Merge pull request #8435 from valeriosetti/issue8415
Remove cipher/aead legacy dependencies from PSA test suites
diff --git a/ChangeLog.d/fix-linux-builds-in-conda-forge.txt b/ChangeLog.d/fix-linux-builds-in-conda-forge.txt
new file mode 100644
index 0000000..5cfee85
--- /dev/null
+++ b/ChangeLog.d/fix-linux-builds-in-conda-forge.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix build failure in conda-forge. Fixes #8422.
diff --git a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
index 8875921..f9b108d 100644
--- a/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
+++ b/docs/proposed/psa-driver-wrappers-codegen-migration-guide.md
@@ -4,7 +4,7 @@
This document describes how to migrate to the auto generated psa_crypto_driver_wrappers.h file.
It is meant to give the library user migration guidelines while the Mbed TLS project tides over multiple minor revs of version 1.0, after which this will be merged into psa-driver-interface.md.
-For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.html).
+For a practical guide with a description of the current state of drivers Mbed TLS, see our [PSA Cryptoprocessor driver development examples](../psa-driver-example-and-guide.md).
## Introduction
diff --git a/library/aesni.c b/library/aesni.c
index 57d6e09..864d0d6 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -43,6 +43,17 @@
#include <immintrin.h>
#endif
+#if defined(MBEDTLS_ARCH_IS_X86)
+#if defined(MBEDTLS_COMPILER_IS_GCC)
+#pragma GCC push_options
+#pragma GCC target ("pclmul,sse2,aes")
+#define MBEDTLS_POP_TARGET_PRAGMA
+#elif defined(__clang__)
+#pragma clang attribute push (__attribute__((target("pclmul,sse2,aes"))), apply_to=function)
+#define MBEDTLS_POP_TARGET_PRAGMA
+#endif
+#endif
+
#if !defined(MBEDTLS_AES_USE_HARDWARE_ONLY)
/*
* AES-NI support detection routine
@@ -398,6 +409,15 @@
}
#endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
+#if defined(MBEDTLS_POP_TARGET_PRAGMA)
+#if defined(__clang__)
+#pragma clang attribute pop
+#elif defined(__GNUC__)
+#pragma GCC pop_options
+#endif
+#undef MBEDTLS_POP_TARGET_PRAGMA
+#endif
+
#else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
#if defined(__has_feature)
diff --git a/library/aesni.h b/library/aesni.h
index 952e138..f007735 100644
--- a/library/aesni.h
+++ b/library/aesni.h
@@ -50,6 +50,10 @@
#if (defined(__GNUC__) || defined(__clang__)) && defined(__AES__) && defined(__PCLMUL__)
#define MBEDTLS_AESNI_HAVE_INTRINSICS
#endif
+/* For 32-bit, we only support intrinsics */
+#if defined(MBEDTLS_ARCH_IS_X86) && (defined(__GNUC__) || defined(__clang__))
+#define MBEDTLS_AESNI_HAVE_INTRINSICS
+#endif
/* Choose the implementation of AESNI, if one is available.
*
@@ -60,13 +64,11 @@
#if defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
#elif defined(MBEDTLS_HAVE_ASM) && \
- defined(__GNUC__) && defined(MBEDTLS_ARCH_IS_X64)
+ (defined(__GNUC__) || defined(__clang__)) && defined(MBEDTLS_ARCH_IS_X64)
/* Can we do AESNI with inline assembly?
* (Only implemented with gas syntax, only for 64-bit.)
*/
#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
-#elif defined(__GNUC__) || defined(__clang__)
-# error "Must use `-mpclmul -msse2 -maes` for MBEDTLS_AESNI_C"
#else
#error "MBEDTLS_AESNI_C defined, but neither intrinsics nor assembly available"
#endif
diff --git a/library/platform_util.c b/library/platform_util.c
index 09216ed..fdafa1f 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -265,7 +265,7 @@
struct timespec tv;
mbedtls_ms_time_t current_ms;
-#if defined(__linux__)
+#if defined(__linux__) && defined(CLOCK_BOOTTIME)
ret = clock_gettime(CLOCK_BOOTTIME, &tv);
#else
ret = clock_gettime(CLOCK_MONOTONIC, &tv);
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 4629b8f..6e64820 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -705,7 +705,7 @@
}
/* get size of the buffer needed */
- mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len);
+ (void) mbedtls_ssl_session_save(&exported_session, NULL, 0, session_data_len);
*session_data = mbedtls_calloc(1, *session_data_len);
if (*session_data == NULL) {
mbedtls_printf(" failed\n ! alloc %u bytes for session data\n",
diff --git a/scripts/lcov.sh b/scripts/lcov.sh
index 6bba02f..2cf566a 100755
--- a/scripts/lcov.sh
+++ b/scripts/lcov.sh
@@ -42,16 +42,21 @@
set -eu
+# Repository detection
+in_mbedtls_build_dir () {
+ test -d library
+ }
+
# Collect stats and build a HTML report.
lcov_library_report () {
rm -rf Coverage
mkdir Coverage Coverage/tmp
- lcov --capture --initial --directory library -o Coverage/tmp/files.info
- lcov --rc lcov_branch_coverage=1 --capture --directory library -o Coverage/tmp/tests.info
+ lcov --capture --initial --directory $library_dir -o Coverage/tmp/files.info
+ lcov --rc lcov_branch_coverage=1 --capture --directory $library_dir -o Coverage/tmp/tests.info
lcov --rc lcov_branch_coverage=1 --add-tracefile Coverage/tmp/files.info --add-tracefile Coverage/tmp/tests.info -o Coverage/tmp/all.info
lcov --rc lcov_branch_coverage=1 --remove Coverage/tmp/all.info -o Coverage/tmp/final.info '*.h'
gendesc tests/Descriptions.txt -o Coverage/tmp/descriptions
- genhtml --title "Mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
+ genhtml --title "$title" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
rm -f Coverage/tmp/*.info Coverage/tmp/descriptions
echo "Coverage report in: Coverage/index.html"
}
@@ -59,9 +64,9 @@
# Reset the traces to 0.
lcov_reset_traces () {
# Location with plain make
- rm -f library/*.gcda
+ rm -f $library_dir/*.gcda
# Location with CMake
- rm -f library/CMakeFiles/*.dir/*.gcda
+ rm -f $library_dir/CMakeFiles/*.dir/*.gcda
}
if [ $# -gt 0 ] && [ "$1" = "--help" ]; then
@@ -69,6 +74,14 @@
exit
fi
+if in_mbedtls_build_dir; then
+ library_dir='library'
+ title='Mbed TLS'
+else
+ library_dir='core'
+ title='TF-PSA-Crypto'
+fi
+
main=lcov_library_report
while getopts r OPTLET; do
case $OPTLET in
diff --git a/tests/compat.sh b/tests/compat.sh
index 6506e6c..a98ed0e 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -127,7 +127,7 @@
printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
printf " -M|--memcheck\tCheck memory leaks and errors.\n"
printf " -v|--verbose\tSet verbose output.\n"
- printf " --list-test-case\tList all potential test cases (No Execution)\n"
+ printf " --list-test-cases\tList all potential test cases (No Execution)\n"
printf " --outcome-file\tFile where test outcomes are written\n"
printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
printf " --preserve-logs\tPreserve logs of successful tests as well\n"
@@ -141,8 +141,8 @@
done
}
-# list_test_case lists all potential test cases in compat.sh without execution
-list_test_case() {
+# list_test_cases lists all potential test cases in compat.sh without execution
+list_test_cases() {
reset_ciphersuites
for TYPE in $TYPES; do
add_common_ciphersuites
@@ -191,9 +191,9 @@
MEMCHECK=1
;;
# Please check scripts/check_test_cases.py correspondingly
- # if you have to modify option, --list-test-case
- --list-test-case)
- list_test_case
+ # if you have to modify option, --list-test-cases
+ --list-test-cases)
+ list_test_cases
exit $?
