limb)',
- 'ASN.1 Write mpi 0 (null)',
- 'ASN.1 Write mpi 0x100',
- 'ASN.1 Write mpi 0x7f',
- 'ASN.1 Write mpi 0x7f with leading 0 limb',
- 'ASN.1 Write mpi 0x80',
- 'ASN.1 Write mpi 0x80 with leading 0 limb',
- 'ASN.1 Write mpi 0xff',
- 'ASN.1 Write mpi 1',
- 'ASN.1 Write mpi, 127*8 bits',
- 'ASN.1 Write mpi, 127*8+1 bits',
- 'ASN.1 Write mpi, 127*8-1 bits',
- 'ASN.1 Write mpi, 255*8 bits',
- 'ASN.1 Write mpi, 255*8-1 bits',
- 'ASN.1 Write mpi, 256*8-1 bits',
+ re.compile(r'ASN.1 Write mpi.*'),
],
'test_suite_debug': [
- # Following tests depends on BIGNUM_C
- 'Debug print mbedtls_mpi #2: 3 bits',
- 'Debug print mbedtls_mpi: 0 (empty representation)',
- 'Debug print mbedtls_mpi: 0 (non-empty representation)',
- 'Debug print mbedtls_mpi: 49 bits',
- 'Debug print mbedtls_mpi: 759 bits',
- 'Debug print mbedtls_mpi: 764 bits #1',
- 'Debug print mbedtls_mpi: 764 bits #2',
+ re.compile(r'Debug print mbedtls_mpi.*'),
],
+ # See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
@@ -847,92 +440,21 @@
'component_ref': 'test_tfm_config',
'component_driver': 'test_tfm_config_p256m_driver_accel_ec',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
- 'bignum_core',
- 'bignum_random',
- 'bignum_mod',
- 'bignum_mod_raw',
- 'bignum.generated',
- 'bignum.misc',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
- # Ignore all tests that require DERIVE support which is disabled
- # in the driver version
- 'test_suite_psa_crypto': [
- 'PSA key agreement setup: ECDH + HKDF-SHA-256: good',
- ('PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader '
- 'than required'),
- 'PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve',
- 'PSA key agreement setup: KDF instead of a key agreement algorithm',
- 'PSA key agreement setup: bad key agreement algorithm',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+32',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 64+0',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, info first',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, key output',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, good case',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label and secret',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, no inputs',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, ka',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC MONTGOMERY (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- 'PSA raw key agreement: ECDH SECP256R1 (RFC 5903)',
- ],
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto_pake': [
- 'PSA PAKE: ecjpake size macros',
- ],
'test_suite_asn1parse': [
- # This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
- # Following tests depends on BIGNUM_C
- 'ASN.1 Write mpi 0 (1 limb)',
- 'ASN.1 Write mpi 0 (null)',
- 'ASN.1 Write mpi 0x100',
- 'ASN.1 Write mpi 0x7f',
- 'ASN.1 Write mpi 0x7f with leading 0 limb',
- 'ASN.1 Write mpi 0x80',
- 'ASN.1 Write mpi 0x80 with leading 0 limb',
- 'ASN.1 Write mpi 0xff',
- 'ASN.1 Write mpi 1',
- 'ASN.1 Write mpi, 127*8 bits',
- 'ASN.1 Write mpi, 127*8+1 bits',
- 'ASN.1 Write mpi, 127*8-1 bits',
- 'ASN.1 Write mpi, 255*8 bits',
- 'ASN.1 Write mpi, 255*8-1 bits',
- 'ASN.1 Write mpi, 256*8-1 bits',
+ re.compile(r'ASN.1 Write mpi.*'),
],
}
}
@@ -971,7 +493,7 @@
tasks_list = re.split(r'[, ]+', options.specified_tasks)
for task in tasks_list:
if task not in KNOWN_TASKS:
- sys.stderr.write('invalid task: {}'.format(task))
+ sys.stderr.write('invalid task: {}\n'.format(task))
sys.exit(2)
KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 7d81608..c689699 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -31,15 +31,13 @@
data_t *result)
{
mbedtls_ctr_drbg_context ctx;
+ mbedtls_ctr_drbg_init(&ctx);
unsigned char buf[64];
size_t entropy_chunk_len = (size_t) entropy_len_arg;
-
TEST_ASSERT(entropy_chunk_len <= sizeof(buf));
test_offset_idx = 0;
- mbedtls_ctr_drbg_init(&ctx);
-
test_max_idx = entropy->len;
/* CTR_DRBG_Instantiate(entropy[:entropy->len], nonce, perso, <ignored>)
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 0e013b7..ed9f3ac 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -102,6 +102,7 @@
if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) !=
MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ fclose(f);
