Merge pull request #7021 from lpy4105/issue/backport-do-not-run-x86-tests-on-arm64
Backport 2.28: all.sh: test_m32_xx is not supported on arm64 host
diff --git a/ChangeLog.d/build-without-certs.txt b/ChangeLog.d/build-without-certs.txt
new file mode 100644
index 0000000..dcb5c77
--- /dev/null
+++ b/ChangeLog.d/build-without-certs.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix build errors in test programs when MBEDTLS_CERTS_C is disabled.
+ Fixes #6243.
diff --git a/ChangeLog.d/c-build-helper-hostcc.txt b/ChangeLog.d/c-build-helper-hostcc.txt
new file mode 100644
index 0000000..86182c3
--- /dev/null
+++ b/ChangeLog.d/c-build-helper-hostcc.txt
@@ -0,0 +1,4 @@
+Features
+ * Use HOSTCC (if it is set) when compiling C code during generation of the
+ configuration-independent files. This allows them to be generated when
+ CC is set for cross compilation.
diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt
new file mode 100644
index 0000000..57fe37a
--- /dev/null
+++ b/ChangeLog.d/fix-example-programs-no-args.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix behavior of certain sample programs which could, when run with no
+ arguments, access uninitialized memory in some cases. Fixes #6700 (which
+ was found by TrustInSoft Analyzer during REDOCS'22) and #1120.
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 02421e4..aa155d7 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -83,16 +83,16 @@
/**
* \brief Supported cipher types.
*
- * \warning RC4 and DES are considered weak ciphers and their use
- * constitutes a security risk. Arm recommends considering stronger
+ * \warning RC4 and DES/3DES are considered weak ciphers and their use
+ * constitutes a security risk. We recommend considering stronger
* ciphers instead.
*/
typedef enum {
MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
- MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
- MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
+ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. \warning DES is considered weak. */
+ MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. \warning 3DES is considered weak. */
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
@@ -103,8 +103,8 @@
/**
* \brief Supported {cipher type, cipher mode} pairs.
*
- * \warning RC4 and DES are considered weak ciphers and their use
- * constitutes a security risk. Arm recommends considering stronger
+ * \warning RC4 and DES/3DES are considered weak ciphers and their use
+ * constitutes a security risk. We recommend considering stronger
* ciphers instead.
*/
typedef enum {
@@ -140,12 +140,12 @@
MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
- MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
- MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
- MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
- MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
- MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
+ MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. \warning DES is considered weak. */
+ MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. \warning DES is considered weak. */
+ MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. \warning 3DES is considered weak. */
+ MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. \warning 3DES is considered weak. */
+ MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak. */
+ MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak. */
MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
@@ -226,11 +226,11 @@
enum {
/** Undefined key length. */
MBEDTLS_KEY_LENGTH_NONE = 0,
- /** Key length, in bits (including parity), for DES keys. */
+ /** Key length, in bits (including parity), for DES keys. \warning DES is considered weak. */
MBEDTLS_KEY_LENGTH_DES = 64,
- /** Key length in bits, including parity, for DES in two-key EDE. */
+ /** Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak. */
MBEDTLS_KEY_LENGTH_DES_EDE = 128,
- /** Key length in bits, including parity, for DES in three-key EDE. */
+ /** Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak. */
MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
};
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 9a2de67..5dcbdd1 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2765,7 +2765,7 @@
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers instead.
*/
#define MBEDTLS_DES_C
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 2944d5c..f2bc581 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -3,7 +3,7 @@
*
* \brief DES block cipher
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -60,7 +60,7 @@
/**
* \brief DES context structure
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -71,6 +71,10 @@
/**
* \brief Triple-DES context structure
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
typedef struct mbedtls_des3_context {
uint32_t sk[96]; /*!< 3DES subkeys */
@@ -86,7 +90,7 @@
*
* \param ctx DES context to be initialized
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -97,7 +101,7 @@
*
* \param ctx DES context to be cleared
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -107,6 +111,10 @@
* \brief Initialize Triple-DES context
*
* \param ctx DES3 context to be initialized
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
void mbedtls_des3_init(mbedtls_des3_context *ctx);
@@ -114,6 +122,10 @@
* \brief Clear Triple-DES context
*
* \param ctx DES3 context to be cleared
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
void mbedtls_des3_free(mbedtls_des3_context *ctx);
@@ -125,7 +137,7 @@
*
* \param key 8-byte secret key
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -141,7 +153,7 @@
*
* \return 0 is parity was ok, 1 if parity was not correct.
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -155,7 +167,7 @@
*
* \return 0 if no weak key was found, 1 if a weak key was identified.