;;
--outcome-file)
@@ -869,7 +869,7 @@
}
# uniform_title <CLIENT> <SERVER> <STANDARD_CIPHER_SUITE>
-# $TITLE is considered as test case description for both --list-test-case and
+# $TITLE is considered as test case description for both --list-test-cases and
# MBEDTLS_TEST_OUTCOME_FILE. This function aims to control the format of
# each test case description.
uniform_title() {
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1eea025..2d80720 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -4469,8 +4469,6 @@
not grep -q "AES note: built-in implementation." ./programs/test/selftest
}
-
-
support_test_aesni_m32() {
support_test_m32_o0 && (lscpu | grep -qw aes)
}
@@ -4486,10 +4484,10 @@
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
scripts/config.py set MBEDTLS_HAVE_ASM
- # test the intrinsics implementation
- msg "AES tests, test intrinsics"
+ # test the intrinsics implementation with gcc
+ msg "AES tests, test intrinsics (gcc)"
make clean
- make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra -mpclmul -msse2 -maes' LDFLAGS='-m32'
+ make CC=gcc CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
# check that we built intrinsics - this should be used by default when supported by the compiler
./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
grep -q "AES note: using AESNI" ./programs/test/selftest
@@ -4511,6 +4509,36 @@
not grep -q mbedtls_aesni_has_support ./programs/test/selftest
}
+support_test_aesni_m32_clang() {
+ support_test_aesni_m32 && if command -v clang > /dev/null ; then
+ # clang >= 4 is required to build with target attributes
+ clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
+ [[ "${clang_ver}" -ge 4 ]]
+ else
+ # clang not available
+ false
+ fi
+}
+
+component_test_aesni_m32_clang() {
+
+ scripts/config.py set MBEDTLS_AESNI_C
+ scripts/config.py set MBEDTLS_PADLOCK_C
+ scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+ scripts/config.py set MBEDTLS_HAVE_ASM
+
+ # test the intrinsics implementation with clang
+ msg "AES tests, test intrinsics (clang)"
+ make clean
+ make CC=clang CFLAGS='-m32 -Werror -Wall -Wextra' LDFLAGS='-m32'
+ # check that we built intrinsics - this should be used by default when supported by the compiler
+ ./programs/test/selftest aes | grep "AESNI code" | grep -q "intrinsics"
+ grep -q "AES note: using AESNI" ./programs/test/selftest
+ grep -q "AES note: built-in implementation." ./programs/test/selftest
+ grep -q "AES note: using VIA Padlock" ./programs/test/selftest
+ grep -q mbedtls_aesni_has_support ./programs/test/selftest
+}
+
# For timebeing, no aarch64 gcc available in CI and no arm64 CI node.
component_build_aes_aesce_armcc () {
msg "Build: AESCE test on arm64 platform without plain C."
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 706421f..80b6459 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -95,9 +95,21 @@
else:
results.warning('Allow listed test case was executed: {}', key)
+def name_matches_pattern(name, str_or_re):
+ """Check if name matches a pattern, that may be a string or regex.
+ - If the pattern is a string, name must be equal to match.
+ - If the pattern is a regex, name must fully match.
+ """
+ # The CI's python is too old for re.Pattern
+ #if isinstance(str_or_re, re.Pattern):
+ if not isinstance(str_or_re, str):
+ return str_or_re.fullmatch(name)
+ else:
+ return str_or_re == name
+
def analyze_driver_vs_reference(results: Results, outcomes,
component_ref, component_driver,
- ignored_suites, ignored_test=None):
+ ignored_suites, ignored_tests=None):
"""Check that all tests executed in the reference component are also
executed in the corresponding driver component.
Skip:
@@ -105,22 +117,25 @@
- only some specific test inside a test suite, for which the corresponding
output string is provided
"""
- available = check_test_cases.collect_available_test_cases()
-
- for key in available:
- # Continue if test was not executed by any component
- hits = outcomes[key].hits() if key in outcomes else 0
- if hits == 0:
- continue
- # Skip ignored test suites
- full_test_suite = key.split(';')[0] # retrieve full test suite name
- test_string = key.split(';')[1] # retrieve the text string of this test
+ seen_reference_passing = False
+ for key in outcomes:
+ # key is like "test_suite_foo.bar;Description of test case"
+ (full_test_suite, test_string) = key.split(';')
test_suite = full_test_suite.split('.')[0] # retrieve main part of test suite name
+
+ # Immediately skip fully-ignored test suites
if test_suite in ignored_suites or full_test_suite in ignored_suites:
continue
- if ((full_test_suite in ignored_test) and
- (test_string in ignored_test[full_test_suite])):
- continue
+
+ # For ignored test cases inside test suites, just remember and:
+ # don't issue an error if they're skipped with drivers,
+ # but issue an error if they're not (means we have a bad entry).
+ ignored = False
+ if full_test_suite in ignored_tests:
+ for str_or_re in ignored_tests[test_suite]:
+ if name_matches_pattern(test_string, str_or_re):
+ ignored = True
+
# Search for tests that run in reference component and not in driver component
driver_test_passed = False
reference_test_passed = False
@@ -129,8 +144,14 @@
driver_test_passed = True
if component_ref in entry:
reference_test_passed = True
- if(reference_test_passed and not driver_test_passed):
- results.error("Did not pass with driver: {}", key)
+ seen_reference_passing = True
+ if reference_test_passed and not driver_test_passed and not ignored:
+ results.error("PASS -> SKIP/FAIL: {}", key)
+ if ignored and driver_test_passed:
+ results.error("uselessly ignored: {}", key)
+
+ if not seen_reference_passing:
+ results.error("no passing test in reference component: bad outcome file?")
def analyze_outcomes(results: Results, outcomes, args):
"""Run all analyses on the given outcome collection."""
@@ -232,15 +253,7 @@
# PEM decryption is not supported so far.
# The rest of PEM (write, unencrypted read) works though.
'test_suite_pem': [
- 'PEM read (AES-128-CBC + invalid iv)'