return -1;
}
@@ -124,6 +125,7 @@
if (fread(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) !=
MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ fclose(f);
return -1;
}
diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function
index 0b8434b..6751136 100644
--- a/tests/suites/test_suite_mps.function
+++ b/tests/suites/test_suite_mps.function
@@ -65,6 +65,8 @@
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0);
TEST_ASSERT(paused == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -119,6 +121,8 @@
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -170,6 +174,8 @@
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -217,6 +223,8 @@
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -250,6 +258,8 @@
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -297,6 +307,7 @@
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, &tmp_len) == 0);
TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 50, 50);
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -333,6 +344,7 @@
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -458,6 +470,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -562,6 +576,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -623,6 +639,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_DATA_LEFT);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -795,6 +813,7 @@
break;
}
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -951,6 +970,7 @@
}
}
+exit:
/* Cleanup */
mbedtls_mps_reader_free(&rd);
mbedtls_free(incoming);
@@ -1103,6 +1123,7 @@
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
}
+exit:
/* Wrapup */
mbedtls_mps_reader_free(&rd);
}
@@ -1136,6 +1157,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 730bb88..733909e 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -68,6 +68,7 @@
static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
{
mbedtls_pk_context key;
+ mbedtls_pk_init(&key);
unsigned char *buf = NULL;
unsigned char *check_buf = NULL;
unsigned char *start_buf;
@@ -78,9 +79,6 @@
USE_PSA_INIT();
- mbedtls_pk_init(&key);
- USE_PSA_INIT();
-
/* Note: if mbedtls_pk_load_file() successfully reads the file, then
it also allocates check_buf, which should be freed on exit */
TEST_EQUAL(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len), 0);
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 2dfc7a4..a510f8e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -7639,8 +7639,7 @@
* no reliance on external buffers. */
psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
- input_buffer = mbedtls_calloc(1, input_data->len);
- TEST_ASSERT(input_buffer != NULL);
+ TEST_CALLOC(input_buffer, input_data->len);
memcpy(input_buffer, input_data->x, input_data->len);
@@ -7657,8 +7656,7 @@
PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
- input_buffer = mbedtls_calloc(1, input_data->len);
- TEST_ASSERT(input_buffer != NULL);
+ TEST_CALLOC(input_buffer, input_data->len);
memcpy(input_buffer, input_data->x, input_data->len);
@@ -7683,6 +7681,7 @@
psa_destroy_key(key);
mbedtls_free(signature);
+ mbedtls_free(input_buffer);
PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index 9c5ef23..8e96984 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -1297,7 +1297,7 @@
mbedtls_svc_key_id_t returned_id;
mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_attributes_t drv_attributes;
+ psa_key_attributes_t drv_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
size_t signature_length;
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index eb2407d..9ebc56c 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -24,6 +24,7 @@
{
enum { MSGLEN = 10 };
mbedtls_test_ssl_buffer buf;
+ mbedtls_test_ssl_buffer_init(&buf);
unsigned char input[MSGLEN];
unsigned char output[MSGLEN];
@@ -43,8 +44,6 @@
/* Make sure calling put and get on a buffer that hasn't been set up results
* in error. */
- mbedtls_test_ssl_buffer_init(&buf);
-
TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
== -1);
TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output))
@@ -1200,7 +1199,7 @@
TEST_ASSERT(ret == 0);
- TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
+ TEST_CALLOC(buf, buflen);
while (num_records-- > 0) {
mbedtls_ssl_transform *t_dec, *t_enc;
@@ -1354,7 +1353,7 @@
TEST_ASSERT(ret == 0);
- TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
+ TEST_CALLOC(buf, buflen);
for (mode = 1; mode <= 3; mode++) {
seen_success = 0;
@@ -1787,7 +1786,9 @@
{
mbedtls_ssl_key_set keys;
mbedtls_ssl_transform transform_send;
+ mbedtls_ssl_transform_init(&transform_send);
mbedtls_ssl_transform transform_recv;
+ mbedtls_ssl_transform_init(&transform_recv);
mbedtls_record rec;
unsigned char *buf = NULL;
size_t buf_len;
@@ -1818,8 +1819,6 @@
keys.key_len = server_write_key->len;
keys.iv_len = server_write_iv->len;
- mbedtls_ssl_transform_init(&transform_recv);
- mbedtls_ssl_transform_init(&transform_send);
MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_tls13_populate_transform(
@@ -1958,7 +1957,7 @@
/* Serialize it */
TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- TEST_ASSERT((buf = mbedtls_calloc(1, len)) != NULL);
+ TEST_CALLOC(buf, len);
TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len)
== 0);
@@ -2172,7 +2171,8 @@
for (bad_len = 1; bad_len < good_len; bad_len++) {
/* Allocate exact size so that asan/valgrind can detect any overwrite */
mbedtls_free(buf);
- TEST_ASSERT((buf = mbedtls_calloc(1, bad_len)) != NULL);
+ buf = NULL;
+ TEST_CALLOC(buf, bad_len);
TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len,
&test_len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
@@ -2215,7 +2215,7 @@
}
TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL);
+ TEST_CALLOC(good_buf, good_len);
TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len,
&good_len) == 0);
mbedtls_ssl_session_free(&session);
@@ -2224,8 +2224,8 @@
for (bad_len = 0; bad_len < good_len; bad_len++) {
/* Allocate exact size so that asan/valgrind can detect any overread */
mbedtls_free(bad_buf);
- bad_buf = mbedtls_calloc(1, bad_len ? bad_len : 1);
- TEST_ASSERT(bad_buf != NULL);
+ bad_buf = NULL;
+ TEST_CALLOC_NONNULL(bad_buf, bad_len);
memcpy(bad_buf, good_buf, bad_len);
TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len)
@@ -3122,6 +3122,7 @@
mbedtls_psa_stats_t stats;
size_t free_slots_before = -1;
mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
@@ -3129,7 +3130,6 @@
mbedtls_platform_zeroize(&client, sizeof(client));
mbedtls_platform_zeroize(&server, sizeof(server));
- mbedtls_test_init_handshake_options(&options);
options.pk_alg = MBEDTLS_PK_ECDSA;
options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 114bd52..894e0bb 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -729,7 +729,7 @@
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* CRLs aren't supported with CA callbacks, so skip the CA callback
* version of the test if CRLs are in use. */
- if (crl_file == NULL || strcmp(crl_file, "") == 0) {
+ if (strcmp(crl_file, "") == 0) {
flags = 0;
res = mbedtls_x509_crt_verify_with_ca_cb(&crt,
@@ -928,15 +928,17 @@
int ret = 0, i;
size_t len = 0, out_size;
mbedtls_asn1_named_data *names = NULL;
- mbedtls_x509_name parsed, *parsed_cur;
+ mbedtls_x509_name parsed;
+ memset(&parsed, 0, sizeof(parsed));
+ mbedtls_x509_name *parsed_cur;
// Size of buf is maximum required for test cases
- unsigned char buf[80], *out = NULL, *c;
+ unsigned char buf[80] = { 0 };
+ unsigned char *out = NULL;
+ unsigned char *c = buf + sizeof(buf);
const char *short_name;
USE_PSA_INIT();
- memset(&parsed, 0, sizeof(parsed));
- memset(buf, 0, sizeof(buf));
- c = buf + sizeof(buf);
+
// Additional size required for trailing space
out_size = strlen(expected_oids) + 2;
TEST_CALLOC(out, out_size);
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index a7ed262..4de9add 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -699,16 +699,16 @@
int ret;
size_t len = 0;
mbedtls_asn1_named_data *names = NULL;
- mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
- unsigned char buf[1024], out[1024], *c;
+ mbedtls_x509_name parsed;
+ memset(&parsed, 0, sizeof(parsed));
+ mbedtls_x509_name *parsed_cur = NULL;
+ mbedtls_x509_name *parsed_prv = NULL;
+ unsigned char buf[1024] = { 0 };
+ unsigned char out[1024] = { 0 };
+ unsigned char *c = buf + sizeof(buf);
USE_PSA_INIT();
- memset(&parsed, 0, sizeof(parsed));
- memset(out, 0, sizeof(out));
- memset(buf, 0, sizeof(buf));
- c = buf + sizeof(buf);
-
ret = mbedtls_x509_string_to_names(&names, name);
TEST_EQUAL(ret, result);