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -170,7 +182,7 @@
*
* \return 0
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -185,7 +197,7 @@
*
* \return 0
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -199,6 +211,10 @@
* \param key 16-byte secret key
*
* \return 0
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
@@ -211,6 +227,10 @@
* \param key 16-byte secret key
*
* \return 0
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
@@ -223,6 +243,10 @@
* \param key 24-byte secret key
*
* \return 0
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
@@ -235,6 +259,10 @@
* \param key 24-byte secret key
*
* \return 0
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
@@ -249,7 +277,7 @@
*
* \return 0 if successful
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -277,7 +305,7 @@
* \param input buffer holding the input data
* \param output buffer holding the output data
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -298,6 +326,10 @@
* \param output 64-bit output block
*
* \return 0 if successful
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
@@ -324,6 +356,10 @@
* \param output buffer holding the output data
*
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
@@ -342,7 +378,7 @@
* \param SK Round keys
* \param key Base key
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
diff --git a/library/ccm.c b/library/ccm.c
index 82c308a..2d2695e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -478,7 +478,7 @@
mbedtls_ccm_init(&ctx);
if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
- 8 * sizeof key_test_data) != 0) {
+ 8 * sizeof(key_test_data)) != 0) {
if (verbose != 0) {
mbedtls_printf(" CCM: setup failed");
}
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 8a9f79e2..6ce4f64 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -533,7 +533,7 @@
#if defined(ECP_LOAD_GROUP)
/*
* Create an MPI from embedded constants
- * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
+ * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint))
*/
static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len)
{
@@ -1252,7 +1252,7 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
M.p = Mp;
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 255 % (8 * sizeof(mbedtls_mpi_uint))));
M.n++; /* Make room for multiplication by 19 */
@@ -1386,7 +1386,7 @@
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
@@ -1412,7 +1412,7 @@
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
diff --git a/library/entropy.c b/library/entropy.c
index 1a4ac96..af78acc 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -706,7 +706,7 @@
goto cleanup;
}
- if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof buf)) != 0) {
+ if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof(buf))) != 0) {
goto cleanup;
}
diff --git a/library/ripemd160.c b/library/ripemd160.c
index f5dc5f5..a2e11cd 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -496,7 +496,7 @@
int i, ret = 0;
unsigned char output[20];
- memset(output, 0, sizeof output);
+ memset(output, 0, sizeof(output));
for (i = 0; i < TESTS; i++) {
if (verbose != 0) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9ea96b0..aaeb515 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1645,10 +1645,10 @@
memset(&sb, 0, sizeof(sb));
while ((entry = readdir(dir)) != NULL) {
- snp_ret = mbedtls_snprintf(entry_name, sizeof entry_name,
+ snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name),
"%s/%s", path, entry->d_name);
- if (snp_ret < 0 || (size_t) snp_ret >= sizeof entry_name) {
+ if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) {
ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
goto cleanup;
} else if (stat(entry_name, &sb) == -1) {
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index cc208b3..a415874 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -46,7 +46,8 @@
uint16_t options;
if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
+ defined(MBEDTLS_CERTS_C)
mbedtls_x509_crt_init(&cacert);
if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len) != 0) {
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index 6e8a5e6..1fcbc92 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -43,7 +43,8 @@
fuzzBufferOffset_t biomemfuzz;
if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
+ defined(MBEDTLS_CERTS_C)
mbedtls_x509_crt_init(&cacert);
if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len) != 0) {
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 99366ae..529fbbf 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -47,7 +47,8 @@
fuzzBufferOffset_t biomemfuzz;
if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
+ defined(MBEDTLS_CERTS_C)
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 5f970e9..e161d7e 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -55,7 +55,8 @@
options = Data[Size - 1];
if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
+ defined(MBEDTLS_CERTS_C)
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index edb40b6..66eaee0 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -173,7 +173,7 @@
mbedtls_md_init(&md_ctx);
- if (argc == 1) {
+ if (argc < 2) {
const int *list;
mbedtls_printf("print mode: generic_sum <mbedtls_md> <file> <file> ...\n");