- 'PEM read (DES-CBC + invalid iv)',
- 'PEM read (DES-EDE3-CBC + invalid iv)',
- 'PEM read (malformed PEM AES-128-CBC)',
- 'PEM read (malformed PEM DES-CBC)',
- 'PEM read (malformed PEM DES-EDE3-CBC)',
- 'PEM read (unknown encryption algorithm)',
- 'PEM read (AES-128-CBC + invalid iv)',
- 'PEM read (DES-CBC + invalid iv)',
+ re.compile(r'PEM read .*(AES|DES|\bencrypt).*'),
],
# Following tests depend on AES_C/DES_C but are not about
# them really, just need to know some error code is there.
@@ -255,258 +268,21 @@
# The en/decryption part of PKCS#12 is not supported so far.
# The rest of PKCS#12 (key derivation) works though.
'test_suite_pkcs12': [
- 'PBE Decrypt, (Invalid padding & PKCS7 padding enabled)',
- 'PBE Decrypt, pad = 7 (OK)',
- 'PBE Decrypt, pad = 8 (Invalid output size)',
- 'PBE Decrypt, pad = 8 (OK)',
- 'PBE Encrypt, pad = 7 (OK)',
- 'PBE Encrypt, pad = 8 (Invalid output size)',
- 'PBE Encrypt, pad = 8 (OK)',
+ re.compile(r'PBE Encrypt, .*'),
+ re.compile(r'PBE Decrypt, .*'),
],
# The en/decryption part of PKCS#5 is not supported so far.
# The rest of PKCS#5 (PBKDF2) works though.
'test_suite_pkcs5': [
- 'PBES2 Decrypt (Invalid output size)',
- 'PBES2 Decrypt (Invalid padding & PKCS7 padding enabled)',
- 'PBES2 Decrypt (KDF != PBKDF2)',
- 'PBES2 Decrypt (OK)',
- 'PBES2 Decrypt (OK, PBKDF2 params explicit keylen)',
- 'PBES2 Decrypt (OK, PBKDF2 params explicit prf_alg)',
- 'PBES2 Decrypt (bad KDF AlgId: not a sequence)',
- 'PBES2 Decrypt (bad KDF AlgId: overlong)',
- 'PBES2 Decrypt (bad PBKDF2 params explicit keylen: overlong)',
- 'PBES2 Decrypt (bad PBKDF2 params iter: not an int)',
- 'PBES2 Decrypt (bad PBKDF2 params iter: overlong)',
- 'PBES2 Decrypt (bad PBKDF2 params salt: not an octet string)',
- 'PBES2 Decrypt (bad PBKDF2 params salt: overlong)',
- 'PBES2 Decrypt (bad PBKDF2 params: not a sequence)',
- 'PBES2 Decrypt (bad PBKDF2 params: overlong)',
- 'PBES2 Decrypt (bad enc_scheme_alg params: len != iv_len)',
- 'PBES2 Decrypt (bad enc_scheme_alg params: not an octet string)',
- 'PBES2 Decrypt (bad enc_scheme_alg params: overlong)',
- 'PBES2 Decrypt (bad enc_scheme_alg: not a sequence)',
- 'PBES2 Decrypt (bad enc_scheme_alg: overlong)',
- 'PBES2 Decrypt (bad enc_scheme_alg: unknown oid)',
- 'PBES2 Decrypt (bad iter value)',
- 'PBES2 Decrypt (bad params tag)',
- 'PBES2 Decrypt (bad password)',
- 'PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg != HMAC-SHA*)',
- 'PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg not a sequence)',
- 'PBES2 Decrypt (bad, PBKDF2 params explicit prf_alg overlong)',
- 'PBES2 Decrypt (bad, PBKDF2 params extra data)',
- 'PBES2 Encrypt, pad=6 (OK)',
- 'PBES2 Encrypt, pad=8 (Invalid output size)',
- 'PBES2 Encrypt, pad=8 (OK)',
+ re.compile(r'PBES2 Encrypt, .*'),
+ re.compile(r'PBES2 Decrypt .*'),
],
# Encrypted keys are not supported so far.
# pylint: disable=line-too-long
'test_suite_pkparse': [
'Key ASN1 (Encrypted key PKCS12, trailing garbage data)',
'Key ASN1 (Encrypted key PKCS5, trailing garbage data)',
- 'Parse RSA Key #20 (PKCS#8 encrypted SHA1-3DES)',
- 'Parse RSA Key #20.1 (PKCS#8 encrypted SHA1-3DES, wrong PW)',
- 'Parse RSA Key #20.2 (PKCS#8 encrypted SHA1-3DES, no PW)',
- 'Parse RSA Key #21 (PKCS#8 encrypted SHA1-3DES, 2048-bit)',
- 'Parse RSA Key #21.1 (PKCS#8 encrypted SHA1-3DES, 2048-bit, wrong PW)',
- 'Parse RSA Key #21.2 (PKCS#8 encrypted SHA1-3DES, 2048-bit, no PW)',
- 'Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit)',
- 'Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW)',
- 'Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW)',
- 'Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER)',
- 'Parse RSA Key #24 (PKCS#8 encrypted SHA1-3DES DER, 2048-bit)',
- 'Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit)',
- 'Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES)',
- 'Parse RSA Key #26.1 (PKCS#8 encrypted SHA1-2DES, wrong PW)',
- 'Parse RSA Key #26.2 (PKCS#8 encrypted SHA1-2DES, no PW)',
- 'Parse RSA Key #27 (PKCS#8 encrypted SHA1-2DES, 2048-bit)',
- 'Parse RSA Key #27.1 (PKCS#8 encrypted SHA1-2DES, 2048-bit, wrong PW)',
- 'Parse RSA Key #27.2 (PKCS#8 encrypted SHA1-2DES, 2048-bit no PW)',
- 'Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit)',
- 'Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW)',
- 'Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW)',
- 'Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER)',
- 'Parse RSA Key #30 (PKCS#8 encrypted SHA1-2DES DER, 2048-bit)',
- 'Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit)',
- 'Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)',
- 'Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBKDF2 3DES, wrong PW)',
- 'Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBKDF2 3DES, no PW)',
- 'Parse RSA Key #39 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit)',
- 'Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, wrong PW)',
- 'Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, no PW)',
- 'Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit)',
- 'Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW)',
- 'Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW)',
- 'Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER)',
- 'Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, wrong PW)',
- 'Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, no PW)',
- 'Parse RSA Key #42 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit)',
- 'Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, no PW)',
- 'Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit)',
- 'Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW)',
- 'Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES)',
- 'Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBKDF2 DES, wrong PW)',
- 'Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBKDF2 DES, no PW)',
- 'Parse RSA Key #45 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit)',
- 'Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, wrong PW)',
- 'Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, no PW)',
- 'Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit)',
- 'Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW)',
- 'Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW)',
- 'Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER)',
- 'Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, wrong PW)',
- 'Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, no PW)',
- 'Parse RSA Key #48 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit)',
- 'Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, no PW)',
- 'Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit)',
- 'Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)',
- 'Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)',
- 'Parse RSA Key #50.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, wrong PW)',
- 'Parse RSA Key #50.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, no PW)',
- 'Parse RSA Key #51 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit)',
- 'Parse RSA Key #51.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, wrong PW)',
- 'Parse RSA Key #51.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 2048-bit, no PW)',
- 'Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit)',
- 'Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW)',
- 'Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW)',
- 'Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER)',
- 'Parse RSA Key #53.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, wrong PW)',
- 'Parse RSA Key #53.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, no PW)',
- 'Parse RSA Key #54 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit)',
- 'Parse RSA Key #54.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #54.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 2048-bit, no PW)',
- 'Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit)',
- 'Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW)',
- 'Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224)',
- 'Parse RSA Key #56.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, wrong PW)',
- 'Parse RSA Key #56.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, no PW)',
- 'Parse RSA Key #57 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit)',
- 'Parse RSA Key #57.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, wrong PW)',
- 'Parse RSA Key #57.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 2048-bit, no PW)',
- 'Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit)',
- 'Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW)',
- 'Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW)',
- 'Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER)',
- 'Parse RSA Key #59.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, wrong PW)',
- 'Parse RSA Key #59.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, no PW)',
- 'Parse RSA Key #60 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit)',
- 'Parse RSA Key #60.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #60.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 2048-bit, no PW)',
- 'Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit)',
- 'Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW)',
- 'Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256)',
- 'Parse RSA Key #62.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, wrong PW)',
- 'Parse RSA Key #62.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, no PW)',
- 'Parse RSA Key #63 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit)',
- 'Parse RSA Key #63.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, wrong PW)',
- 'Parse RSA Key #63.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 2048-bit, no PW)',
- 'Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit)',
- 'Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW)',
- 'Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW)',
- 'Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER)',
- 'Parse RSA Key #65.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, wrong PW)',
- 'Parse RSA Key #65.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, no PW)',
- 'Parse RSA Key #66 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit)',
- 'Parse RSA Key #66.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #66.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 2048-bit, no PW)',
- 'Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit)',
- 'Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW)',
- 'Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256)',
- 'Parse RSA Key #69.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, wrong PW)',
- 'Parse RSA Key #69.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, no PW)',
- 'Parse RSA Key #70 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit)',
- 'Parse RSA Key #70.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, wrong PW)',
- 'Parse RSA Key #70.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 2048-bit, no PW)',
- 'Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit)',
- 'Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW)',
- 'Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW)',
- 'Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER)',
- 'Parse RSA Key #72.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, wrong PW)',
- 'Parse RSA Key #72.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, no PW)',
- 'Parse RSA Key #73 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit)',
- 'Parse RSA Key #73.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #73.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 2048-bit, no PW)',
- 'Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit)',
- 'Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW)',
- 'Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384)',
- 'Parse RSA Key #75.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, wrong PW)',
- 'Parse RSA Key #75.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, no PW)',
- 'Parse RSA Key #76 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit)',
- 'Parse RSA Key #76.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, wrong PW)',
- 'Parse RSA Key #76.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 2048-bit, no PW)',
- 'Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit)',
- 'Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW)',
- 'Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW)',
- 'Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER)',
- 'Parse RSA Key #78.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, wrong PW)',
- 'Parse RSA Key #78.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, no PW)',
- 'Parse RSA Key #79 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit)',
- 'Parse RSA Key #79.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #79.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 2048-bit, no PW)',
- 'Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit)',
- 'Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW)',
- 'Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384)',
- 'Parse RSA Key #81.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, wrong PW)',
- 'Parse RSA Key #81.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, no PW)',
- 'Parse RSA Key #82 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit)',
- 'Parse RSA Key #82.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, wrong PW)',
- 'Parse RSA Key #82.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 2048-bit, no PW)',
- 'Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit)',
- 'Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW)',
- 'Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW)',
- 'Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER)',
- 'Parse RSA Key #84.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, wrong PW)',
- 'Parse RSA Key #85.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, no PW)',
- 'Parse RSA Key #86 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit)',
- 'Parse RSA Key #86.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #86.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 2048-bit, no PW)',
- 'Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit)',
- 'Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW)',
- 'Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512)',
- 'Parse RSA Key #88.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, wrong PW)',
- 'Parse RSA Key #88.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, no PW)',
- 'Parse RSA Key #89 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit)',
- 'Parse RSA Key #89.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, wrong PW)',
- 'Parse RSA Key #89.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 2048-bit, no PW)',
- 'Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit)',
- 'Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW)',
- 'Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW)',
- 'Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER)',
- 'Parse RSA Key #91.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, wrong PW)',
- 'Parse RSA Key #91.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, no PW)',
- 'Parse RSA Key #92 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit)',
- 'Parse RSA Key #92.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #92.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 2048-bit, no PW)',
- 'Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit)',
- 'Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW)',
- 'Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512)',
- 'Parse RSA Key #94.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, wrong PW)',
- 'Parse RSA Key #94.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, no PW)',
- 'Parse RSA Key #95 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit)',
- 'Parse RSA Key #95.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, wrong PW)',
- 'Parse RSA Key #95.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 2048-bit, no PW)',
- 'Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit)',
- 'Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW)',
- 'Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW)',
- 'Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER)',
- 'Parse RSA Key #97.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, wrong PW)',
- 'Parse RSA Key #97.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, no PW)',
- 'Parse RSA Key #98 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit)',
- 'Parse RSA Key #98.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, wrong PW)',
- 'Parse RSA Key #98.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 2048-bit, no PW)',
- 'Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit)',
- 'Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW)',
- 'Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW)',
+ re.compile(r'Parse RSA Key .*\(PKCS#8 encrypted .*\)'),
],
}
}
@@ -517,11 +293,13 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_ecp_light_only',
'component_driver': 'test_psa_crypto_config_accel_ecc_ecp_light_only',
'ignored_suites': [
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
+ # Modules replaced by drivers
+ 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ # This test wants a legacy function that takes f_rng, p_rng
+ # arguments, and uses legacy ECDSA for that. The test is
+ # really about the wrapper around the PSA RNG, not ECDSA.
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
@@ -529,49 +307,14 @@
# so we must ignore disparities in the tests for which ECP_C
# is required.
'test_suite_ecp': [
- 'ECP check public-private #1 (OK)',
- 'ECP check public-private #2 (group none)',
- 'ECP check public-private #3 (group mismatch)',
- 'ECP check public-private #4 (Qx mismatch)',
- 'ECP check public-private #5 (Qy mismatch)',
- 'ECP check public-private #6 (wrong Qx)',
- 'ECP check public-private #7 (wrong Qy)',
- 'ECP gen keypair [#1]',
- 'ECP gen keypair [#2]',
- 'ECP gen keypair [#3]',
- 'ECP gen keypair wrapper',
- 'ECP point muladd secp256r1 #1',
- 'ECP point muladd secp256r1 #2',
- 'ECP point multiplication Curve25519 (element of order 2: origin) #3',
- 'ECP point multiplication Curve25519 (element of order 4: 1) #4',
- 'ECP point multiplication Curve25519 (element of order 8) #5',
- 'ECP point multiplication Curve25519 (normalized) #1',
- 'ECP point multiplication Curve25519 (not normalized) #2',
- 'ECP point multiplication rng fail Curve25519',
- 'ECP point multiplication rng fail secp256r1',
- 'ECP test vectors Curve25519',
- 'ECP test vectors Curve448 (RFC 7748 6.2, after decodeUCoordinate)',
- 'ECP test vectors brainpoolP256r1 rfc 7027',
- 'ECP test vectors brainpoolP384r1 rfc 7027',
- 'ECP test vectors brainpoolP512r1 rfc 7027',
- 'ECP test vectors secp192k1',
- 'ECP test vectors secp192r1 rfc 5114',
- 'ECP test vectors secp224k1',
- 'ECP test vectors secp224r1 rfc 5114',
- 'ECP test vectors secp256k1',
- 'ECP test vectors secp256r1 rfc 5114',
- 'ECP test vectors secp384r1 rfc 5114',
- 'ECP test vectors secp521r1 rfc 5114',
- ],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
+ re.compile(r'ECP check public-private .*'),
+ re.compile(r'ECP gen keypair .*'),
+ re.compile(r'ECP point muladd .*'),
+ re.compile(r'ECP point multiplication .*'),
+ re.compile(r'ECP test vectors .*'),
],
'test_suite_ssl': [
+ # This deprecated function is only present when ECP_C is On.
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
}
@@ -583,32 +326,14 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_no_ecp_at_all',
'component_driver': 'test_psa_crypto_config_accel_ecc_no_ecp_at_all',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
'test_suite_pkparse': [
# When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
# is automatically enabled in build_info.h (backward compatibility)
@@ -616,23 +341,10 @@
# consequence compressed points are supported in the reference
# component but not in the accelerated one, so they should be skipped
# while checking driver's coverage.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
],
+ # See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
@@ -645,90 +357,31 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum',
'component_driver': 'test_psa_crypto_config_accel_ecc_no_bignum',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
- 'bignum_core',
- 'bignum_random',
- 'bignum_mod',
- 'bignum_mod_raw',
- 'bignum.generated',
- 'bignum.misc',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
+ # See no_ecp_at_all
'test_suite_pkparse': [
- # See the description provided above in the
- # analyze_driver_vs_reference_no_ecp_at_all component.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
],
'test_suite_asn1parse': [
- # This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
- # Following tests depends on BIGNUM_C
- 'ASN.1 Write mpi 0 (1 limb)',
- 'ASN.1 Write mpi 0 (null)',
- 'ASN.1 Write mpi 0x100',
- 'ASN.1 Write mpi 0x7f',
- 'ASN.1 Write mpi 0x7f with leading 0 limb',
- 'ASN.1 Write mpi 0x80',
- 'ASN.1 Write mpi 0x80 with leading 0 limb',
- 'ASN.1 Write mpi 0xff',
- 'ASN.1 Write mpi 1',
- 'ASN.1 Write mpi, 127*8 bits',
- 'ASN.1 Write mpi, 127*8+1 bits',
- 'ASN.1 Write mpi, 127*8-1 bits',
- 'ASN.1 Write mpi, 255*8 bits',
- 'ASN.1 Write mpi, 255*8-1 bits',
- 'ASN.1 Write mpi, 256*8-1 bits',
+ re.compile(r'ASN.1 Write mpi.*'),
],
'test_suite_debug': [
- # Following tests depends on BIGNUM_C
- 'Debug print mbedtls_mpi #2: 3 bits',
- 'Debug print mbedtls_mpi: 0 (empty representation)',
- 'Debug print mbedtls_mpi: 0 (non-empty representation)',
- 'Debug print mbedtls_mpi: 49 bits',
- 'Debug print mbedtls_mpi: 759 bits',
- 'Debug print mbedtls_mpi: 764 bits #1',
- 'Debug print mbedtls_mpi: 764 bits #2',
+ re.compile(r'Debug print mbedtls_mpi.*'),
],
+ # See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
@@ -741,91 +394,31 @@
'component_ref': 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum',
'component_driver': 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
- 'bignum_core',
- 'bignum_random',
- 'bignum_mod',
- 'bignum_mod_raw',
- 'bignum.generated',
- 'bignum.misc',
- 'dhm',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto': [
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- ],
+ # See no_ecp_at_all
'test_suite_pkparse': [
- # See the description provided above in the
- # analyze_driver_vs_reference_no_ecp_at_all component.
