Merge pull request #6976 from davidhorstmann-arm/2.28-c-build-helper-improvements
[Backport 2.28] Minor improvements to `c_build_helper.py`
diff --git a/.uncrustify.cfg b/.uncrustify.cfg
index 7ce0905..92b8ce9 100644
--- a/.uncrustify.cfg
+++ b/.uncrustify.cfg
@@ -19,8 +19,6 @@
# limitations under the License.
-# Line length options
-
# Wrap lines at 100 characters
code_width = 100
diff --git a/ChangeLog.d/build-without-certs.txt b/ChangeLog.d/build-without-certs.txt
new file mode 100644
index 0000000..dcb5c77
--- /dev/null
+++ b/ChangeLog.d/build-without-certs.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix build errors in test programs when MBEDTLS_CERTS_C is disabled.
+ Fixes #6243.
diff --git a/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
new file mode 100644
index 0000000..0a90721
--- /dev/null
+++ b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by
+ Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by
+ Aaron Ucko under Valgrind.
diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt
new file mode 100644
index 0000000..57fe37a
--- /dev/null
+++ b/ChangeLog.d/fix-example-programs-no-args.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix behavior of certain sample programs which could, when run with no
+ arguments, access uninitialized memory in some cases. Fixes #6700 (which
+ was found by TrustInSoft Analyzer during REDOCS'22) and #1120.
diff --git a/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt
new file mode 100644
index 0000000..a85c79b
--- /dev/null
+++ b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt
@@ -0,0 +1,5 @@
+Bugfix
+ * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers
+ whose binary representation is longer than 20 bytes. This was already
+ forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being
+ enforced also at code level.
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 02421e4..aa155d7 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -83,16 +83,16 @@
/**
* \brief Supported cipher types.
*
- * \warning RC4 and DES are considered weak ciphers and their use
- * constitutes a security risk. Arm recommends considering stronger
+ * \warning RC4 and DES/3DES are considered weak ciphers and their use
+ * constitutes a security risk. We recommend considering stronger
* ciphers instead.
*/
typedef enum {
MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID lists. */
MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream cipher. */
MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
- MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
- MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
+ MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. \warning DES is considered weak. */
+ MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. \warning 3DES is considered weak. */
MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
MBEDTLS_CIPHER_ID_BLOWFISH, /**< The Blowfish cipher. */
MBEDTLS_CIPHER_ID_ARC4, /**< The RC4 cipher. */
@@ -103,8 +103,8 @@
/**
* \brief Supported {cipher type, cipher mode} pairs.
*
- * \warning RC4 and DES are considered weak ciphers and their use
- * constitutes a security risk. Arm recommends considering stronger
+ * \warning RC4 and DES/3DES are considered weak ciphers and their use
+ * constitutes a security risk. We recommend considering stronger
* ciphers instead.
*/
typedef enum {
@@ -140,12 +140,12 @@
MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode. */
MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode. */
- MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
- MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
- MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
- MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
- MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
- MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
+ MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. \warning DES is considered weak. */
+ MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. \warning DES is considered weak. */
+ MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. \warning 3DES is considered weak. */
+ MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. \warning 3DES is considered weak. */
+ MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. \warning 3DES is considered weak. */
+ MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. \warning 3DES is considered weak. */
MBEDTLS_CIPHER_BLOWFISH_ECB, /**< Blowfish cipher with ECB mode. */
MBEDTLS_CIPHER_BLOWFISH_CBC, /**< Blowfish cipher with CBC mode. */
MBEDTLS_CIPHER_BLOWFISH_CFB64, /**< Blowfish cipher with CFB64 mode. */
@@ -226,11 +226,11 @@
enum {
/** Undefined key length. */
MBEDTLS_KEY_LENGTH_NONE = 0,
- /** Key length, in bits (including parity), for DES keys. */
+ /** Key length, in bits (including parity), for DES keys. \warning DES is considered weak. */
MBEDTLS_KEY_LENGTH_DES = 64,
- /** Key length in bits, including parity, for DES in two-key EDE. */
+ /** Key length in bits, including parity, for DES in two-key EDE. \warning 3DES is considered weak. */
MBEDTLS_KEY_LENGTH_DES_EDE = 128,
- /** Key length in bits, including parity, for DES in three-key EDE. */
+ /** Key length in bits, including parity, for DES in three-key EDE. \warning 3DES is considered weak. */
MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
};
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 9a2de67..5dcbdd1 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2765,7 +2765,7 @@
*
* PEM_PARSE uses DES/3DES for decrypting encrypted keys.
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers instead.
*/
#define MBEDTLS_DES_C
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 2944d5c..f2bc581 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -3,7 +3,7 @@
*
* \brief DES block cipher
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -60,7 +60,7 @@
/**
* \brief DES context structure
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -71,6 +71,10 @@
/**
* \brief Triple-DES context structure
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
typedef struct mbedtls_des3_context {
uint32_t sk[96]; /*!< 3DES subkeys */
@@ -86,7 +90,7 @@
*
* \param ctx DES context to be initialized
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -97,7 +101,7 @@
*
* \param ctx DES context to be cleared
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -107,6 +111,10 @@
* \brief Initialize Triple-DES context
*
* \param ctx DES3 context to be initialized
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
void mbedtls_des3_init(mbedtls_des3_context *ctx);
@@ -114,6 +122,10 @@
* \brief Clear Triple-DES context
*
* \param ctx DES3 context to be cleared
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
void mbedtls_des3_free(mbedtls_des3_context *ctx);
@@ -125,7 +137,7 @@
*
* \param key 8-byte secret key
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -141,7 +153,7 @@
*
* \return 0 is parity was ok, 1 if parity was not correct.
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -155,7 +167,7 @@
*
* \return 0 if no weak key was found, 1 if a weak key was identified.
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -170,7 +182,7 @@
*
* \return 0
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -185,7 +197,7 @@
*
* \return 0
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -199,6 +211,10 @@
* \param key 16-byte secret key
*
* \return 0
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
@@ -211,6 +227,10 @@
* \param key 16-byte secret key
*
* \return 0
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
@@ -223,6 +243,10 @@
* \param key 24-byte secret key
*
* \return 0
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
@@ -235,6 +259,10 @@
* \param key 24-byte secret key
*
* \return 0
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
@@ -249,7 +277,7 @@
*
* \return 0 if successful
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -277,7 +305,7 @@
* \param input buffer holding the input data
* \param output buffer holding the output data
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
@@ -298,6 +326,10 @@
* \param output 64-bit output block
*
* \return 0 if successful
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
@@ -324,6 +356,10 @@
* \param output buffer holding the output data
*
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
+ *
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
+ * security risk. We recommend considering stronger ciphers
+ * instead.
*/
MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
@@ -342,7 +378,7 @@
* \param SK Round keys
* \param key Base key
*
- * \warning DES is considered a weak cipher and its use constitutes a
+ * \warning DES/3DES are considered weak ciphers and their use constitutes a
* security risk. We recommend considering stronger ciphers
* instead.
*/
diff --git a/library/bignum.c b/library/bignum.c
index 5ec0541..699d2c6 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1280,7 +1280,7 @@
/* Set the high limbs of X to match A. Don't touch the lower limbs
* because X might be aliased to B, and we must not overwrite the
* significant digits of B. */
- if (A->n > n) {
+ if (A->n > n && A != X) {
memcpy(X->p + n, A->p + n, (A->n - n) * ciL);
}
if (X->n > A->n) {
diff --git a/library/ccm.c b/library/ccm.c
index 82c308a..2d2695e 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -478,7 +478,7 @@
mbedtls_ccm_init(&ctx);
if (mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES, key_test_data,
- 8 * sizeof key_test_data) != 0) {
+ 8 * sizeof(key_test_data)) != 0) {
if (verbose != 0) {
mbedtls_printf(" CCM: setup failed");
}
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 8a9f79e2..6ce4f64 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -533,7 +533,7 @@
#if defined(ECP_LOAD_GROUP)
/*
* Create an MPI from embedded constants
- * (assumes len is an exact multiple of sizeof mbedtls_mpi_uint)
+ * (assumes len is an exact multiple of sizeof(mbedtls_mpi_uint))
*/
static inline void ecp_mpi_load(mbedtls_mpi *X, const mbedtls_mpi_uint *p, size_t len)
{
@@ -1252,7 +1252,7 @@
return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
}
M.p = Mp;
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + P255_WIDTH - 1, M.n * sizeof(mbedtls_mpi_uint));
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, 255 % (8 * sizeof(mbedtls_mpi_uint))));
M.n++; /* Make room for multiplication by 19 */
@@ -1386,7 +1386,7 @@
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
@@ -1412,7 +1412,7 @@
if (M.n > p_limbs + adjust) {
M.n = p_limbs + adjust;
}
- memset(Mp, 0, sizeof Mp);
+ memset(Mp, 0, sizeof(Mp));
memcpy(Mp, N->p + p_limbs - adjust, M.n * sizeof(mbedtls_mpi_uint));
if (shift != 0) {
MBEDTLS_MPI_CHK(mbedtls_mpi_shift_r(&M, shift));
diff --git a/library/entropy.c b/library/entropy.c
index 1a4ac96..af78acc 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -706,7 +706,7 @@
goto cleanup;
}
- if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof buf)) != 0) {
+ if ((ret = mbedtls_entropy_update_manual(&ctx, buf, sizeof(buf))) != 0) {
goto cleanup;
}
diff --git a/library/ripemd160.c b/library/ripemd160.c
index f5dc5f5..a2e11cd 100644
--- a/library/ripemd160.c
+++ b/library/ripemd160.c
@@ -496,7 +496,7 @@
int i, ret = 0;
unsigned char output[20];
- memset(output, 0, sizeof output);
+ memset(output, 0, sizeof(output));
for (i = 0; i < TESTS; i++) {
if (verbose != 0) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9ea96b0..aaeb515 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1645,10 +1645,10 @@
memset(&sb, 0, sizeof(sb));
while ((entry = readdir(dir)) != NULL) {
- snp_ret = mbedtls_snprintf(entry_name, sizeof entry_name,
+ snp_ret = mbedtls_snprintf(entry_name, sizeof(entry_name),
"%s/%s", path, entry->d_name);
- if (snp_ret < 0 || (size_t) snp_ret >= sizeof entry_name) {
+ if (snp_ret < 0 || (size_t) snp_ret >= sizeof(entry_name)) {
ret = MBEDTLS_ERR_X509_BUFFER_TOO_SMALL;
goto cleanup;
} else if (stat(entry_name, &sb) == -1) {
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 4a65939..a8f4c28 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -100,6 +100,10 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if (mbedtls_mpi_size(serial) > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
+ return MBEDTLS_ERR_X509_BAD_INPUT_DATA;
+ }
+
if ((ret = mbedtls_mpi_copy(&ctx->serial, serial)) != 0) {
return ret;
}
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index cc208b3..a415874 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -46,7 +46,8 @@
uint16_t options;
if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
+ defined(MBEDTLS_CERTS_C)
mbedtls_x509_crt_init(&cacert);
if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len) != 0) {
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index 6e8a5e6..1fcbc92 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -43,7 +43,8 @@
fuzzBufferOffset_t biomemfuzz;
if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
+ defined(MBEDTLS_CERTS_C)
mbedtls_x509_crt_init(&cacert);
if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len) != 0) {
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 99366ae..529fbbf 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -47,7 +47,8 @@
fuzzBufferOffset_t biomemfuzz;
if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
+ defined(MBEDTLS_CERTS_C)
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 5f970e9..e161d7e 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -55,7 +55,8 @@
options = Data[Size - 1];
if (initialized == 0) {
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
+ defined(MBEDTLS_CERTS_C)
mbedtls_x509_crt_init(&srvcert);
mbedtls_pk_init(&pkey);
if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
index edb40b6..66eaee0 100644
--- a/programs/hash/generic_sum.c
+++ b/programs/hash/generic_sum.c
@@ -173,7 +173,7 @@
mbedtls_md_init(&md_ctx);
- if (argc == 1) {
+ if (argc < 2) {
const int *list;
mbedtls_printf("print mode: generic_sum <mbedtls_md> <file> <file> ...\n");
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index b09ef42..9037ce3 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -75,7 +75,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index da28c7d..a348eff 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -78,7 +78,7 @@
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
&entropy,
(const unsigned char *) pers,
- sizeof pers)) != 0) {
+ sizeof(pers))) != 0) {
mbedtls_printf(" failed\n ! mbedtls_ctr_drbg_seed returned %d\n",
ret);
goto exit;
diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
index 8f9867a..e5d2d44 100644
--- a/programs/pkey/ecdsa.c
+++ b/programs/pkey/ecdsa.c
@@ -77,7 +77,7 @@
size_t len;
if (mbedtls_ecp_point_write_binary(&key->grp, &key->Q,
- MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof buf) != 0) {
+ MBEDTLS_ECP_PF_UNCOMPRESSED, &len, buf, sizeof(buf)) != 0) {
mbedtls_printf("internal error\n");
return;
}
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index ac6ed94..1a6463d 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -204,7 +204,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
#if defined(MBEDTLS_ECP_C)
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 4d60299..a757cb3 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -95,7 +95,7 @@
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto cleanup;
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index ba926e3..0009d91 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -209,7 +209,7 @@
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d42a38e..ca74c00 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -767,7 +767,7 @@
mbedtls_test_enable_insecure_external_rng();
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
- if (argc == 0) {
+ if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 643d3c2..6f1dc1c 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -367,7 +367,7 @@
mbedtls_pk_init(&pkey);
mbedtls_ctr_drbg_init(&ctr_drbg);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index dd78c0b..2d5a133 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1449,7 +1449,7 @@
signal(SIGINT, term_handler);
#endif
- if (argc == 0) {
+ if (argc < 2) {
usage:
if (ret == 0) {
ret = 1;
@@ -2358,7 +2358,7 @@
#if !defined(MBEDTLS_CERTS_C)
mbedtls_printf("Not certificated or key provided, and \nMBEDTLS_CERTS_C not defined!\n");
goto exit;
-#else
+#else /* MBEDTLS_CERTS_C */
#if defined(MBEDTLS_RSA_C)
if ((ret = mbedtls_x509_crt_parse(&srvcert,
(const unsigned char *) mbedtls_test_srv_crt_rsa,
@@ -2393,6 +2393,7 @@
}
key_cert_init2 = 2;
#endif /* MBEDTLS_ECDSA_C */
+#endif /* MBEDTLS_CERTS_C */
}
#if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -2418,11 +2419,10 @@
}
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
-#endif /* MBEDTLS_CERTS_C */
- mbedtls_printf(" ok (key types: %s - %s)\n",
- mbedtls_pk_get_name(&pkey),
- mbedtls_pk_get_name(&pkey2));
+ mbedtls_printf(" ok (key types: %s - %s)\n",
+ mbedtls_pk_get_name(&pkey),
+ mbedtls_pk_get_name(&pkey2));
#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_FS_IO)
diff --git a/programs/test/query_compile_time_config.c b/programs/test/query_compile_time_config.c
index d846031..ff470b2 100644
--- a/programs/test/query_compile_time_config.c
+++ b/programs/test/query_compile_time_config.c
@@ -38,7 +38,7 @@
int main(int argc, char *argv[])
{
- if (argc != 2) {
+ if (argc < 2 || strcmp(argv[1], "-h") == 0) {
mbedtls_printf(USAGE, argv[0]);
return MBEDTLS_EXIT_FAILURE;
}
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index b66226d..d25b057 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -193,7 +193,7 @@
memset(buf, 0, sizeof(buf));
memset(der_buffer, 0, sizeof(der_buffer));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index a45802c..b14b084 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -165,7 +165,7 @@
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 9b854a1..d7818d7 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -163,7 +163,7 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index ad3dacd..ea20144 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -241,7 +241,7 @@
mbedtls_x509_crt_init(&issuer_crt);
memset(buf, 0, 1024);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 4b98757..b00f9f3 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -72,7 +72,7 @@
*/
mbedtls_x509_crl_init(&crl);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index bc9f67f..dd7fac7 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -72,7 +72,7 @@
*/
mbedtls_x509_csr_init(&csr);
- if (argc == 0) {
+ if (argc < 2) {
usage:
mbedtls_printf(USAGE);
goto exit;
diff --git a/scripts/code_style.py b/scripts/code_style.py
index 3958e87..dd8305f 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -1,9 +1,7 @@
#!/usr/bin/env python3
"""Check or fix the code style by running Uncrustify.
-Note: The code style enforced by this script is not yet introduced to
-Mbed TLS. At present this script will only be used to prepare for a future
-change of code style.
+This script must be run from the root of a Git work tree containing Mbed TLS.
"""
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
@@ -20,7 +18,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
import argparse
-import io
import os
import re
import subprocess
@@ -31,12 +28,10 @@
CONFIG_FILE = ".uncrustify.cfg"
UNCRUSTIFY_EXE = "uncrustify"
UNCRUSTIFY_ARGS = ["-c", CONFIG_FILE]
-STDOUT_UTF8 = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
-STDERR_UTF8 = io.TextIOWrapper(sys.stderr.buffer, encoding='utf-8')
CHECK_GENERATED_FILES = "tests/scripts/check-generated-files.sh"
def print_err(*args):
- print("Error: ", *args, file=STDERR_UTF8)
+ print("Error: ", *args, file=sys.stderr)
# Match FILENAME(s) in "check SCRIPT (FILENAME...)"
CHECK_CALL_RE = re.compile(r"\n\s*check\s+[^\s#$&*?;|]+([^\n#$&*?;|]+)",
@@ -69,8 +64,8 @@
"tests/suites/*.function",
"scripts/data_files/*.fmt"]
- result = subprocess.run(git_ls_files_cmd, stdout=subprocess.PIPE, \
- stderr=STDERR_UTF8, check=False)
+ result = subprocess.run(git_ls_files_cmd, stdout=subprocess.PIPE,
+ check=False)
if result.returncode != 0:
print_err("git ls-files returned: " + str(result.returncode))
@@ -90,8 +85,9 @@
"""
Get the version string from Uncrustify
"""
- result = subprocess.run([UNCRUSTIFY_EXE, "--version"], \
- stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=False)
+ result = subprocess.run([UNCRUSTIFY_EXE, "--version"],
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+ check=False)
if result.returncode != 0:
print_err("Could not get Uncrustify version:", str(result.stderr, "utf-8"))
return ""
@@ -106,26 +102,25 @@
style_correct = True
for src_file in src_file_list:
uncrustify_cmd = [UNCRUSTIFY_EXE] + UNCRUSTIFY_ARGS + [src_file]
- result = subprocess.run(uncrustify_cmd, stdout=subprocess.PIPE, \
- stderr=subprocess.PIPE, check=False)
+ result = subprocess.run(uncrustify_cmd, stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE, check=False)
if result.returncode != 0:
- print_err("Uncrustify returned " + str(result.returncode) + \
- " correcting file " + src_file)
+ print_err("Uncrustify returned " + str(result.returncode) +
+ " correcting file " + src_file)
return False
# Uncrustify makes changes to the code and places the result in a new
# file with the extension ".uncrustify". To get the changes (if any)
# simply diff the 2 files.
diff_cmd = ["diff", "-u", src_file, src_file + ".uncrustify"]
- result = subprocess.run(diff_cmd, stdout=subprocess.PIPE, \
- stderr=STDERR_UTF8, check=False)
- if len(result.stdout) > 0:
- print(src_file + " - Incorrect code style.", file=STDOUT_UTF8)
- print("File changed - diff:", file=STDOUT_UTF8)
- print(str(result.stdout, "utf-8"), file=STDOUT_UTF8)
+ cp = subprocess.run(diff_cmd, check=False)
+
+ if cp.returncode == 1:
+ print(src_file + " changed - code style is incorrect.")
style_correct = False
- else:
- print(src_file + " - OK.", file=STDOUT_UTF8)
+ elif cp.returncode != 0:
+ raise subprocess.CalledProcessError(cp.returncode, cp.args,
+ cp.stdout, cp.stderr)
# Tidy up artifact
os.remove(src_file + ".uncrustify")
@@ -139,12 +134,11 @@
code_change_args = UNCRUSTIFY_ARGS + ["--no-backup"]
for src_file in src_file_list:
uncrustify_cmd = [UNCRUSTIFY_EXE] + code_change_args + [src_file]
- result = subprocess.run(uncrustify_cmd, check=False, \
- stdout=STDOUT_UTF8, stderr=STDERR_UTF8)
+ result = subprocess.run(uncrustify_cmd, check=False)
if result.returncode != 0:
- print_err("Uncrustify with file returned: " + \
- str(result.returncode) + " correcting file " + \
- src_file)
+ print_err("Uncrustify with file returned: " +
+ str(result.returncode) + " correcting file " +
+ src_file)
return False
return True
@@ -160,7 +154,7 @@
# Guard against future changes that cause the codebase to require
# more passes.
if not check_style_is_correct(src_file_list):
- print("Code style still incorrect after second run of Uncrustify.")
+ print_err("Code style still incorrect after second run of Uncrustify.")
return 1
else:
return 0
@@ -172,9 +166,9 @@
uncrustify_version = get_uncrustify_version().strip()
if UNCRUSTIFY_SUPPORTED_VERSION not in uncrustify_version:
print("Warning: Using unsupported Uncrustify version '" +
- uncrustify_version + "'", file=STDOUT_UTF8)
+ uncrustify_version + "'")
print("Note: The only supported version is " +
- UNCRUSTIFY_SUPPORTED_VERSION, file=STDOUT_UTF8)
+ UNCRUSTIFY_SUPPORTED_VERSION)
parser = argparse.ArgumentParser()
parser.add_argument('-f', '--fix', action='store_true',
@@ -203,6 +197,7 @@
else:
# Check mode
if check_style_is_correct(src_files):
+ print("Checked {} files, style ok.".format(len(src_files)))
return 0
else:
return 1
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 97d4296..daa0fb6 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1040,6 +1040,18 @@
tests/ssl-opt.sh
}
+component_test_no_certs () {
+ msg "build: full minus MBEDTLS_CERTS_C"
+ scripts/config.py full
+ scripts/config.py unset MBEDTLS_CERTS_C
+ # Quick build+test (we're checking for stray uses of the test certs,
+ # not expecting their absence to lead to subtle problems).
+ make
+
+ msg "test: full minus MBEDTLS_CERTS_C - main suites"
+ make test
+}
+
component_test_no_pem_no_fs () {
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
scripts/config.py unset MBEDTLS_PEM_PARSE_C
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index d20ec2e..352b55e 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -268,7 +268,7 @@
heading = "Invalid UTF-8 or forbidden character:"
- # Only allow valid UTF-8, and only white-listed characters.
+ # Only allow valid UTF-8, and only other explicitly allowed characters.
# We deliberately exclude all characters that aren't a simple non-blank,
# non-zero-width glyph, apart from a very small set (tab, ordinary space,
# line breaks, "basic" no-break space and soft hyphen). In particular,
@@ -285,6 +285,7 @@
'\u2070\u2071\u2074-\u208E\u2090-\u209C', # Superscripts and Subscripts
'\u2190-\u21FF', # Arrows
'\u2200-\u22FF', # Mathematical Symbols
+ '\u2500-\u257F' # Box Drawings characters used in markdown trees
])
# Allow any of the characters and ranges above, and anything classified
# as a word constituent.
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index f71a978..8c08e5c 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -264,7 +264,7 @@
"3rdparty/everest/include/everest/everest.h",
"3rdparty/everest/include/everest/x25519.h"
])
- identifiers = self.parse_identifiers([
+ identifiers, excluded_identifiers = self.parse_identifiers([
"include/mbedtls/*.h",
"include/psa/*.h",
"library/*.h",
@@ -302,6 +302,7 @@
"private_macros": private_macros,
"enum_consts": enum_consts,
"identifiers": identifiers,
+ "excluded_identifiers": excluded_identifiers,
"symbols": symbols,
"mbed_psa_words": mbed_psa_words
}
@@ -315,12 +316,42 @@
return True
return False
- def get_files(self, include_wildcards, exclude_wildcards):
+ def get_all_files(self, include_wildcards, exclude_wildcards):
"""
- Get all files that match any of the UNIX-style wildcards. While the
- check_names script is designed only for use on UNIX/macOS (due to nm),
- this function alone would work fine on Windows even with forward slashes
- in the wildcard.
+ Get all files that match any of the included UNIX-style wildcards
+ and filter them into included and excluded lists.
+ While the check_names script is designed only for use on UNIX/macOS
+ (due to nm), this function alone will work fine on Windows even with
+ forward slashes in the wildcard.
+
+ Args:
+ * include_wildcards: a List of shell-style wildcards to match filepaths.
+ * exclude_wildcards: a List of shell-style wildcards to exclude.
+
+ Returns:
+ * inc_files: A List of relative filepaths for included files.
+ * exc_files: A List of relative filepaths for excluded files.
+ """
+ accumulator = set()
+ all_wildcards = include_wildcards + (exclude_wildcards or [])
+ for wildcard in all_wildcards:
+ accumulator = accumulator.union(glob.iglob(wildcard))
+
+ inc_files = []
+ exc_files = []
+ for path in accumulator:
+ if self.is_file_excluded(path, exclude_wildcards):
+ exc_files.append(path)
+ else:
+ inc_files.append(path)
+ return (inc_files, exc_files)
+
+ def get_included_files(self, include_wildcards, exclude_wildcards):
+ """
+ Get all files that match any of the included UNIX-style wildcards.
+ While the check_names script is designed only for use on UNIX/macOS
+ (due to nm), this function alone will work fine on Windows even with
+ forward slashes in the wildcard.
Args:
* include_wildcards: a List of shell-style wildcards to match filepaths.
@@ -351,7 +382,7 @@
"asm", "inline", "EMIT", "_CRT_SECURE_NO_DEPRECATE", "MULADDC_"
)
- files = self.get_files(include, exclude)
+ files = self.get_included_files(include, exclude)
self.log.debug("Looking for macros in {} files".format(len(files)))
macros = []
@@ -386,7 +417,7 @@
mbed_regex = re.compile(r"\b(MBED.+?|PSA)_[A-Z0-9_]*")
exclusions = re.compile(r"// *no-check-names|#error")
- files = self.get_files(include, exclude)
+ files = self.get_included_files(include, exclude)
self.log.debug(
"Looking for MBED|PSA words in {} files"
.format(len(files))
@@ -419,7 +450,7 @@
Returns a List of Match objects for the findings.
"""
- files = self.get_files(include, exclude)
+ files = self.get_included_files(include, exclude)
self.log.debug("Looking for enum consts in {} files".format(len(files)))
# Emulate a finite state machine to parse enum declarations.
@@ -602,23 +633,34 @@
"""
Parse all lines of a header where a function/enum/struct/union/typedef
identifier is declared, based on some regex and heuristics. Highly
- dependent on formatting style.
+ dependent on formatting style. Identifiers in excluded files are still
+ parsed
Args:
* include: A List of glob expressions to look for files through.
* exclude: A List of glob expressions for excluding files.
- Returns a List of Match objects with identifiers.
+ Returns: a Tuple of two Lists of Match objects with identifiers.
+ * included_identifiers: A List of Match objects with identifiers from
+ included files.
+ * excluded_identifiers: A List of Match objects with identifiers from
+ excluded files.
"""
- files = self.get_files(include, exclude)
- self.log.debug("Looking for identifiers in {} files".format(len(files)))
+ included_files, excluded_files = \
+ self.get_all_files(include, exclude)
- identifiers = []
- for header_file in files:
- self.parse_identifiers_in_file(header_file, identifiers)
+ self.log.debug("Looking for included identifiers in {} files".format \
+ (len(included_files)))
- return identifiers
+ included_identifiers = []
+ excluded_identifiers = []
+ for header_file in included_files:
+ self.parse_identifiers_in_file(header_file, included_identifiers)
+ for header_file in excluded_files:
+ self.parse_identifiers_in_file(header_file, excluded_identifiers)
+
+ return (included_identifiers, excluded_identifiers)
def parse_symbols(self):
"""
@@ -779,10 +821,12 @@
Returns the number of problems that need fixing.
"""
problems = []
+ all_identifiers = self.parse_result["identifiers"] + \
+ self.parse_result["excluded_identifiers"]
for symbol in self.parse_result["symbols"]:
found_symbol_declared = False
- for identifier_match in self.parse_result["identifiers"]:
+ for identifier_match in all_identifiers:
if symbol == identifier_match.name:
found_symbol_declared = True
break
diff --git a/tests/scripts/list_internal_identifiers.py b/tests/scripts/list_internal_identifiers.py
index 779a16f..6b41607 100755
--- a/tests/scripts/list_internal_identifiers.py
+++ b/tests/scripts/list_internal_identifiers.py
@@ -46,7 +46,7 @@
result = name_check.parse_identifiers([
"include/mbedtls/*_internal.h",
"library/*.h"
- ])
+ ])[0]
result.sort(key=lambda x: x.name)
identifiers = ["{}\n".format(match.name) for match in result]
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 29753ff..4c6ee6f 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -284,7 +284,7 @@
}
TEST_EQUAL(test_offset_idx, expected_idx);
- /* Call update with too much data (sizeof entropy > MAX(_SEED)_INPUT).
+ /* Call update with too much data (sizeof(entropy) > MAX(_SEED)_INPUT).
* Make sure it's detected as an error and doesn't cause memory
* corruption. */
TEST_ASSERT(mbedtls_ctr_drbg_update_ret(
diff --git a/tests/suites/test_suite_mdx.function b/tests/suites/test_suite_mdx.function
index 452acf5..5e950a1 100644
--- a/tests/suites/test_suite_mdx.function
+++ b/tests/suites/test_suite_mdx.function
@@ -12,8 +12,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -21,7 +21,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -32,8 +32,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -41,7 +41,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -52,8 +52,8 @@
unsigned char src_str[100];
unsigned char output[16];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -61,7 +61,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
@@ -72,8 +72,8 @@
unsigned char src_str[100];
unsigned char output[20];
- memset(src_str, 0x00, sizeof src_str);
- memset(output, 0x00, sizeof output);
+ memset(src_str, 0x00, sizeof(src_str));
+ memset(output, 0x00, sizeof(output));
strncpy((char *) src_str, text_src_string, sizeof(src_str) - 1);
@@ -81,7 +81,7 @@
TEST_ASSERT(ret == 0);
TEST_ASSERT(mbedtls_test_hexcmp(output, hash->x,
- sizeof output, hash->len) == 0);
+ sizeof(output), hash->len) == 0);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 57e95f0..4f24a46 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -902,7 +902,7 @@
USE_PSA_INIT();
memset(hash, 0x2a, hash_len);
- memset(sig, 0, sizeof sig);
+ memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
@@ -1095,8 +1095,8 @@
return;
}
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
mbedtls_pk_init(&pk);
@@ -1140,11 +1140,11 @@
mbedtls_rsa_init(&raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE);
mbedtls_pk_init(&rsa); mbedtls_pk_init(&alt);
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
- memset(msg, 0x2a, sizeof msg);
- memset(ciph, 0, sizeof ciph);
- memset(test, 0, sizeof test);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
+ memset(msg, 0x2a, sizeof(msg));
+ memset(ciph, 0, sizeof(ciph));
+ memset(test, 0, sizeof(test));
/* Initialize PK RSA context with random key */
TEST_ASSERT(mbedtls_pk_setup(&rsa,
@@ -1172,29 +1172,29 @@
&sig_len, mbedtls_test_rnd_std_rand, NULL)
== MBEDTLS_ERR_PK_BAD_INPUT_DATA);
#endif /* SIZE_MAX > UINT_MAX */
- TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof hash, sig,
+ TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, sizeof(hash), sig,
&sig_len, mbedtls_test_rnd_std_rand, NULL)
== 0);
TEST_ASSERT(sig_len == RSA_KEY_LEN);
TEST_ASSERT(mbedtls_pk_verify(&rsa, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len) == 0);
+ hash, sizeof(hash), sig, sig_len) == 0);
/* Test decrypt */
- TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
+ TEST_ASSERT(mbedtls_pk_encrypt(&rsa, msg, sizeof(msg),
+ ciph, &ciph_len, sizeof(ciph),
mbedtls_test_rnd_std_rand, NULL) == 0);
TEST_ASSERT(mbedtls_pk_decrypt(&alt, ciph, ciph_len,
- test, &test_len, sizeof test,
+ test, &test_len, sizeof(test),
mbedtls_test_rnd_std_rand, NULL) == 0);
- TEST_ASSERT(test_len == sizeof msg);
+ TEST_ASSERT(test_len == sizeof(msg));
TEST_ASSERT(memcmp(test, msg, test_len) == 0);
/* Test forbidden operations */
- TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof msg,
- ciph, &ciph_len, sizeof ciph,
+ TEST_ASSERT(mbedtls_pk_encrypt(&alt, msg, sizeof(msg),
+ ciph, &ciph_len, sizeof(ciph),
mbedtls_test_rnd_std_rand, NULL) == ret);
TEST_ASSERT(mbedtls_pk_verify(&alt, MBEDTLS_MD_NONE,
- hash, sizeof hash, sig, sig_len) == ret);
+ hash, sizeof(hash), sig, sig_len) == ret);
TEST_ASSERT(mbedtls_pk_debug(&alt, dbg_items) == ret);
exit:
@@ -1257,11 +1257,11 @@
TEST_EQUAL(psa_get_key_lifetime(&attributes),
PSA_KEY_LIFETIME_VOLATILE);
- memset(hash, 0x2a, sizeof hash);
- memset(sig, 0, sizeof sig);
+ memset(hash, 0x2a, sizeof(hash));
+ memset(sig, 0, sizeof(sig));
TEST_ASSERT(mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, &sig_len,
+ hash, sizeof(hash), sig, &sig_len,
NULL, NULL) == 0);
/* Export underlying public key for re-importing in a psa context. */
@@ -1282,7 +1282,7 @@
TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, pkey_legacy_start,
klen_legacy) == 0);
TEST_ASSERT(mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256,
- hash, sizeof hash, sig, sig_len) == 0);
+ hash, sizeof(hash), sig, sig_len) == 0);
exit:
/*
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 6004098..1dec18d 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -728,6 +728,7 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
@@ -1041,7 +1042,8 @@
return (max_steps >= 0) ? ret : -1;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif \
+ /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
/*
* Write application data. Increase write counter if necessary.
@@ -1438,7 +1440,9 @@
memset(session->id, 66, session->id_len);
memset(session->master, 17, sizeof(session->master));
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && defined(MBEDTLS_FS_IO)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_FS_IO)
if (strlen(crt_file) != 0) {
mbedtls_x509_crt tmp_crt;
int ret;
@@ -1479,9 +1483,9 @@
mbedtls_x509_crt_free(&tmp_crt);
}
-#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
+#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */
(void) crt_file;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */
session->verify_result = 0xdeadbeef;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -1648,6 +1652,7 @@
}
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
defined(MBEDTLS_ENTROPY_C) && \
defined(MBEDTLS_CTR_DRBG_C)
void perform_handshake(handshake_test_options *options)
@@ -1999,7 +2004,8 @@
}
#endif
}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif \
+ /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
/* END_HEADER */
@@ -3047,7 +3053,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C */
void ssl_set_hostname_twice(char *hostname0, char *hostname1)
{
mbedtls_ssl_context ssl;
@@ -3768,7 +3774,8 @@
TEST_ASSERT(memcmp(original.master,
restored.master, sizeof(original.master)) == 0);
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C)
#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
TEST_ASSERT((original.peer_cert == NULL) ==
(restored.peer_cert == NULL));
@@ -3792,7 +3799,7 @@
original.peer_cert_digest_len) == 0);
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C */
TEST_ASSERT(original.verify_result == restored.verify_result);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -4013,7 +4020,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void mbedtls_endpoint_sanity(int endpoint_type)
{
enum { BUFFSIZE = 1024 };
@@ -4036,7 +4043,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
void move_handshake_to_state(int endpoint_type, int state, int need_pass)
{
enum { BUFFSIZE = 1024 };
@@ -4078,7 +4085,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_version(int dtls, int client_min_version, int client_max_version,
int server_min_version, int server_max_version,
int expected_negotiated_version)
@@ -4108,7 +4115,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls)
{
handshake_test_options options;
@@ -4126,7 +4133,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void handshake_cipher(char *cipher, int pk_alg, int dtls)
{
test_handshake_psk_cipher(cipher, pk_alg, NULL, dtls);
@@ -4136,7 +4143,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void app_data(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments, int dtls)
@@ -4157,7 +4164,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -4169,7 +4176,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void app_data_dtls(int mfl, int cli_msg_len, int srv_msg_len,
int expected_cli_fragments,
int expected_srv_fragments)
@@ -4181,7 +4188,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_serialization()
{
handshake_test_options options;
@@ -4195,7 +4202,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED*/
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED*/
void handshake_fragmentation(int mfl,
int expected_srv_hs_fragmentation,
int expected_cli_hs_fragmentation)
@@ -4231,7 +4238,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void renegotiation(int legacy_renegotiation)
{
handshake_test_options options;
@@ -4247,7 +4254,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls, char *cipher)
{
@@ -4268,7 +4275,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_serialize_mfl(int mfl)
{
test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
@@ -4279,7 +4286,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void resize_buffers_renegotiate_mfl(int mfl, int legacy_renegotiation,
char *cipher)
{
@@ -4290,7 +4297,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 91ac00d..db7c086 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1117,9 +1117,9 @@
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
- ret = mbedtls_snprintf(file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir,
+ ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir,
nb_int + 1);
- TEST_ASSERT(ret > 0 && (size_t) ret < sizeof file_buf);
+ TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf));
TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0);
/* Try to verify that chain */
@@ -1212,13 +1212,13 @@
mbedtls_x509_buf oid;
char num_buf[100];
- memset(num_buf, 0x2a, sizeof num_buf);
+ memset(num_buf, 0x2a, sizeof(num_buf));
oid.tag = MBEDTLS_ASN1_OID;
oid.p = oid_buf->x;
oid.len = oid_buf->len;
- TEST_ASSERT((size_t) blen <= sizeof num_buf);
+ TEST_ASSERT((size_t) blen <= sizeof(num_buf));
TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret);
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index aa8b3cd..4cff30d 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -132,3 +132,6 @@
X509 String to Names #6 (Escape at end)
mbedtls_x509_string_to_names:"C=NL, O=Offspark\":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+Check max serial length
+x509_set_serial_check:
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 2896a52..cb3f6a5 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -425,6 +425,26 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_WRITE_C */
+void x509_set_serial_check()
+{
+ mbedtls_x509write_cert ctx;
+ mbedtls_mpi serial_mpi;
+ uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1];
+
+ memset(invalid_serial, 0x01, sizeof(invalid_serial));
+
+ mbedtls_mpi_init(&serial_mpi);
+ TEST_EQUAL(mbedtls_mpi_read_binary(&serial_mpi, invalid_serial,
+ sizeof(invalid_serial)), 0);
+ TEST_EQUAL(mbedtls_x509write_crt_set_serial(&ctx, &serial_mpi),
+ MBEDTLS_ERR_X509_BAD_INPUT_DATA);
+
+exit:
+ mbedtls_mpi_free(&serial_mpi);
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_X509_CREATE_C:MBEDTLS_X509_USE_C */
void mbedtls_x509_string_to_names(char *name, char *parsed_name, int result
)