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index b09ef42..9037ce3 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -75,7 +75,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index da28c7d..a348eff 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -78,7 +78,7 @@
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy,
(const unsigned char *) pers,
- sizeof pers)) != 0) {
+ sizeof(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 8f9867a..e5d2d44 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -77,7 +77,7 @@
size_t len;
if (mbedtls_ecp_point_write_binary(&key->grp, &key->Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf) != 0) {
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof(buf)) != 0) {
mbedtls_printf("internal error\n");
return;
}
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index ac6ed94..1a6463d 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -204,7 +204,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
#if defined(MBEDTLS_ECP_C)
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 4d60299..a757cb3 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -95,7 +95,7 @@
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto cleanup;
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index ba926e3..0009d91 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -209,7 +209,7 @@
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d42a38e..ca74c00 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -767,7 +767,7 @@
mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
- if (argc == 0) {
+ if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 643d3c2..6f1dc1c 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -367,7 +367,7 @@
mbedtls_pk_init(&pkey);
mbedtls_ctr_drbg_init(&ctr_drbg);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index dd78c0b..2d5a133 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1449,7 +1449,7 @@
signal(SIGINT, term_handler);
#endif
- if (argc == 0) {
+ if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
@@ -2358,7 +2358,7 @@
#if !defined(MBEDTLS_CERTS_C)
mbedtls_printf("Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n");
goto exit;
-#else
+#else /* MBEDTLS_CERTS_C */
#if defined(MBEDTLS_RSA_C)
if ((ret = mbedtls_x509_crt_parse(&srvcert,
(const unsigned char *) mbedtls_test_srv_crt_rsa,
@@ -2393,6 +2393,7 @@
}
key_cert_init2 = 2;
#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_CERTS_C */
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -2418,11 +2419,10 @@
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_CERTS_C */
- mbedtls_printf(" ok (key types: %s - %s)\n",
- mbedtls_pk_get_name(&pkey),
- mbedtls_pk_get_name(&pkey2));
+ mbedtls_printf(" ok (key types: %s - %s)\n",
+ mbedtls_pk_get_name(&pkey),
+ mbedtls_pk_get_name(&pkey2));
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index d846031..ff470b2 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -38,7 +38,7 @@
int main(int argc, char *argv[])
{
- if (argc != 2) {
+ if (argc < 2 || strcmp(argv[1], "-h") == 0) {
mbedtls_printf(USAGE, argv[0]);
return MBEDTLS_EXIT_FAILURE;
}
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index b66226d..d25b057 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -193,7 +193,7 @@
memset(buf, 0, sizeof(buf));
memset(der_buffer, 0, sizeof(der_buffer));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index a45802c..b14b084 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -165,7 +165,7 @@
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 9b854a1..d7818d7 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -163,7 +163,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index ad3dacd..ea20144 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -241,7 +241,7 @@
mbedtls_x509_crt_init(&issuer_crt);
memset(buf, 0, 1024);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 4b98757..b00f9f3 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -72,7 +72,7 @@
*/
mbedtls_x509_crl_init(&crl);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index bc9f67f..dd7fac7 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -72,7 +72,7 @@
*/
mbedtls_x509_csr_init(&csr);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/scripts/mbedtls_dev/c_build_helper.py b/scripts/mbedtls_dev/c_build_helper.py
index 5c587a1..d76b746 100644
--- a/scripts/mbedtls_dev/c_build_helper.py
+++ b/scripts/mbedtls_dev/c_build_helper.py
@@ -89,6 +89,37 @@
}
''')
+def compile_c_file(c_filename, exe_filename, include_dirs):
+ """Compile a C source file with the host compiler.
+
+ * ``c_filename``: the name of the source file to compile.
+ * ``exe_filename``: the name for the executable to be created.
+ * ``include_dirs``: a list of paths to include directories to be passed
+ with the -I switch.
+ """
+ # Respect $HOSTCC if it is set
+ cc = os.getenv('HOSTCC', None)
+ if cc is None:
+ cc = os.getenv('CC', 'cc')
+ cmd = [cc]
+
+ proc = subprocess.Popen(cmd,
+ stdout=subprocess.DEVNULL,
+ stderr=subprocess.PIPE,
+ universal_newlines=True)
+ cc_is_msvc = 'Microsoft (R) C/C++' in proc.communicate()[1]
+
+ cmd += ['-I' + dir for dir in include_dirs]
+ if cc_is_msvc:
+ # MSVC has deprecated using -o to specify the output file,
+ # and produces an object file in the working directory by default.