- 'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
- 'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
- 'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
- 'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
- 'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
- 'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
- 'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
- 'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
- 'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
- 'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
- 'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
- 'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
- 'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
- 'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
- 'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
- 'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
+ re.compile(r'Parse EC Key .*compressed\)'),
+ re.compile(r'Parse Public EC Key .*compressed\)'),
],
'test_suite_asn1parse': [
- # This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
- # Following tests depends on BIGNUM_C
- 'ASN.1 Write mpi 0 (1 limb)',
- 'ASN.1 Write mpi 0 (null)',
- 'ASN.1 Write mpi 0x100',
- 'ASN.1 Write mpi 0x7f',
- 'ASN.1 Write mpi 0x7f with leading 0 limb',
- 'ASN.1 Write mpi 0x80',
- 'ASN.1 Write mpi 0x80 with leading 0 limb',
- 'ASN.1 Write mpi 0xff',
- 'ASN.1 Write mpi 1',
- 'ASN.1 Write mpi, 127*8 bits',
- 'ASN.1 Write mpi, 127*8+1 bits',
- 'ASN.1 Write mpi, 127*8-1 bits',
- 'ASN.1 Write mpi, 255*8 bits',
- 'ASN.1 Write mpi, 255*8-1 bits',
- 'ASN.1 Write mpi, 256*8-1 bits',
+ re.compile(r'ASN.1 Write mpi.*'),
],
'test_suite_debug': [
- # Following tests depends on BIGNUM_C
- 'Debug print mbedtls_mpi #2: 3 bits',
- 'Debug print mbedtls_mpi: 0 (empty representation)',
- 'Debug print mbedtls_mpi: 0 (non-empty representation)',
- 'Debug print mbedtls_mpi: 49 bits',
- 'Debug print mbedtls_mpi: 759 bits',
- 'Debug print mbedtls_mpi: 764 bits #1',
- 'Debug print mbedtls_mpi: 764 bits #2',
+ re.compile(r'Debug print mbedtls_mpi.*'),
],
+ # See ecp_light_only
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
@@ -847,92 +440,21 @@
'component_ref': 'test_tfm_config',
'component_driver': 'test_tfm_config_p256m_driver_accel_ec',
'ignored_suites': [
- # Ignore test suites for the modules that are disabled in the
- # accelerated test case.
- 'ecp',
- 'ecdsa',
- 'ecdh',
- 'ecjpake',
- 'bignum_core',
- 'bignum_random',
- 'bignum_mod',
- 'bignum_mod_raw',
- 'bignum.generated',
- 'bignum.misc',
+ # Modules replaced by drivers
+ 'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ 'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
+ 'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
- # Ignore all tests that require DERIVE support which is disabled
- # in the driver version
- 'test_suite_psa_crypto': [
- 'PSA key agreement setup: ECDH + HKDF-SHA-256: good',
- ('PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader '
- 'than required'),
- 'PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve',
- 'PSA key agreement setup: KDF instead of a key agreement algorithm',
- 'PSA key agreement setup: bad key agreement algorithm',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+32',
- 'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 64+0',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, info first',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, key output',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output',
- 'PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, good case',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label and secret',
- 'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, no inputs',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
- 'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, ka',
- 'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, ka',
- 'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC MONTGOMERY (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
- 'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
- 'PSA raw key agreement: ECDH SECP256R1 (RFC 5903)',
- ],
+ # See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
- 'test_suite_psa_crypto_pake': [
- 'PSA PAKE: ecjpake size macros',
- ],
'test_suite_asn1parse': [
- # This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
- # Following tests depends on BIGNUM_C
- 'ASN.1 Write mpi 0 (1 limb)',
- 'ASN.1 Write mpi 0 (null)',
- 'ASN.1 Write mpi 0x100',
- 'ASN.1 Write mpi 0x7f',
- 'ASN.1 Write mpi 0x7f with leading 0 limb',
- 'ASN.1 Write mpi 0x80',
- 'ASN.1 Write mpi 0x80 with leading 0 limb',
- 'ASN.1 Write mpi 0xff',
- 'ASN.1 Write mpi 1',
- 'ASN.1 Write mpi, 127*8 bits',
- 'ASN.1 Write mpi, 127*8+1 bits',
- 'ASN.1 Write mpi, 127*8-1 bits',
- 'ASN.1 Write mpi, 255*8 bits',
- 'ASN.1 Write mpi, 255*8-1 bits',
- 'ASN.1 Write mpi, 256*8-1 bits',
+ re.compile(r'ASN.1 Write mpi.*'),
],
}
}
@@ -971,7 +493,7 @@
tasks_list = re.split(r'[, ]+', options.specified_tasks)
for task in tasks_list:
if task not in KNOWN_TASKS:
- sys.stderr.write('invalid task: {}'.format(task))
+ sys.stderr.write('invalid task: {}\n'.format(task))
sys.exit(2)
KNOWN_TASKS['analyze_coverage']['args']['full_coverage'] = options.full_coverage
diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py
index 1395d4d..30879d7 100755
--- a/tests/scripts/check_test_cases.py
+++ b/tests/scripts/check_test_cases.py
@@ -28,6 +28,7 @@
import subprocess
import sys
+
class Results:
"""Store file and line information about errors or warnings in test suites."""
@@ -97,33 +98,21 @@
data_file_name, line_number, line)
in_paragraph = True
- def walk_ssl_opt_sh(self, file_name):
- """Iterate over the test cases in ssl-opt.sh or a file with a similar format."""
+ def collect_from_script(self, file_name):
+ """Collect the test cases in a script by calling its listing test cases
+option"""
descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none
- with open(file_name, 'rb') as file_contents:
- for line_number, line in enumerate(file_contents, 1):
- # Assume that all run_test calls have the same simple form
- # with the test description entirely on the same line as the
- # function name.
- m = re.match(br'\s*run_test\s+"((?:[^\\"]|\\.)*)"', line)
- if not m:
- continue
- description = m.group(1)
- self.process_test_case(descriptions,
- file_name, line_number, description)
-
- def walk_compat_sh(self, file_name):
- """Iterate over the test cases compat.sh with a similar format."""
- descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none
- compat_cmd = ['sh', file_name, '--list-test-case']
- compat_output = subprocess.check_output(compat_cmd)
- # Assume compat.sh is responsible for printing identical format of
- # test case description between --list-test-case and its OUTCOME.CSV
- description = compat_output.strip().split(b'\n')
+ listed = subprocess.check_output(['sh', file_name, '--list-test-cases'])
+ # Assume test file is responsible for printing identical format of
+ # test case description between --list-test-cases and its OUTCOME.CSV
+ #
# idx indicates the number of test case since there is no line number
- # in `compat.sh` for each test case.
- for idx, descrip in enumerate(description):
- self.process_test_case(descriptions, file_name, idx, descrip)
+ # in the script for each test case.
+ for idx, description in enumerate(listed.splitlines()):
+ self.process_test_case(descriptions,
+ file_name,
+ idx,
+ description.rstrip())
@staticmethod
def collect_test_directories():
@@ -144,15 +133,11 @@
for data_file_name in glob.glob(os.path.join(directory, 'suites',
'*.data')):
self.walk_test_suite(data_file_name)
- ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh')
- if os.path.exists(ssl_opt_sh):
- self.walk_ssl_opt_sh(ssl_opt_sh)
- for ssl_opt_file_name in glob.glob(os.path.join(directory, 'opt-testcases',
- '*.sh')):
- self.walk_ssl_opt_sh(ssl_opt_file_name)
- compat_sh = os.path.join(directory, 'compat.sh')
- if os.path.exists(compat_sh):
- self.walk_compat_sh(compat_sh)
+
+ for sh_file in ['ssl-opt.sh', 'compat.sh']:
+ sh_file = os.path.join(directory, sh_file)
+ if os.path.exists(sh_file):
+ self.collect_from_script(sh_file)
class TestDescriptions(TestDescriptionExplorer):
"""Collect the available test cases."""
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0dd7fe6..36753af 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -123,6 +123,7 @@
EXCLUDE='^$'
SHOW_TEST_NUMBER=0
+LIST_TESTS=0
RUN_TEST_NUMBER=''
PRESERVE_LOGS=0
@@ -142,6 +143,7 @@
printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
printf " -s|--show-numbers\tShow test numbers in front of test names\n"
printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
+ printf " --list-test-cases\tList all potential test cases (No Execution)\n"
printf " --outcome-file\tFile where test outcomes are written\n"
printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n"
@@ -167,6 +169,9 @@
-s|--show-numbers)
SHOW_TEST_NUMBER=1
;;
+ -l|--list-test-cases)
+ LIST_TESTS=1
+ ;;
-p|--preserve-logs)
PRESERVE_LOGS=1
;;
@@ -196,11 +201,18 @@
done
}
+get_options "$@"
+
# Read boolean configuration options from mbedtls_config.h for easy and quick
# testing. Skip non-boolean options (with something other than spaces
# and a comment after "#define SYMBOL"). The variable contains a
# space-separated list of symbols.
-CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )"
+if [ "$LIST_TESTS" -eq 0 ];then
+ CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )"
+else
+ P_QUERY=":"
+ CONFIGS_ENABLED=""
+fi
# Skip next test; use this macro to skip tests which are legitimate
# in theory and expected to be re-introduced at some point, but
# aren't expected to succeed at the moment due to problems outside
@@ -296,7 +308,12 @@
#
# Note that if the configuration is not defined or is defined to nothing,
# the output of this function will be an empty string.
- ${P_SRV} "query_config=${1}"
+ if [ "$LIST_TESTS" -eq 0 ];then
+ ${P_SRV} "query_config=${1}"
+ else
+ echo "1"
+ fi
+
}
requires_config_value_at_least() {
@@ -807,19 +824,20 @@
fi
}
-# Calculate the input & output maximum content lengths set in the config
MAX_CONTENT_LEN=16384
MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" )
MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" )
+if [ "$LIST_TESTS" -eq 0 ];then
+ # Calculate the input & output maximum content lengths set in the config
-# Calculate the maximum content length that fits both
-if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
- MAX_CONTENT_LEN="$MAX_IN_LEN"
+ # Calculate the maximum content length that fits both
+ if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
+ MAX_CONTENT_LEN="$MAX_IN_LEN"
+ fi
+ if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
+ MAX_CONTENT_LEN="$MAX_OUT_LEN"
+ fi
fi
-if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
- MAX_CONTENT_LEN="$MAX_OUT_LEN"
-fi
-
# skip the next test if the SSL output buffer is less than 16KB
requires_full_size_output_buffer() {
if [ "$MAX_OUT_LEN" -ne 16384 ]; then
@@ -861,6 +879,7 @@
fi
LINE="$LINE$1"
+
printf "%s " "$LINE"
LEN=$(( 72 - `echo "$LINE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done
@@ -876,7 +895,7 @@
if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then
printf '%s;%s;%s;%s;%s;%s\n' \
"$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \
- "${TEST_SUITE_NAME:-ssl-opt}" "$NAME" \
+ "ssl-opt" "$NAME" \
"$1" "${2-}" \
>>"$MBEDTLS_TEST_OUTCOME_FILE"
fi
@@ -1578,6 +1597,11 @@
return
fi
+ if [ "$LIST_TESTS" -gt 0 ]; then
+ printf "%s\n" "$NAME"
+ return
+ fi
+
print_name "$NAME"
# Do we only run numbered tests?
@@ -1775,8 +1799,6 @@
# MAIN
#
-get_options "$@"
-
# Make the outcome file path relative to the original directory, not
# to .../tests
case "$MBEDTLS_TEST_OUTCOME_FILE" in
@@ -1827,109 +1849,112 @@
}
fi
-# sanity checks, avoid an avalanche of errors
-P_SRV_BIN="${P_SRV%%[ ]*}"
-P_CLI_BIN="${P_CLI%%[ ]*}"
-P_PXY_BIN="${P_PXY%%[ ]*}"
-if [ ! -x "$P_SRV_BIN" ]; then
- echo "Command '$P_SRV_BIN' is not an executable file"
- exit 1
-fi
-if [ ! -x "$P_CLI_BIN" ]; then
- echo "Command '$P_CLI_BIN' is not an executable file"
- exit 1
-fi
-if [ ! -x "$P_PXY_BIN" ]; then
- echo "Command '$P_PXY_BIN' is not an executable file"
- exit 1
-fi
-if [ "$MEMCHECK" -gt 0 ]; then
- if which valgrind >/dev/null 2>&1; then :; else
- echo "Memcheck not possible. Valgrind not found"
+if [ "$LIST_TESTS" -eq 0 ];then
+
+ # sanity checks, avoid an avalanche of errors
+ P_SRV_BIN="${P_SRV%%[ ]*}"
+ P_CLI_BIN="${P_CLI%%[ ]*}"
+ P_PXY_BIN="${P_PXY%%[ ]*}"
+ if [ ! -x "$P_SRV_BIN" ]; then
+ echo "Command '$P_SRV_BIN' is not an executable file"
exit 1
fi
+ if [ ! -x "$P_CLI_BIN" ]; then
+ echo "Command '$P_CLI_BIN' is not an executable file"
+ exit 1
+ fi
+ if [ ! -x "$P_PXY_BIN" ]; then
+ echo "Command '$P_PXY_BIN' is not an executable file"
+ exit 1
+ fi
+ if [ "$MEMCHECK" -gt 0 ]; then
+ if which valgrind >/dev/null 2>&1; then :; else
+ echo "Memcheck not possible. Valgrind not found"
+ exit 1
+ fi
+ fi
+ if which $OPENSSL >/dev/null 2>&1; then :; else
+ echo "Command '$OPENSSL' not found"
+ exit 1
+ fi
+
+ # used by watchdog
+ MAIN_PID="$$"
+
+ # We use somewhat arbitrary delays for tests:
+ # - how long do we wait for the server to start (when lsof not available)?
+ # - how long do we allow for the client to finish?
+ # (not to check performance, just to avoid waiting indefinitely)
+ # Things are slower with valgrind, so give extra time here.
+ #
+ # Note: without lsof, there is a trade-off between the running time of this
+ # script and the risk of spurious errors because we didn't wait long enough.
+ # The watchdog delay on the other hand doesn't affect normal running time of
+ # the script, only the case where a client or server gets stuck.
+ if [ "$MEMCHECK" -gt 0 ]; then
+ START_DELAY=6
+ DOG_DELAY=60
+ else
+ START_DELAY=2
+ DOG_DELAY=20
+ fi
+
+ # some particular tests need more time:
+ # - for the client, we multiply the usual watchdog limit by a factor
+ # - for the server, we sleep for a number of seconds after the client exits
+ # see client_need_more_time() and server_needs_more_time()
+ CLI_DELAY_FACTOR=1
+ SRV_DELAY_SECONDS=0
+
+ # fix commands to use this port, force IPv4 while at it
+ # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
+ # Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
+ # machines that will resolve to ::1, and we don't want ipv6 here.
+ P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
+ P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
+ P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
+ O_SRV="$O_SRV -accept $SRV_PORT"
+ O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
+ G_SRV="$G_SRV -p $SRV_PORT"
+ G_CLI="$G_CLI -p +SRV_PORT"
+
+ # Newer versions of OpenSSL have a syntax to enable all "ciphers", even
+ # low-security ones. This covers not just cipher suites but also protocol
+ # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
+ # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
+ # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
+ # a way to discover it from -help, so check the openssl version.
+ case $($OPENSSL version) in
+ "OpenSSL 0"*|"OpenSSL 1.0"*) :;;
+ *)
+ O_CLI="$O_CLI -cipher ALL@SECLEVEL=0"
+ O_SRV="$O_SRV -cipher ALL@SECLEVEL=0"
+ ;;
+ esac
+
+ if [ -n "${OPENSSL_NEXT:-}" ]; then
+ O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
+ O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT"
+ O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT"
+ O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
+ O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT"
+ fi
+
+ if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
+ G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
+ G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT"
+ fi
+
+ if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
+ G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
+ G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost"
+ fi
+
+ # Allow SHA-1, because many of our test certificates use it
+ P_SRV="$P_SRV allow_sha1=1"
+ P_CLI="$P_CLI allow_sha1=1"
+
fi
-if which $OPENSSL >/dev/null 2>&1; then :; else
- echo "Command '$OPENSSL' not found"
- exit 1
-fi
-
-# used by watchdog
-MAIN_PID="$$"
-
-# We use somewhat arbitrary delays for tests:
-# - how long do we wait for the server to start (when lsof not available)?
-# - how long do we allow for the client to finish?
-# (not to check performance, just to avoid waiting indefinitely)
-# Things are slower with valgrind, so give extra time here.
-#
-# Note: without lsof, there is a trade-off between the running time of this
-# script and the risk of spurious errors because we didn't wait long enough.
-# The watchdog delay on the other hand doesn't affect normal running time of
-# the script, only the case where a client or server gets stuck.
-if [ "$MEMCHECK" -gt 0 ]; then
- START_DELAY=6
- DOG_DELAY=60
-else
- START_DELAY=2
- DOG_DELAY=20
-fi
-
-# some particular tests need more time:
-# - for the client, we multiply the usual watchdog limit by a factor
-# - for the server, we sleep for a number of seconds after the client exits
-# see client_need_more_time() and server_needs_more_time()
-CLI_DELAY_FACTOR=1
-SRV_DELAY_SECONDS=0
-
-# fix commands to use this port, force IPv4 while at it
-# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
-# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
-# machines that will resolve to ::1, and we don't want ipv6 here.
-P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
-P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
-P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
-O_SRV="$O_SRV -accept $SRV_PORT"
-O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
-G_SRV="$G_SRV -p $SRV_PORT"
-G_CLI="$G_CLI -p +SRV_PORT"
-
-# Newer versions of OpenSSL have a syntax to enable all "ciphers", even
-# low-security ones. This covers not just cipher suites but also protocol
-# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
-# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
-# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
-# a way to discover it from -help, so check the openssl version.
-case $($OPENSSL version) in
- "OpenSSL 0"*|"OpenSSL 1.0"*) :;;
- *)
- O_CLI="$O_CLI -cipher ALL@SECLEVEL=0"
- O_SRV="$O_SRV -cipher ALL@SECLEVEL=0"
- ;;
-esac
-
-if [ -n "${OPENSSL_NEXT:-}" ]; then
- O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
- O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT"
- O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT"
- O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
- O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT"
-fi
-
-if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
- G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
- G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT"
-fi
-
-if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
- G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
- G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost"
-fi
-
-# Allow SHA-1, because many of our test certificates use it
-P_SRV="$P_SRV allow_sha1=1"
-P_CLI="$P_CLI allow_sha1=1"
-
# Also pick a unique name for intermediate files
SRV_OUT="srv_out.$$"
CLI_OUT="cli_out.$$"
@@ -13375,17 +13400,21 @@
requires_max_content_len 16384
run_tests_memory_after_hanshake
-# Final report
+if [ "$LIST_TESTS" -eq 0 ]; then
-echo "------------------------------------------------------------------------"
+ # Final report
-if [ $FAILS = 0 ]; then
- printf "PASSED"
-else
- printf "FAILED"
+ echo "------------------------------------------------------------------------"
+
+ if [ $FAILS = 0 ]; then
+ printf "PASSED"
+ else
+ printf "FAILED"
+ fi
+ PASSES=$(( $TESTS - $FAILS ))
+ echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
+
fi
-PASSES=$(( $TESTS - $FAILS ))
-echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
if [ $FAILS -gt 255 ]; then
# Clamp at 255 as caller gets exit code & 0xFF
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 7d81608..c689699 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -31,15 +31,13 @@
data_t *result)
{
mbedtls_ctr_drbg_context ctx;
+ mbedtls_ctr_drbg_init(&ctx);
unsigned char buf[64];
size_t entropy_chunk_len = (size_t) entropy_len_arg;
-
TEST_ASSERT(entropy_chunk_len <= sizeof(buf));
test_offset_idx = 0;
- mbedtls_ctr_drbg_init(&ctx);
-
test_max_idx = entropy->len;
/* CTR_DRBG_Instantiate(entropy[:entropy->len], nonce, perso, <ignored>)
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index 0e013b7..ed9f3ac 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -102,6 +102,7 @@
if (fwrite(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) !=
MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ fclose(f);
return -1;
}
@@ -124,6 +125,7 @@
if (fread(buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f) !=
MBEDTLS_ENTROPY_BLOCK_SIZE) {
+ fclose(f);
return -1;
}
diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function
index 0b8434b..6751136 100644
--- a/tests/suites/test_suite_mps.function
+++ b/tests/suites/test_suite_mps.function
@@ -65,6 +65,8 @@
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0);
TEST_ASSERT(paused == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -119,6 +121,8 @@
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -170,6 +174,8 @@
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -217,6 +223,8 @@
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -250,6 +258,8 @@
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_NEED_ACCUMULATOR);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -297,6 +307,7 @@
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, &tmp_len) == 0);
TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 50, 50);
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -333,6 +344,7 @@
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -458,6 +470,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -562,6 +576,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -623,6 +639,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_DATA_LEFT);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -795,6 +813,7 @@
break;
}
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
@@ -951,6 +970,7 @@
}
}
+exit:
/* Cleanup */
mbedtls_mps_reader_free(&rd);
mbedtls_free(incoming);
@@ -1103,6 +1123,7 @@
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
}
+exit:
/* Wrapup */
mbedtls_mps_reader_free(&rd);
}
@@ -1136,6 +1157,8 @@
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
+
+exit:
mbedtls_mps_reader_free(&rd);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 730bb88..733909e 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -68,6 +68,7 @@
static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
{
mbedtls_pk_context key;
+ mbedtls_pk_init(&key);
unsigned char *buf = NULL;
unsigned char *check_buf = NULL;
unsigned char *start_buf;
@@ -78,9 +79,6 @@
USE_PSA_INIT();
- mbedtls_pk_init(&key);
- USE_PSA_INIT();
-
/* Note: if mbedtls_pk_load_file() successfully reads the file, then
it also allocates check_buf, which should be freed on exit */
TEST_EQUAL(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len), 0);
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 2dfc7a4..a510f8e 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -7639,8 +7639,7 @@
* no reliance on external buffers. */
psa_interruptible_set_max_ops(PSA_INTERRUPTIBLE_MAX_OPS_UNLIMITED);
- input_buffer = mbedtls_calloc(1, input_data->len);
- TEST_ASSERT(input_buffer != NULL);
+ TEST_CALLOC(input_buffer, input_data->len);
memcpy(input_buffer, input_data->x, input_data->len);
@@ -7657,8 +7656,7 @@
PSA_ASSERT(psa_sign_hash_abort(&sign_operation));
- input_buffer = mbedtls_calloc(1, input_data->len);
- TEST_ASSERT(input_buffer != NULL);
+ TEST_CALLOC(input_buffer, input_data->len);
memcpy(input_buffer, input_data->x, input_data->len);
@@ -7683,6 +7681,7 @@
psa_destroy_key(key);
mbedtls_free(signature);
+ mbedtls_free(input_buffer);
PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index 9c5ef23..8e96984 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -1297,7 +1297,7 @@
mbedtls_svc_key_id_t returned_id;
mbedtls_svc_key_id_t sw_key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t sw_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_attributes_t drv_attributes;
+ psa_key_attributes_t drv_attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
size_t signature_length;
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index eb2407d..9ebc56c 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -24,6 +24,7 @@
{
enum { MSGLEN = 10 };
mbedtls_test_ssl_buffer buf;
+ mbedtls_test_ssl_buffer_init(&buf);
unsigned char input[MSGLEN];
unsigned char output[MSGLEN];
@@ -43,8 +44,6 @@
/* Make sure calling put and get on a buffer that hasn't been set up results
* in error. */
- mbedtls_test_ssl_buffer_init(&buf);
-
TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
== -1);
TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output))
@@ -1200,7 +1199,7 @@
TEST_ASSERT(ret == 0);
- TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
+ TEST_CALLOC(buf, buflen);
while (num_records-- > 0) {
mbedtls_ssl_transform *t_dec, *t_enc;
@@ -1354,7 +1353,7 @@
TEST_ASSERT(ret == 0);
- TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
+ TEST_CALLOC(buf, buflen);
for (mode = 1; mode <= 3; mode++) {
seen_success = 0;
@@ -1787,7 +1786,9 @@
{
mbedtls_ssl_key_set keys;
mbedtls_ssl_transform transform_send;
+ mbedtls_ssl_transform_init(&transform_send);
mbedtls_ssl_transform transform_recv;
+ mbedtls_ssl_transform_init(&transform_recv);
mbedtls_record rec;
unsigned char *buf = NULL;
size_t buf_len;
@@ -1818,8 +1819,6 @@
keys.key_len = server_write_key->len;
keys.iv_len = server_write_iv->len;
- mbedtls_ssl_transform_init(&transform_recv);
- mbedtls_ssl_transform_init(&transform_send);
MD_OR_USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_tls13_populate_transform(
@@ -1958,7 +1957,7 @@
/* Serialize it */
TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- TEST_ASSERT((buf = mbedtls_calloc(1, len)) != NULL);
+ TEST_CALLOC(buf, len);
TEST_ASSERT(mbedtls_ssl_session_save(&original, buf, len, &len)
== 0);
@@ -2172,7 +2171,8 @@
for (bad_len = 1; bad_len < good_len; bad_len++) {
/* Allocate exact size so that asan/valgrind can detect any overwrite */
mbedtls_free(buf);
- TEST_ASSERT((buf = mbedtls_calloc(1, bad_len)) != NULL);
+ buf = NULL;
+ TEST_CALLOC(buf, bad_len);
TEST_ASSERT(mbedtls_ssl_session_save(&session, buf, bad_len,
&test_len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
@@ -2215,7 +2215,7 @@
}
TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
- TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL);
+ TEST_CALLOC(good_buf, good_len);
TEST_ASSERT(mbedtls_ssl_session_save(&session, good_buf, good_len,
&good_len) == 0);
mbedtls_ssl_session_free(&session);
@@ -2224,8 +2224,8 @@
for (bad_len = 0; bad_len < good_len; bad_len++) {
/* Allocate exact size so that asan/valgrind can detect any overread */
mbedtls_free(bad_buf);
- bad_buf = mbedtls_calloc(1, bad_len ? bad_len : 1);
- TEST_ASSERT(bad_buf != NULL);
+ bad_buf = NULL;
+ TEST_CALLOC_NONNULL(bad_buf, bad_len);
memcpy(bad_buf, good_buf, bad_len);
TEST_ASSERT(mbedtls_ssl_session_load(&session, bad_buf, bad_len)
@@ -3122,6 +3122,7 @@
mbedtls_psa_stats_t stats;
size_t free_slots_before = -1;
mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
@@ -3129,7 +3130,6 @@
mbedtls_platform_zeroize(&client, sizeof(client));
mbedtls_platform_zeroize(&server, sizeof(server));
- mbedtls_test_init_handshake_options(&options);
options.pk_alg = MBEDTLS_PK_ECDSA;
options.server_min_version = MBEDTLS_SSL_VERSION_TLS1_2;
options.server_max_version = MBEDTLS_SSL_VERSION_TLS1_2;
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 114bd52..894e0bb 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -729,7 +729,7 @@
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* CRLs aren't supported with CA callbacks, so skip the CA callback
* version of the test if CRLs are in use. */
- if (crl_file == NULL || strcmp(crl_file, "") == 0) {
+ if (strcmp(crl_file, "") == 0) {
flags = 0;
res = mbedtls_x509_crt_verify_with_ca_cb(&crt,
@@ -928,15 +928,17 @@
int ret = 0, i;
size_t len = 0, out_size;
mbedtls_asn1_named_data *names = NULL;
- mbedtls_x509_name parsed, *parsed_cur;
+ mbedtls_x509_name parsed;
+ memset(&parsed, 0, sizeof(parsed));
+ mbedtls_x509_name *parsed_cur;
// Size of buf is maximum required for test cases
- unsigned char buf[80], *out = NULL, *c;
+ unsigned char buf[80] = { 0 };
+ unsigned char *out = NULL;
+ unsigned char *c = buf + sizeof(buf);
const char *short_name;
USE_PSA_INIT();
- memset(&parsed, 0, sizeof(parsed));
- memset(buf, 0, sizeof(buf));
- c = buf + sizeof(buf);
+
// Additional size required for trailing space
out_size = strlen(expected_oids) + 2;
TEST_CALLOC(out, out_size);
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index a7ed262..4de9add 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -699,16 +699,16 @@
int ret;
size_t len = 0;
mbedtls_asn1_named_data *names = NULL;
- mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
- unsigned char buf[1024], out[1024], *c;
+ mbedtls_x509_name parsed;
+ memset(&parsed, 0, sizeof(parsed));
+ mbedtls_x509_name *parsed_cur = NULL;
+ mbedtls_x509_name *parsed_prv = NULL;
+ unsigned char buf[1024] = { 0 };
+ unsigned char out[1024] = { 0 };
+ unsigned char *c = buf + sizeof(buf);
USE_PSA_INIT();
- memset(&parsed, 0, sizeof(parsed));
- memset(out, 0, sizeof(out));
- memset(buf, 0, sizeof(buf));
- c = buf + sizeof(buf);
-
ret = mbedtls_x509_string_to_names(&names, name);
TEST_EQUAL(ret, result);