+ obj_filename = exe_filename[:-4] + '.obj'
+ cmd += ['-Fe' + exe_filename, '-Fo' + obj_filename]
+ else:
+ cmd += ['-o' + exe_filename]
+
+ subprocess.check_call(cmd + [c_filename])
+
def get_c_expression_values(
cast_to, printf_format,
expressions,
@@ -123,10 +154,8 @@
expressions)
)
c_file.close()
- cc = os.getenv('CC', 'cc')
- subprocess.check_call([cc] +
- ['-I' + dir for dir in include_path] +
- ['-o', exe_name, c_name])
+
+ compile_c_file(c_name, exe_name, include_path)
if keep_c:
sys.stderr.write('List of {} tests kept at {}\n'
.format(caller, c_name))
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ada9ec3..1490bd0 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1040,6 +1040,18 @@
tests/ssl-opt.sh
}
+component_test_no_certs () {
+ msg "build: full minus MBEDTLS_CERTS_C"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_CERTS_C
+ # Quick build+test (we're checking for stray uses of the test certs,
+ # not expecting their absence to lead to subtle problems).
+ make
+
+ msg "test: full minus MBEDTLS_CERTS_C - main suites"
+ make test
+}
+
component_test_no_pem_no_fs () {
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
scripts/config.py unset MBEDTLS_PEM_PARSE_C
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index d20ec2e..352b55e 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -268,7 +268,7 @@
heading = "Invalid UTF-8 or forbidden character:"
- # Only allow valid UTF-8, and only white-listed characters.
+ # Only allow valid UTF-8, and only other explicitly allowed characters.
# We deliberately exclude all characters that aren't a simple non-blank,
# non-zero-width glyph, apart from a very small set (tab, ordinary space,
# line breaks, "basic" no-break space and soft hyphen). In particular,
@@ -285,6 +285,7 @@
'\u2070\u2071\u2074-\u208E\u2090-\u209C', # Superscripts and Subscripts
'\u2190-\u21FF', # Arrows
'\u2200-\u22FF', # Mathematical Symbols
+ '\u2500-\u257F' # Box Drawings characters used in markdown trees
])
# Allow any of the characters and ranges above, and anything classified
# as a word constituent.
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 29753ff..4c6ee6f 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -284,7 +284,7 @@
}
TEST_EQUAL(test_offset_idx, expected_idx);
- /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
+ /* Call update with too much data (sizeof(entropy) > MAX(_SEED)_INPUT).
* Make sure it's detected as an error and doesn't cause memory
* corruption. */
TEST_ASSERT(mbedtls_ctr_drbg_update_ret(
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 452acf5..5e950a1 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -12,8 +12,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -21,7 +21,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -32,8 +32,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -41,7 +41,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -52,8 +52,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -61,7 +61,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -72,8 +72,8 @@
unsigned char src_str[100];
unsigned char output[20];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -81,7 +81,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 57e95f0..4f24a46 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -902,7 +902,7 @@
USE_PSA_INIT();
memset(hash, 0x2a, hash_len);
- memset(sig, 0, sizeof sig);
+ memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
@@ -1095,8 +1095,8 @@
return;
}
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
mbedtls_pk_init(&pk);
@@ -1140,11 +1140,11 @@
mbedtls_rsa_init(&raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE);
mbedtls_pk_init(&rsa); mbedtls_pk_init(&alt);
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
- memset(msg, 0x2a, sizeof msg);
- memset(ciph, 0, sizeof ciph);
- memset(test, 0, sizeof test);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
+ memset(msg, 0x2a, sizeof(msg));
+ memset(ciph, 0, sizeof(ciph));
+ memset(test, 0, sizeof(test));
/* Initialize PK RSA context with random key */
TEST_ASSERT(mbedtls_pk_setup(&rsa,
@@ -1172,29 +1172,29 @@
&sig_len, mbedtls_test_rnd_std_rand, NULL)
== MBEDTLS_ERR_PK_BAD_INPUT_DATA);
#endif /* SIZE_MAX > UINT_MAX */
- TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig,
+ TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof(hash), sig,
&sig_len, mbedtls_test_rnd_std_rand, NULL)
== 0);
TEST_ASSERT(sig_len == RSA_KEY_LEN);
TEST_ASSERT(mbedtls_pk_verify(&rsa, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len) == 0);
+ hash, sizeof(hash), sig, sig_len) == 0);
/* Test decrypt */
- TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
+ TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof(msg),
+ ciph, &ciph_len, sizeof(ciph),
mbedtls_test_rnd_std_rand, NULL) == 0);
TEST_ASSERT(mbedtls_pk_decrypt(&alt, ciph, ciph_len,
- test, &test_len, sizeof test,
+ test, &test_len, sizeof(test),
mbedtls_test_rnd_std_rand, NULL) == 0);
- TEST_ASSERT(test_len == sizeof msg);
+ TEST_ASSERT(test_len == sizeof(msg));
TEST_ASSERT(memcmp(test, msg, test_len) == 0);
/* Test forbidden operations */
- TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
+ TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof(msg),
+ ciph, &ciph_len, sizeof(ciph),
mbedtls_test_rnd_std_rand, NULL) == ret);
TEST_ASSERT(mbedtls_pk_verify(&alt, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len) == ret);
+ hash, sizeof(hash), sig, sig_len) == ret);
TEST_ASSERT(mbedtls_pk_debug(&alt, dbg_items) == ret);
exit:
@@ -1257,11 +1257,11 @@
TEST_EQUAL(psa_get_key_lifetime(&attributes),
PSA_KEY_LIFETIME_VOLATILE);
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, &sig_len,
+ hash, sizeof(hash), sig, &sig_len,
NULL, NULL) == 0);
/* Export underlying public key for re-importing in a psa context. */
@@ -1282,7 +1282,7 @@
TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start,
klen_legacy) == 0);
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len) == 0);
+ hash, sizeof(hash), sig, sig_len) == 0);
exit:
/*
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 6004098..1dec18d 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -728,6 +728,7 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
@@ -1041,7 +1042,8 @@
return (max_steps >= 0) ? ret : -1;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif \
+ /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
/*
* Write application data. Increase write counter if necessary.
@@ -1438,7 +1440,9 @@
memset(session->id, 66, session->id_len);
memset(session->master, 17, sizeof(session->master));
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_FS_IO)
if (strlen(crt_file) != 0) {
mbedtls_x509_crt tmp_crt;
int ret;
@@ -1479,9 +1483,9 @@
mbedtls_x509_crt_free(&tmp_crt);
}
-#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
+#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */
(void) crt_file;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */
session->verify_result = 0xdeadbeef;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -1648,6 +1652,7 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
void perform_handshake(handshake_test_options *options)
@@ -1999,7 +2004,8 @@
}
#endif
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif \
+ /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
/* END_HEADER */
@@ -3047,7 +3053,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C */
void ssl_set_hostname_twice(char *hostname0, char *hostname1)
{
mbedtls_ssl_context ssl;
@@ -3768,7 +3774,8 @@
TEST_ASSERT(memcmp(original.master,
restored.master, sizeof(original.master)) == 0);
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
TEST_ASSERT((original.peer_cert == NULL) ==
(restored.peer_cert == NULL));
@@ -3792,7 +3799,7 @@
original.peer_cert_digest_len) == 0);
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C */
TEST_ASSERT(original.verify_result == restored.verify_result);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -4013,7 +4020,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void mbedtls_endpoint_sanity(int endpoint_type)
{
enum { BUFFSIZE = 1024 };
@@ -4036,7 +4043,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
void move_handshake_to_state(int endpoint_type, int state, int need_pass)
{
enum { BUFFSIZE = 1024 };
@@ -4078,7 +4085,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_version(int dtls, int client_min_version, int client_max_version,
int server_min_version, int server_max_version,
int expected_negotiated_version)
@@ -4108,7 +4115,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls)
{
handshake_test_options options;
@@ -4126,7 +4133,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void handshake_cipher(char *cipher, int pk_alg, int dtls)
{
test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls);
@@ -4136,7 +4143,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void app_data(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments, int dtls)
@@ -4157,7 +4164,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -4169,7 +4176,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -4181,7 +4188,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_serialization()
{
handshake_test_options options;
@@ -4195,7 +4202,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED*/
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED*/
void handshake_fragmentation(int mfl,
int expected_srv_hs_fragmentation,
int expected_cli_hs_fragmentation)
@@ -4231,7 +4238,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void renegotiation(int legacy_renegotiation)
{
handshake_test_options options;
@@ -4247,7 +4254,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls, char *cipher)
{
@@ -4268,7 +4275,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_serialize_mfl(int mfl)
{
test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -4279,7 +4286,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
char *cipher)
{
@@ -4290,7 +4297,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 91ac00d..db7c086 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1117,9 +1117,9 @@
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
- ret = mbedtls_snprintf(file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
+ ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir,
nb_int + 1);
- TEST_ASSERT(ret > 0 && (size_t) ret < sizeof file_buf);
+ TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf));
TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0);
/* Try to verify that chain */
@@ -1212,13 +1212,13 @@
mbedtls_x509_buf oid;
char num_buf[100];
- memset(num_buf, 0x2a, sizeof num_buf);
+ memset(num_buf, 0x2a, sizeof(num_buf));
oid.tag = MBEDTLS_ASN1_OID;
oid.p = oid_buf->x;
oid.len = oid_buf->len;
- TEST_ASSERT((size_t) blen <= sizeof num_buf);
+ TEST_ASSERT((size_t) blen <= sizeof(num_buf));
TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret);