Merge pull request #6693 from mpg/optimize-with-asan-2.28
[backport 2.28] Optimize with asan
diff --git a/.uncrustify.cfg b/.uncrustify.cfg
new file mode 100644
index 0000000..ac9173e
--- /dev/null
+++ b/.uncrustify.cfg
@@ -0,0 +1,254 @@
+# Configuration options for Uncrustify specifying the Mbed TLS code style.
+#
+# Note: The code style represented by this file has not yet been introduced
+# to Mbed TLS.
+#
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Line length options
+
+# Wrap lines at 100 characters
+code_width = 100
+
+# Allow splitting long for statements between the condition statements
+ls_for_split_full = true
+
+# Allow splitting function calls between arguments
+ls_func_split_full = true
+
+input_tab_size = 4
+
+# Spaces-only indentation
+indent_with_tabs = 0
+
+indent_columns = 4
+
+# Indent 'case' 1 level from 'switch'
+indent_switch_case = indent_columns
+
+# Line-up strings broken by '\'
+indent_align_string = true
+
+# Braces on the same line (Egyptian-style braces)
+nl_enum_brace = remove
+nl_union_brace = remove
+nl_struct_brace = remove
+nl_do_brace = remove
+nl_if_brace = remove
+nl_for_brace = remove
+nl_else_brace = remove
+nl_while_brace = remove
+nl_switch_brace = remove
+
+# Braces on same line as keywords that follow them - 'else' and the 'while' in 'do {} while ()';
+nl_brace_else = remove
+nl_brace_while = remove
+# Space before else on the same line
+sp_brace_else = add
+# If else is on the same line as '{', force exactly 1 space between them
+sp_else_brace = force
+
+# Functions are the exception and have braces on the next line
+nl_fcall_brace = add
+nl_fdef_brace = add
+
+# Force exactly one space between ')' and '{' in statements
+sp_sparen_brace = force
+
+# At least 1 space around assignment
+sp_assign = add
+
+# Remove spaces around the preprocessor '##' token-concatenate
+sp_pp_concat = ignore
+
+# At least 1 space around '||' and '&&'
+sp_bool = add
+
+# But no space after the '!' operator
+sp_not = remove
+
+# No space after the bitwise-not '~' operator
+sp_inv = remove
+
+# No space after the addressof '&' operator
+sp_addr = remove
+
+# No space around the member '.' and '->' operators
+sp_member = remove
+
+# No space after the dereference '*' operator
+sp_deref = remove
+
+# No space after a unary negation '-'
+sp_sign = remove
+
+# No space between the '++'/'--' operator and its operand
+sp_incdec = remove
+
+# At least 1 space around comparison operators
+sp_compare = add
+
+# Remove spaces inside all kinds of parentheses:
+
+# Remove spaces inside parentheses
+sp_inside_paren = remove
+
+# No spaces inside statement parentheses
+sp_inside_sparen = remove
+
+# No spaces inside cast parentheses '( char )x' -> '(char)x'
+sp_inside_paren_cast = remove
+
+# No spaces inside function parentheses
+sp_inside_fparen = remove
+# (The case where the function has no parameters/arguments)
+sp_inside_fparens = remove
+
+# No spaces inside the first parentheses in a function type
+sp_inside_tparen = remove
+
+# (Uncrustify >= 0.74.0) No spaces inside parens in for statements
+sp_inside_for = remove
+
+# Remove spaces between nested parentheses '( (' -> '(('
+sp_paren_paren = remove
+# (Uncrustify >= 0.74.0)
+sp_sparen_paren = remove
+
+# Remove spaces between ')' and adjacent '('
+sp_cparen_oparen = remove
+
+# (Uncrustify >= 0.73.0) space between 'do' and '{'
+sp_do_brace_open = force
+
+# (Uncrustify >= 0.73.0) space between '}' and 'while'
+sp_brace_close_while = force
+
+# At least 1 space before a '*' pointer star
+sp_before_ptr_star = add
+
+# Remove spaces between pointer stars
+sp_between_ptr_star = remove
+
+# No space after a pointer star
+sp_after_ptr_star = remove
+
+# But allow a space in the case of e.g. char * const x;
+sp_after_ptr_star_qualifier = ignore
+
+# Remove space after star in a function return type
+sp_after_ptr_star_func = remove
+
+# At least 1 space after a type in variable definition etc
+sp_after_type = add
+
+# Force exactly 1 space between a statement keyword (e.g. 'if') and an opening parenthesis
+sp_before_sparen = force
+
+# Remove a space before a ';'
+sp_before_semi = remove
+# (Uncrustify >= 0.73.0) Remove space before a semi in a non-empty for
+sp_before_semi_for = remove
+# (Uncrustify >= 0.73.0) Remove space in empty first statement of a for
+sp_before_semi_for_empty = remove
+# (Uncrustify >= 0.74.0) Remove space in empty middle statement of a for
+sp_between_semi_for_empty = remove
+
+# Add a space after a ';' (unless a comment follows)
+sp_after_semi = add
+# (Uncrustify >= 0.73.0) Add a space after a semi in non-empty for statements
+sp_after_semi_for = add
+# (Uncrustify >= 0.73.0) No space after final semi in empty for statements
+sp_after_semi_for_empty = remove
+
+# Remove spaces on the inside of square brackets '[]'
+sp_inside_square = remove
+
+# Must have at least 1 space after a comma
+sp_after_comma = add
+
+# Must not have a space before a comma
+sp_before_comma = remove
+
+# No space before the ':' in a case statement
+sp_before_case_colon = remove
+
+# No space after a cast - '(char) x' -> '(char)x'
+sp_after_cast = remove
+
+# No space between 'sizeof' and '('
+sp_sizeof_paren = remove
+
+# At least 1 space inside '{ }'
+sp_inside_braces = add
+
+# At least 1 space inside '{ }' in an enum
+sp_inside_braces_enum = add
+
+# At least 1 space inside '{ }' in a struct
+sp_inside_braces_struct = add
+
+# At least 1 space between a function return type and the function name
+sp_type_func = add
+
+# No space between a function name and its arguments/parameters
+sp_func_proto_paren = remove
+sp_func_def_paren = remove
+sp_func_call_paren = remove
+
+# No space between '__attribute__' and '('
+sp_attribute_paren = remove
+
+# No space between 'defined' and '(' in preprocessor conditions
+sp_defined_paren = remove
+
+# At least 1 space between a macro's name and its definition
+sp_macro = add
+sp_macro_func = add
+
+# Force exactly 1 space between a '}' and the name of a typedef if on the same line
+sp_brace_typedef = force
+
+# At least 1 space before a '\' line continuation
+sp_before_nl_cont = add
+
+# At least 1 space around '?' and ':' in ternary statements
+sp_cond_colon = add
+sp_cond_question = add
+
+# Space between #else/#endif and comment afterwards
+sp_endif_cmt = add
+
+# Remove newlines at the start of a file
+nl_start_of_file = remove
+
+# At least 1 newline at the end of a file
+nl_end_of_file = add
+nl_end_of_file_min = 1
+
+# Add braces in single-line statements
+mod_full_brace_do = add
+mod_full_brace_for = add
+mod_full_brace_if = add
+mod_full_brace_while = add
+
+# Remove parentheses from return statements
+mod_paren_on_return = remove
+
+# Disable removal of leading spaces in a multi-line comment if the first and
+# last lines are the same length
+cmt_multi_check_last = false
diff --git a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt
index bac4910..c7d2691 100644
--- a/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt
+++ b/ChangeLog.d/fix_build_tls1_2_with_single_encryption_type.txt
@@ -1,4 +1,3 @@
Bugfix
- * Fix bugs and missing dependencies when
- building and testing configurations with
- only one encryption type enabled in TLS 1.2.
+ * Fix bugs and missing dependencies when building and testing
+ configurations with only one encryption type enabled in TLS 1.2.
diff --git a/ChangeLog.d/fix_cmake_using_iar_toolchain.txt b/ChangeLog.d/fix_cmake_using_iar_toolchain.txt
index ecc09c2..9ec6e0d 100644
--- a/ChangeLog.d/fix_cmake_using_iar_toolchain.txt
+++ b/ChangeLog.d/fix_cmake_using_iar_toolchain.txt
@@ -1,3 +1,3 @@
Bugfix
- * Fixed an issue that cause compile error using CMake IAR toolchain.
+ * Fix a compilation error when using CMake with an IAR toolchain.
Fixes #5964.
diff --git a/ChangeLog.d/fix_zeroization.txt b/ChangeLog.d/fix_zeroization.txt
index ad74d9c..8b00dcc 100644
--- a/ChangeLog.d/fix_zeroization.txt
+++ b/ChangeLog.d/fix_zeroization.txt
@@ -1,3 +1,3 @@
Bugfix
- * Fix possible crash in TLS PRF code, if a failure to allocate memory occurs.
- Reported by Michael Madsen in #6516.
+ * Fix a possible null pointer dereference if a memory allocation fails
+ in TLS PRF code. Reported by Michael Madsen in #6516.
diff --git a/doxygen/input/doc_encdec.h b/doxygen/input/doc_encdec.h
index 46fb04f..8c201ed 100644
--- a/doxygen/input/doc_encdec.h
+++ b/doxygen/input/doc_encdec.h
@@ -38,7 +38,7 @@
* All symmetric encryption algorithms are accessible via the generic cipher layer
* (see \c mbedtls_cipher_setup()).
*
- * The asymmetric encryptrion algorithms are accessible via the generic public
+ * The asymmetric encryption algorithms are accessible via the generic public
* key layer (see \c mbedtls_pk_init()).
*
* The following algorithms are provided:
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 0f3aa00..c61db82 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -192,7 +192,7 @@
/** \typedef mbedtls_mpi_sint
* \brief The signed type corresponding to #mbedtls_mpi_uint.
*
- * This is always an signed integer type with no padding bits. The size
+ * This is always a signed integer type with no padding bits. The size
* is platform-dependent.
*/
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 7ae1ff9..f1b00f2 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -28,6 +28,7 @@
#ifndef MBEDTLS_CHECK_CONFIG_H
#define MBEDTLS_CHECK_CONFIG_H
+/* *INDENT-OFF* */
/*
* We assume CHAR_BIT is 8 in many places. In practice, this is true on our
* target platforms, so not an issue, but let's just be extra sure.
@@ -955,4 +956,5 @@
*/
typedef int mbedtls_iso_c_forbids_empty_translation_units;
+/* *INDENT-ON* */
#endif /* MBEDTLS_CHECK_CONFIG_H */
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 6912940..61db793 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2427,7 +2427,7 @@
* MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
*
* \warning ARC4 is considered a weak cipher and its use constitutes a
- * security risk. If possible, we recommend avoidng dependencies on
+ * security risk. If possible, we recommend avoiding dependencies on
* it, and considering stronger ciphers instead.
*
*/
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index eb23305..d27fb54 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -7,7 +7,7 @@
* those definitions to define symbols used in the library code.
*
* Users and integrators should not edit this file, please edit
- * include/mbedtls/config.h for MBETLS_XXX settings or
+ * include/mbedtls/config.h for MBEDTLS_XXX settings or
* include/psa/crypto_config.h for PSA_WANT_XXX settings.
*/
/*
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index c7a8e2f..aecac93 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -624,7 +624,7 @@
* \param ctx Context for the receive callback (typically a file descriptor)
* \param buf Buffer to write the received data to
* \param len Length of the receive buffer
- * \param timeout Maximum nomber of millisecondes to wait for data
+ * \param timeout Maximum number of milliseconds to wait for data
* 0 means no timeout (potentially waiting forever)
*
* \return The callback must return the number of bytes received,
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index e34c500..f8f8c92 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -225,7 +225,7 @@
* operation by comparing the resulting MAC against a provided value
*
* \param[in,out] op_context A hardware-specific structure for the previously
- * started MAC operation to be fiinished
+ * started MAC operation to be finished
* \param[in] p_mac The MAC value against which the resulting MAC
* will be compared against
* \param[in] mac_length The size in bytes of the value stored in `p_mac`
@@ -336,7 +336,7 @@
/** Function that completes a MAC operation with a verify check
*/
psa_drv_se_mac_finish_verify_t p_finish_verify;
- /** Function that aborts a previoustly started MAC operation
+ /** Function that aborts a previously started MAC operation
*/
psa_drv_se_mac_abort_t p_abort;
/** Function that performs a MAC operation in one call
@@ -745,7 +745,7 @@
size_t ciphertext_size,
size_t *p_ciphertext_length);
-/** A function that peforms a secure element authenticated decryption operation
+/** A function that performs a secure element authenticated decryption operation
*
* \param[in,out] drv_context The driver context structure.
* \param[in] key_slot Slot containing the key to use
@@ -1156,7 +1156,7 @@
*
* Different key derivation algorithms require a different number of inputs.
* Instead of having an API that takes as input variable length arrays, which
- * can be problemmatic to manage on embedded platforms, the inputs are passed
+ * can be problematic to manage on embedded platforms, the inputs are passed
* to the driver via a function, `psa_drv_se_key_derivation_collateral`, that
* is called multiple times with different `collateral_id`s. Thus, for a key
* derivation algorithm that required 3 parameter inputs, the flow would look
@@ -1270,7 +1270,7 @@
psa_drv_se_key_derivation_collateral_t p_collateral;
/** Function that performs a final key derivation step */
psa_drv_se_key_derivation_derive_t p_derive;
- /** Function that perforsm a final key derivation or agreement and
+ /** Function that performs a final key derivation or agreement and
* exports the key */
psa_drv_se_key_derivation_export_t p_export;
} psa_drv_se_key_derivation_t;
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 0d45322..a0a5287 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -716,7 +716,7 @@
(PSA_KEY_EXPORT_ASN1_INTEGER_MAX_SIZE(key_bits) + 11)
/* Maximum size of the export encoding of an RSA key pair.
- * Assumes thatthe public exponent is less than 2^32 and that the size
+ * Assumes that the public exponent is less than 2^32 and that the size
* difference between the two primes is at most 1 bit.
*
* RSAPrivateKey ::= SEQUENCE {
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index d8a90a8..679cbc4 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -296,7 +296,7 @@
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
/* Implementation-specific: The Mbed Cryptography library can be built as
- * part of a multi-client service that exposes the PSA Cryptograpy API in each
+ * part of a multi-client service that exposes the PSA Cryptography API in each
* client and encodes the client identity in the key identifier argument of
* functions such as psa_open_key().
*/
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index 8e61f2f..a4b4927 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1330,9 +1330,11 @@
* This is the signature scheme defined by RFC 8017
* (PKCS#1: RSA Cryptography Specifications) under the name
* RSASSA-PSS, with the message generation function MGF1, and with
- * a salt length equal to the length of the hash. The specified
- * hash algorithm is used to hash the input message, to create the
- * salted hash, and for the mask generation.
+ * a salt length equal to the length of the hash, or the largest
+ * possible salt length for the algorithm and key size if that is
+ * smaller than the hash length. The specified hash algorithm is
+ * used to hash the input message, to create the salted hash, and
+ * for the mask generation.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
diff --git a/library/aes.c b/library/aes.c
index daa8b75..74ea267 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1163,7 +1163,7 @@
{
/* We are on the last block in a decrypt operation that has
* leftover bytes, so we need to use the next tweak for this block,
- * and this tweak for the lefover bytes. Save the current tweak for
+ * and this tweak for the leftover bytes. Save the current tweak for
* the leftovers and then update the current tweak for use on this,
* the last full block. */
memcpy( prev_tweak, tweak, sizeof( tweak ) );
diff --git a/library/mps_reader.c b/library/mps_reader.c
index b304db3..0c30a75 100644
--- a/library/mps_reader.c
+++ b/library/mps_reader.c
@@ -530,7 +530,7 @@
* of the accumulator. */
memmove( acc, acc + acc_backup_offset, acc_backup_len );
- /* Copy uncmmitted parts of the current fragment to the
+ /* Copy uncommitted parts of the current fragment to the
* accumulator. */
memcpy( acc + acc_backup_len,
frag + frag_backup_offset, frag_backup_len );
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 10c7d1e..f129733 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5133,7 +5133,7 @@
if( status != PSA_SUCCESS )
return( status );
/* Breaking up a request into smaller chunks is currently not supported
- * for the extrernal RNG interface. */
+ * for the external RNG interface. */
if( output_length != output_size )
return( PSA_ERROR_INSUFFICIENT_ENTROPY );
return( PSA_SUCCESS );
diff --git a/library/psa_crypto_se.h b/library/psa_crypto_se.h
index 7104261..6d965ee 100644
--- a/library/psa_crypto_se.h
+++ b/library/psa_crypto_se.h
@@ -143,7 +143,7 @@
psa_se_drv_table_entry_t *driver,
psa_key_slot_number_t *slot_number );
-/** Destoy a key in a secure element.
+/** Destroy a key in a secure element.
*
* This function calls the relevant driver method to destroy a key
* and updates the driver's persistent data.
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 3475aa4..b40ddb7 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2860,8 +2860,8 @@
}
/*
- * Note: we currently ignore the PKS identity hint, as we only allow one
- * PSK to be provisionned on the client. This could be changed later if
+ * Note: we currently ignore the PSK identity hint, as we only allow one
+ * PSK to be provisioned on the client. This could be changed later if
* someone needs that feature.
*/
*p += len;
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 2af58a4..d7bebe0 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -4032,7 +4032,7 @@
if( hs == NULL )
return( -1 );
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_messsage" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> ssl_load_buffered_message" ) );
if( ssl->state == MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC ||
ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC )
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 0563c0b..8efccce 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1363,10 +1363,6 @@
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
for( i = 0; ciphersuites[i] != 0; i++ )
-#else
- for( i = 0; ciphersuites[i] != 0; i++ )
- for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
-#endif
{
if( p[0] != 0 ||
MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i] )
@@ -1381,6 +1377,24 @@
if( ciphersuite_info != NULL )
goto have_ciphersuite_v2;
}
+#else
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ for( j = 0, p = buf + 6; j < ciph_len; j += 3, p += 3 )
+ {
+ if( p[0] != 0 ||
+ MBEDTLS_GET_UINT16_BE(p, 1) != ciphersuites[i] )
+ continue;
+
+ got_common_suite = 1;
+
+ if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+ &ciphersuite_info ) ) != 0 )
+ return( ret );
+
+ if( ciphersuite_info != NULL )
+ goto have_ciphersuite_v2;
+ }
+#endif
if( got_common_suite )
{
@@ -2233,10 +2247,6 @@
#if defined(MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
for( i = 0; ciphersuites[i] != 0; i++ )
-#else
- for( i = 0; ciphersuites[i] != 0; i++ )
- for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
-#endif
{
if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
continue;
@@ -2250,6 +2260,23 @@
if( ciphersuite_info != NULL )
goto have_ciphersuite;
}
+#else
+ for( i = 0; ciphersuites[i] != 0; i++ )
+ for( j = 0, p = buf + ciph_offset + 2; j < ciph_len; j += 2, p += 2 )
+ {
+ if( MBEDTLS_GET_UINT16_BE(p, 0) != ciphersuites[i] )
+ continue;
+
+ got_common_suite = 1;
+
+ if( ( ret = ssl_ciphersuite_match( ssl, ciphersuites[i],
+ &ciphersuite_info ) ) != 0 )
+ return( ret );
+
+ if( ciphersuite_info != NULL )
+ goto have_ciphersuite;
+ }
+#endif
if( got_common_suite )
{
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dcb87b5..70196a4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -3414,7 +3414,7 @@
sha512.state, sizeof( sha512.state ) );
#endif
/* mbedtls_sha512_finish_ret's output parameter is declared as a
- * 64-byte buffer, but sice we're using SHA-384, we know that the
+ * 64-byte buffer, but since we're using SHA-384, we know that the
* output fits in 48 bytes. This is correct C, but GCC 11.1 warns
* about it.
*/
@@ -4480,7 +4480,7 @@
conf->psk_opaque = MBEDTLS_SVC_KEY_ID_INIT;
}
/* This and the following branch should never
- * be taken simultaenously as we maintain the
+ * be taken simultaneously as we maintain the
* invariant that raw and opaque PSKs are never
* configured simultaneously. As a safeguard,
* though, `else` is omitted here. */
@@ -6344,7 +6344,7 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "There is pending outgoing data" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
- /* Protocol must be DLTS, not TLS */
+ /* Protocol must be DTLS, not TLS */
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Only DTLS is supported" ) );
@@ -6952,7 +6952,7 @@
}
/*
- * Initialze mbedtls_ssl_config
+ * Initialize mbedtls_ssl_config
*/
void mbedtls_ssl_config_init( mbedtls_ssl_config *conf )
{
diff --git a/library/timing.c b/library/timing.c
index 37a9303..6c14a4f 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -262,7 +262,7 @@
Sleep( alarmMs );
mbedtls_timing_alarmed = 1;
/* _endthread will be called implicitly on return
- * That ensures execution of thread funcition's epilogue */
+ * That ensures execution of thread function's epilogue */
}
void mbedtls_set_alarm( int seconds )
diff --git a/library/x509.c b/library/x509.c
index a7ebd25..54c8666 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -189,7 +189,7 @@
*
* RFC 4055 (which defines use of RSASSA-PSS in PKIX) states that the value
* of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
- * option. Enfore this at parsing time.
+ * option. Enforce this at parsing time.
*/
int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 624bff1..b943a8d 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -1,5 +1,5 @@
/*
- * X.509 Certidicate Revocation List (CRL) parsing
+ * X.509 Certificate Revocation List (CRL) parsing
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
index 84f498e..91fddf3 100644
--- a/programs/pkey/dh_genprime.c
+++ b/programs/pkey/dh_genprime.c
@@ -46,7 +46,7 @@
#define USAGE \
"\n usage: dh_genprime param=<>...\n" \
- "\n acceprable parameters:\n" \
+ "\n acceptable parameters:\n" \
" bits=%%d default: 2048\n"
#define DFL_BITS 2048
diff --git a/programs/psa/key_ladder_demo.c b/programs/psa/key_ladder_demo.c
index 5d64349..bc1cd12 100644
--- a/programs/psa/key_ladder_demo.c
+++ b/programs/psa/key_ladder_demo.c
@@ -704,4 +704,6 @@
usage( );
return( EXIT_FAILURE );
}
-#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C && MBEDTLS_AES_C && MBEDTLS_CCM_C && MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */
+#endif /* MBEDTLS_SHA256_C && MBEDTLS_MD_C &&
+ MBEDTLS_AES_C && MBEDTLS_CCM_C &&
+ MBEDTLS_PSA_CRYPTO_C && MBEDTLS_FS_IO */
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 41d4bfe..6b314d8 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -348,6 +348,6 @@
mbedtls_exit( ret );
}
#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_SSL_PROTO_DTLS && MBEDTLS_NET_C &&
- MBEDTLD_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ MBEDTLS_TIMING_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_RSA_C && MBEDTLS_CERTS_C &&
MBEDTLS_PEM_PARSE_C */
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 48970e9..5fcfa0f 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -378,7 +378,7 @@
#if defined(MBEDTLS_TIMING_C)
/* Return elapsed time in milliseconds since the first call */
-static unsigned ellapsed_time( void )
+static unsigned elapsed_time( void )
{
static int initialized = 0;
static struct mbedtls_timing_hr_time hires;
@@ -414,9 +414,9 @@
int ret;
mbedtls_printf( " %05u flush %s: %u bytes, %u datagrams, last %u ms\n",
- ellapsed_time(), buf->description,
+ elapsed_time(), buf->description,
(unsigned) buf->len, buf->num_datagrams,
- ellapsed_time() - buf->packet_lifetime );
+ elapsed_time() - buf->packet_lifetime );
ret = mbedtls_net_send( buf->ctx, buf->data, buf->len );
@@ -428,7 +428,7 @@
static unsigned ctx_buffer_time_remaining( ctx_buffer *buf )
{
- unsigned const cur_time = ellapsed_time();
+ unsigned const cur_time = elapsed_time();
if( buf->num_datagrams == 0 )
return( (unsigned) -1 );
@@ -468,7 +468,7 @@
buf->len += len;
if( ++buf->num_datagrams == 1 )
- buf->packet_lifetime = ellapsed_time();
+ buf->packet_lifetime = elapsed_time();
return( (int) len );
}
@@ -518,10 +518,10 @@
#if defined(MBEDTLS_TIMING_C)
if( why == NULL )
mbedtls_printf( " %05u dispatch %s %s (%u bytes)\n",
- ellapsed_time(), p->way, p->type, p->len );
+ elapsed_time(), p->way, p->type, p->len );
else
mbedtls_printf( " %05u dispatch %s %s (%u bytes): %s\n",
- ellapsed_time(), p->way, p->type, p->len, why );
+ elapsed_time(), p->way, p->type, p->len, why );
#else
if( why == NULL )
mbedtls_printf( " dispatch %s %s (%u bytes)\n",
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 9cd70d4..ab04648 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -358,7 +358,7 @@
if( ( ret = write_certificate_request( &req, opt.output_file,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
- mbedtls_printf( " failed\n ! write_certifcate_request %d", ret );
+ mbedtls_printf( " failed\n ! write_certificate_request %d", ret );
goto exit;
}
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index cdd614a..30e9e0a 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -672,7 +672,7 @@
if( ret != 0 )
{
mbedtls_strerror( ret, buf, 1024 );
- mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints "
+ mbedtls_printf( " failed\n ! x509write_crt_set_basic_constraints "
"returned -0x%04x - %s\n\n", (unsigned int) -ret, buf );
goto exit;
}
diff --git a/scripts/code_style.py b/scripts/code_style.py
new file mode 100755
index 0000000..68cd556
--- /dev/null
+++ b/scripts/code_style.py
@@ -0,0 +1,158 @@
+#!/usr/bin/env python3
+"""Check or fix the code style by running Uncrustify.
+
+Note: The code style enforced by this script is not yet introduced to
+Mbed TLS. At present this script will only be used to prepare for a future
+change of code style.
+"""
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+import argparse
+import io
+import os
+import subprocess
+import sys
+from typing import List
+
+UNCRUSTIFY_SUPPORTED_VERSION = "0.75.1"
+CONFIG_FILE = ".uncrustify.cfg"
+UNCRUSTIFY_EXE = "uncrustify"
+UNCRUSTIFY_ARGS = ["-c", CONFIG_FILE]
+STDOUT_UTF8 = io.TextIOWrapper(sys.stdout.buffer, encoding='utf-8')
+STDERR_UTF8 = io.TextIOWrapper(sys.stderr.buffer, encoding='utf-8')
+
+def print_err(*args):
+ print("Error: ", *args, file=STDERR_UTF8)
+
+def get_src_files() -> List[str]:
+ """
+ Use git ls-files to get a list of the source files
+ """
+ git_ls_files_cmd = ["git", "ls-files",
+ "*.[hc]",
+ "tests/suites/*.function",
+ "scripts/data_files/*.fmt"]
+
+ result = subprocess.run(git_ls_files_cmd, stdout=subprocess.PIPE, \
+ stderr=STDERR_UTF8, check=False)
+
+ if result.returncode != 0:
+ print_err("git ls-files returned: " + str(result.returncode))
+ return []
+ else:
+ src_files = str(result.stdout, "utf-8").split()
+ # Don't correct style for files in 3rdparty/
+ src_files = list(filter( \
+ lambda filename: not filename.startswith("3rdparty/"), \
+ src_files))
+ return src_files
+
+def get_uncrustify_version() -> str:
+ """
+ Get the version string from Uncrustify
+ """
+ result = subprocess.run([UNCRUSTIFY_EXE, "--version"], \
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE, check=False)
+ if result.returncode != 0:
+ print_err("Could not get Uncrustify version:", str(result.stderr, "utf-8"))
+ return ""
+ else:
+ return str(result.stdout, "utf-8")
+
+def check_style_is_correct(src_file_list: List[str]) -> bool:
+ """
+ Check the code style and output a diff for each file whose style is
+ incorrect.
+ """
+ style_correct = True
+ for src_file in src_file_list:
+ uncrustify_cmd = [UNCRUSTIFY_EXE] + UNCRUSTIFY_ARGS + [src_file]
+ subprocess.run(uncrustify_cmd, stdout=subprocess.PIPE, \
+ stderr=subprocess.PIPE, check=False)
+
+ # Uncrustify makes changes to the code and places the result in a new
+ # file with the extension ".uncrustify". To get the changes (if any)
+ # simply diff the 2 files.
+ diff_cmd = ["diff", "-u", src_file, src_file + ".uncrustify"]
+ result = subprocess.run(diff_cmd, stdout=subprocess.PIPE, \
+ stderr=STDERR_UTF8, check=False)
+ if len(result.stdout) > 0:
+ print(src_file + " - Incorrect code style.", file=STDOUT_UTF8)
+ print("File changed - diff:", file=STDOUT_UTF8)
+ print(str(result.stdout, "utf-8"), file=STDOUT_UTF8)
+ style_correct = False
+ else:
+ print(src_file + " - OK.", file=STDOUT_UTF8)
+
+ # Tidy up artifact
+ os.remove(src_file + ".uncrustify")
+
+ return style_correct
+
+def fix_style_single_pass(src_file_list: List[str]) -> None:
+ """
+ Run Uncrustify once over the source files.
+ """
+ code_change_args = UNCRUSTIFY_ARGS + ["--no-backup"]
+ for src_file in src_file_list:
+ uncrustify_cmd = [UNCRUSTIFY_EXE] + code_change_args + [src_file]
+ subprocess.run(uncrustify_cmd, check=False, stdout=STDOUT_UTF8, \
+ stderr=STDERR_UTF8)
+
+def fix_style(src_file_list: List[str]) -> int:
+ """
+ Fix the code style. This takes 2 passes of Uncrustify.
+ """
+ fix_style_single_pass(src_file_list)
+ fix_style_single_pass(src_file_list)
+
+ # Guard against future changes that cause the codebase to require
+ # more passes.
+ if not check_style_is_correct(src_file_list):
+ print("Code style still incorrect after second run of Uncrustify.")
+ return 1
+ else:
+ return 0
+
+def main() -> int:
+ """
+ Main with command line arguments.
+ """
+ uncrustify_version = get_uncrustify_version().strip()
+ if UNCRUSTIFY_SUPPORTED_VERSION not in uncrustify_version:
+ print("Warning: Using unsupported Uncrustify version '" \
+ + uncrustify_version + "' (Note: The only supported version" \
+ "is " + UNCRUSTIFY_SUPPORTED_VERSION + ")", file=STDOUT_UTF8)
+
+ src_files = get_src_files()
+
+ parser = argparse.ArgumentParser()
+ parser.add_argument('-f', '--fix', action='store_true', \
+ help='modify source files to fix the code style')
+
+ args = parser.parse_args()
+
+ if args.fix:
+ # Fix mode
+ return fix_style(src_files)
+ else:
+ # Check mode
+ if check_style_is_correct(src_files):
+ return 0
+ else:
+ return 1
+
+if __name__ == '__main__':
+ sys.exit(main())
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 5dfddb7..bc02627 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -26,6 +26,10 @@
# on non-POSIX platforms.
add_definitions("-D_POSIX_C_SOURCE=200809L")
+# If SKIP_TEST_SUITES is not defined with -D, get it from the environment.
+if((NOT DEFINED SKIP_TEST_SUITES) AND (DEFINED ENV{SKIP_TEST_SUITES}))
+ set(SKIP_TEST_SUITES $ENV{SKIP_TEST_SUITES})
+endif()
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
# but not "test_suite_foobar".
diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h
index af64011..ebd0c6a 100644
--- a/tests/include/test/constant_flow.h
+++ b/tests/include/test/constant_flow.h
@@ -50,6 +50,12 @@
* This file contains two implementations: one based on MemorySanitizer, the
* other on valgrind's memcheck. If none of them is enabled, dummy macros that
* do nothing are defined for convenience.
+ *
+ * \note #TEST_CF_SECRET must be called directly from within a .function file,
+ * not indirectly via a macro defined under tests/include or a function
+ * under tests/src. This is because we only run Valgrind for constant
+ * flow on test suites that have greppable annotations inside them (see
+ * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`).
*/
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index f5622e2..7dc829b 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -189,7 +189,7 @@
*
* Do a key policy permission extension on key usage policies always involves
* permissions of other usage policies
- * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSGAE).
+ * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE).
*/
psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags );
diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h
index e67f515..4306c1a 100644
--- a/tests/include/test/psa_exercise_key.h
+++ b/tests/include/test/psa_exercise_key.h
@@ -81,7 +81,7 @@
#elif defined(MBEDTLS_SHA512_C)
#define KNOWN_MBEDTLS_SUPPORTED_HASH_ALG PSA_ALG_SHA_512
#else
-#undef KNOWN_MBEDLTS_SUPPORTED_HASH_ALG
+#undef KNOWN_MBEDTLS_SUPPORTED_HASH_ALG
#endif
/** \def KNOWN_SUPPORTED_BLOCK_CIPHER
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 6c50bd2..ba37e33 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1556,6 +1556,17 @@
env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
}
+skip_suites_without_constant_flow () {
+ # Skip the test suites that don't have any constant-flow annotations.
+ # This will need to be adjusted if we ever start declaring things as
+ # secret from macros or functions inside tests/include or tests/src.
+ SKIP_TEST_SUITES=$(
+ git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
+ sed 's/test_suite_//; s/\.function$//' |
+ tr '\n' ,)
+ export SKIP_TEST_SUITES
+}
+
component_test_memsan_constant_flow () {
# This tests both (1) accesses to undefined memory, and (2) branches or
# memory access depending on secret values. To distinguish between those:
@@ -1587,12 +1598,13 @@
msg "build: cmake release GCC, full config with constant flow testing"
scripts/config.py full
scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
+ skip_suites_without_constant_flow
cmake -D CMAKE_BUILD_TYPE:String=Release .
make
# this only shows a summary of the results (how many of each type)
# details are left in Testing/<date>/DynamicAnalysis.xml
- msg "test: main suites (valgrind + constant flow)"
+ msg "test: some suites (valgrind + constant flow)"
make memcheck
}
@@ -3190,30 +3202,43 @@
component_test_valgrind () {
msg "build: Release (clang)"
+ # default config, in particular without MBEDTLS_USE_PSA_CRYPTO
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
make
- msg "test: main suites valgrind (Release)"
+ msg "test: main suites, Valgrind (default config)"
make memcheck
# Optional parts (slow; currently broken on OS X because programs don't
# seem to receive signals under valgrind on OS X).
+ # These optional parts don't run on the CI.
if [ "$MEMORY" -gt 0 ]; then
- msg "test: ssl-opt.sh --memcheck (Release)"
+ msg "test: ssl-opt.sh --memcheck (default config)"
tests/ssl-opt.sh --memcheck
fi
if [ "$MEMORY" -gt 1 ]; then
- msg "test: compat.sh --memcheck (Release)"
+ msg "test: compat.sh --memcheck (default config)"
tests/compat.sh --memcheck
fi
if [ "$MEMORY" -gt 0 ]; then
- msg "test: context-info.sh --memcheck (Release)"
+ msg "test: context-info.sh --memcheck (default config)"
tests/context-info.sh --memcheck
fi
}
+component_test_valgrind_psa () {
+ msg "build: Release, full (clang)"
+ # full config, in particular with MBEDTLS_USE_PSA_CRYPTO
+ scripts/config.py full
+ CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
+ make
+
+ msg "test: main suites, Valgrind (full config)"
+ make memcheck
+}
+
support_test_cmake_out_of_source () {
distrib_id=""
distrib_ver=""
@@ -3329,6 +3354,26 @@
[ "$ver_major" -eq 3 ] && [ "$ver_minor" -ge 10 ]
}
+component_test_corrected_code_style () {
+ ./scripts/code_style.py --fix
+
+ msg "build: make, default config (out-of-box), corrected code style"
+ make
+
+ msg "test: main suites make, default config (out-of-box), corrected code style"
+ make test
+
+ # Clean up code-style corrections
+ git checkout -- .
+}
+
+support_test_corrected_code_style() {
+ case $(uncrustify --version) in
+ *0.75.1*) true;;
+ *) false;;
+ esac
+}
+
component_check_python_files () {
msg "Lint: Python scripts"
tests/scripts/check-python-files.sh
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index 56fd5b9..3a90291 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -1,6 +1,6 @@
#!/bin/sh
-# basic-build-tests.sh
+# basic-build-test.sh
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
@@ -36,7 +36,7 @@
#
# This script has been written to be generic and should work on any shell.
#
-# Usage: basic-build-tests.sh
+# Usage: basic-build-test.sh
#
# Abort on errors (and uninitiliased variables)
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index d1e87b5..096da96 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -620,7 +620,7 @@
self.log.info("Compiling...")
symbols = []
- # Back up the config and atomically compile with the full configratuion.
+ # Back up the config and atomically compile with the full configuration.
shutil.copy(
"include/mbedtls/config.h",
"include/mbedtls/config.h.bak"
@@ -879,7 +879,7 @@
parser.add_argument(
"-q", "--quiet",
action="store_true",
- help="hide unnecessary text, explanations, and highlighs"
+ help="hide unnecessary text, explanations, and highlights"
)
args = parser.parse_args()
diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py
index e7d4048..a11dade 100755
--- a/tests/scripts/generate_psa_tests.py
+++ b/tests/scripts/generate_psa_tests.py
@@ -80,7 +80,7 @@
# A temporary hack: at the time of writing, not all dependency symbols
# are implemented yet. Skip test cases for which the dependency symbols are
# not available. Once all dependency symbols are available, this hack must
-# be removed so that a bug in the dependency symbols proprely leads to a test
+# be removed so that a bug in the dependency symbols properly leads to a test
# failure.
def read_implemented_dependencies(filename: str) -> FrozenSet[str]:
return frozenset(symbol
@@ -458,7 +458,7 @@
"""Prepare to generate a key.
* `usage` : The usage flags used for the key.
- * `without_implicit_usage`: Flag to defide to apply the usage extension
+ * `without_implicit_usage`: Flag to define to apply the usage extension
"""
usage_flags = set(usage)
if not without_implicit_usage:
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 777ffcb..fc42390 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -1,7 +1,7 @@
#!/usr/bin/env python3
"""Run the PSA Crypto API compliance test suite.
Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
-then complie and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
+then compile and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests.
Known defects in either the test suite or mbedtls - identified by their test number - are ignored,
while unexpected failures AND successes are reported as errors,
to help keep the list of known defects as up to date as possible.
diff --git a/tests/suites/test_suite_constant_time.data b/tests/suites/test_suite_constant_time.data
new file mode 100644
index 0000000..4504aa4
--- /dev/null
+++ b/tests/suites/test_suite_constant_time.data
@@ -0,0 +1,11 @@
+# these are the numbers we'd get with an empty plaintext and truncated HMAC
+Constant-flow memcpy from offset: small
+ssl_cf_memcpy_offset:0:5:10
+
+# we could get this with 255-bytes plaintext and untruncated SHA-256
+Constant-flow memcpy from offset: medium
+ssl_cf_memcpy_offset:0:255:32
+
+# we could get this with 255-bytes plaintext and untruncated SHA-384
+Constant-flow memcpy from offset: large
+ssl_cf_memcpy_offset:100:339:48
diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function
new file mode 100644
index 0000000..a3673b7
--- /dev/null
+++ b/tests/suites/test_suite_constant_time.function
@@ -0,0 +1,49 @@
+/* BEGIN_HEADER */
+/** \file test_suite_constant_time.function
+ *
+ * Functional testing of functions in the constant_time module.
+ *
+ * The tests are instrumented with #TEST_CF_SECRET and #TEST_CF_PUBLIC
+ * (see tests/include/test/constant_flow.h) so that running the tests
+ * under MSan or Valgrind will detect a non-constant-time implementation.
+ */
+
+#include <mbedtls/constant_time.h>
+#include <constant_time_internal.h>
+#include <constant_time_invasive.h>
+
+#include <test/constant_flow.h>
+/* END_HEADER */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
+void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
+{
+ unsigned char *dst = NULL;
+ unsigned char *src = NULL;
+ size_t src_len = offset_max + len;
+ size_t secret;
+
+ ASSERT_ALLOC( dst, len );
+ ASSERT_ALLOC( src, src_len );
+
+ /* Fill src in a way that we can detect if we copied the right bytes */
+ mbedtls_test_rnd_std_rand( NULL, src, src_len );
+
+ for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
+ {
+ mbedtls_test_set_step( (int) secret );
+
+ TEST_CF_SECRET( &secret, sizeof( secret ) );
+ mbedtls_ct_memcpy_offset( dst, src, secret,
+ offset_min, offset_max, len );
+ TEST_CF_PUBLIC( &secret, sizeof( secret ) );
+ TEST_CF_PUBLIC( dst, len );
+
+ ASSERT_COMPARE( dst, len, src + secret, len );
+ }
+
+exit:
+ mbedtls_free( dst );
+ mbedtls_free( src );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_constant_time_hmac.data b/tests/suites/test_suite_constant_time_hmac.data
new file mode 100644
index 0000000..5339f20
--- /dev/null
+++ b/tests/suites/test_suite_constant_time_hmac.data
@@ -0,0 +1,15 @@
+Constant-flow HMAC: MD5
+depends_on:MBEDTLS_MD5_C
+ssl_cf_hmac:MBEDTLS_MD_MD5
+
+Constant-flow HMAC: SHA1
+depends_on:MBEDTLS_SHA1_C
+ssl_cf_hmac:MBEDTLS_MD_SHA1
+
+Constant-flow HMAC: SHA256
+depends_on:MBEDTLS_SHA256_C
+ssl_cf_hmac:MBEDTLS_MD_SHA256
+
+Constant-flow HMAC: SHA384
+depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
+ssl_cf_hmac:MBEDTLS_MD_SHA384
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
new file mode 100644
index 0000000..c19cde9
--- /dev/null
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -0,0 +1,102 @@
+/* BEGIN_HEADER */
+
+#include <mbedtls/constant_time.h>
+#include <mbedtls/md.h>
+#include <constant_time_internal.h>
+
+#include <test/constant_flow.h>
+/* END_HEADER */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
+void ssl_cf_hmac( int hash )
+{
+ /*
+ * Test the function mbedtls_ct_hmac() against a reference
+ * implementation.
+ */
+ mbedtls_md_context_t ctx, ref_ctx;
+ const mbedtls_md_info_t *md_info;
+ size_t out_len, block_size;
+ size_t min_in_len, in_len, max_in_len, i;
+ /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
+ unsigned char add_data[13];
+ unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
+ unsigned char *data = NULL;
+ unsigned char *out = NULL;
+ unsigned char rec_num = 0;
+
+ mbedtls_md_init( &ctx );
+ mbedtls_md_init( &ref_ctx );
+
+ md_info = mbedtls_md_info_from_type( hash );
+ TEST_ASSERT( md_info != NULL );
+ out_len = mbedtls_md_get_size( md_info );
+ TEST_ASSERT( out_len != 0 );
+ block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
+
+ /* Use allocated out buffer to catch overwrites */
+ ASSERT_ALLOC( out, out_len );
+
+ /* Set up contexts with the given hash and a dummy key */
+ TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
+ TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
+ memset( ref_out, 42, sizeof( ref_out ) );
+ TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
+ TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
+ memset( ref_out, 0, sizeof( ref_out ) );
+
+ /*
+ * Test all possible lengths up to a point. The difference between
+ * max_in_len and min_in_len is at most 255, and make sure they both vary
+ * by at least one block size.
+ */
+ for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
+ {
+ mbedtls_test_set_step( max_in_len * 10000 );
+
+ /* Use allocated in buffer to catch overreads */
+ ASSERT_ALLOC( data, max_in_len );
+
+ min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
+ for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
+ {
+ mbedtls_test_set_step( max_in_len * 10000 + in_len );
+
+ /* Set up dummy data and add_data */
+ rec_num++;
+ memset( add_data, rec_num, sizeof( add_data ) );
+ for( i = 0; i < in_len; i++ )
+ data[i] = ( i & 0xff ) ^ rec_num;
+
+ /* Get the function's result */
+ TEST_CF_SECRET( &in_len, sizeof( in_len ) );
+ TEST_EQUAL( 0, mbedtls_ct_hmac( &ctx, add_data, sizeof( add_data ),
+ data, in_len,
+ min_in_len, max_in_len,
+ out ) );
+ TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
+ TEST_CF_PUBLIC( out, out_len );
+
+ /* Compute the reference result */
+ TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
+ sizeof( add_data ) ) );
+ TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
+ TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
+ TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) );
+
+ /* Compare */
+ ASSERT_COMPARE( out, out_len, ref_out, out_len );
+ }
+
+ mbedtls_free( data );
+ data = NULL;
+ }
+
+exit:
+ mbedtls_md_free( &ref_ctx );
+ mbedtls_md_free( &ctx );
+
+ mbedtls_free( data );
+ mbedtls_free( out );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function
index 9df8a3c..5ef3288 100644
--- a/tests/suites/test_suite_mps.function
+++ b/tests/suites/test_suite_mps.function
@@ -295,7 +295,7 @@
/* This test exercises the behaviour of the MPS reader with accumulator
* in the situation where upon calling mbedtls_mps_reader_reclaim(), the
* uncommitted data together with the excess data missing in the last
- * call to medtls_mps_reader_get() exceeds the bounds of the type
+ * call to mbedtls_mps_reader_get() exceeds the bounds of the type
* holding the buffer length.
*/
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 5636ed4..aad1bf2 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2516,7 +2516,7 @@
sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):"9ac4335b469bbd791439248504dd0d49c71349a295fee5a1c68507f45a9e1c7b":"6a3399f69421ffe1490377adf2ea1f117d81a63cf5bf22e918d51175eb259151ce95d7c26cc04e25503e2f7a1ec3573e3c2412534bb4a19b3a7811742f49f50f"
PSA sign hash: deterministic ECDSA SECP256R1 SHA-384
-depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDLTS_PSA_BUILTIN_ALG_SHA_384
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
sign_hash_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_384 ):"59e1748777448c69de6b800d7a33bbfb9ff1b463e44354c3553bcdb9c666fa90125a3c79f90397bdf5f6a13de828684f":"cd40ba1b555ca5994d30ddffc4ad734b1f5c604675b0f249814aa5de3992ef3ddf4d5dc5d2aab1979ce210b560754df671363d99795475882894c048e3b986ca"
PSA sign hash: deterministic ECDSA SECP384R1 SHA-256
@@ -2784,7 +2784,7 @@
sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256):"616263":"36e5b5a7da1c9c265dc447de3a5a704fcb8c03f7a3749dde48d84c9bf736fc1ed48d8b3660e7d3cbc6b1870730b7ce2a043f69e37ccb340b98d1e65184e03548"
PSA sign message: deterministic ECDSA SECP256R1 SHA-384
-depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDLTS_PSA_BUILTIN_ALG_SHA_384
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
sign_message_deterministic:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263":"7ea712a20e3a8cbe0c6e64195362ba7635bbe78af51ddedd7a5fd858395250c592654c35d3b0614ae0e3b329c25cf5b4a5fcb243af3e3ad15c8446fe401be066"
PSA sign message: deterministic ECDSA SECP384R1 SHA-256
@@ -2904,7 +2904,7 @@
sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_ECDSA(PSA_ALG_SHA_384):"616263"
PSA sign/verify message: deterministic ECDSA SECP256R1 SHA-384
-depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDLTS_PSA_BUILTIN_ALG_SHA_384
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PK_PARSE_C:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_MD_C:MBEDTLS_PSA_BUILTIN_ALG_SHA_384
sign_verify_message:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384):"616263"
PSA sign/verify message: randomized ECDSA SECP384R1 SHA-256
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index d191e01..27d50b2 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -587,14 +587,14 @@
mbedtls_psa_cipher_operation_t mbedtls_operation =
MBEDTLS_PSA_CIPHER_OPERATION_INIT;
- mbedtls_transparent_test_driver_cipher_operation_t tranparent_operation =
+ mbedtls_transparent_test_driver_cipher_operation_t transparent_operation =
MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
operation.ctx.mbedtls_ctx = mbedtls_operation;
- operation.ctx.transparent_test_driver_ctx = tranparent_operation;
+ operation.ctx.transparent_test_driver_ctx = transparent_operation;
operation.ctx.opaque_test_driver_ctx = opaque_operation;
PSA_ASSERT( psa_crypto_init( ) );
@@ -719,14 +719,14 @@
mbedtls_psa_cipher_operation_t mbedtls_operation =
MBEDTLS_PSA_CIPHER_OPERATION_INIT;
- mbedtls_transparent_test_driver_cipher_operation_t tranparent_operation =
+ mbedtls_transparent_test_driver_cipher_operation_t transparent_operation =
MBEDTLS_TRANSPARENT_TEST_DRIVER_CIPHER_OPERATION_INIT;
mbedtls_opaque_test_driver_cipher_operation_t opaque_operation =
MBEDTLS_OPAQUE_TEST_DRIVER_CIPHER_OPERATION_INIT;
operation.ctx.mbedtls_ctx = mbedtls_operation;
- operation.ctx.transparent_test_driver_ctx = tranparent_operation;
+ operation.ctx.transparent_test_driver_ctx = transparent_operation;
operation.ctx.opaque_test_driver_ctx = opaque_operation;
PSA_ASSERT( psa_crypto_init( ) );
diff --git a/tests/suites/test_suite_psa_crypto_generate_key.function b/tests/suites/test_suite_psa_crypto_generate_key.function
index dbe9a0e..6dc6043 100644
--- a/tests/suites/test_suite_psa_crypto_generate_key.function
+++ b/tests/suites/test_suite_psa_crypto_generate_key.function
@@ -18,7 +18,7 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_svc_key_id_t key_id = INVALID_KEY_ID;
- // key lifetiem, usage flags, algorithm are irrelevant for this test
+ // key lifetime, usage flags, algorithm are irrelevant for this test
psa_key_type_t key_type = key_type_arg;
size_t bits = bits_arg;
psa_status_t expected_status = expected_status_arg;
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 9b1c712..c0b76c9 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -10002,34 +10002,6 @@
depends_on:MBEDTLS_SSL_SESSION_TICKETS:MBEDTLS_SSL_CLI_C:MBEDTLS_X509_USE_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_FS_IO
ssl_serialize_session_load_buf_size:1023:"data_files/server5.crt"
-Constant-flow HMAC: MD5
-depends_on:MBEDTLS_MD5_C
-ssl_cf_hmac:MBEDTLS_MD_MD5
-
-Constant-flow HMAC: SHA1
-depends_on:MBEDTLS_SHA1_C
-ssl_cf_hmac:MBEDTLS_MD_SHA1
-
-Constant-flow HMAC: SHA256
-depends_on:MBEDTLS_SHA256_C
-ssl_cf_hmac:MBEDTLS_MD_SHA256
-
-Constant-flow HMAC: SHA384
-depends_on:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-ssl_cf_hmac:MBEDTLS_MD_SHA384
-
-# these are the numbers we'd get with an empty plaintext and truncated HMAC
-Constant-flow memcpy from offset: small
-ssl_cf_memcpy_offset:0:5:10
-
-# we could get this with 255-bytes plaintext and untruncated SHA-256
-Constant-flow memcpy from offset: medium
-ssl_cf_memcpy_offset:0:255:32
-
-# we could get this with 255-bytes plaintext and untruncated SHA-384
-Constant-flow memcpy from offset: large
-ssl_cf_memcpy_offset:100:339:48
-
Raw key agreement: nominal
depends_on:MBEDTLS_SHA256_C
raw_key_agreement_fail:0
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 0da0b15..7575f78 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -446,7 +446,7 @@
* \p peer1 and \p peer2 must have been previously initialized by calling
* mbedtls_mock_socket_init().
*
- * The capacites of the internal buffers are set to \p bufsize. Setting this to
+ * The capacities of the internal buffers are set to \p bufsize. Setting this to
* the correct value allows for simulation of MTU, sanity testing the mock
* implementation and mocking TCP connections with lower memory cost.
*/
@@ -587,7 +587,7 @@
}
/*
- * Setup a given mesasge socket context including initialization of
+ * Setup a given message socket context including initialization of
* input/output queues to a chosen capacity of messages. Also set the
* corresponding mock socket.
*
@@ -4467,133 +4467,6 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
-void ssl_cf_hmac( int hash )
-{
- /*
- * Test the function mbedtls_ct_hmac() against a reference
- * implementation.
- */
- mbedtls_md_context_t ctx, ref_ctx;
- const mbedtls_md_info_t *md_info;
- size_t out_len, block_size;
- size_t min_in_len, in_len, max_in_len, i;
- /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
- unsigned char add_data[13];
- unsigned char ref_out[MBEDTLS_MD_MAX_SIZE];
- unsigned char *data = NULL;
- unsigned char *out = NULL;
- unsigned char rec_num = 0;
-
- mbedtls_md_init( &ctx );
- mbedtls_md_init( &ref_ctx );
-
- md_info = mbedtls_md_info_from_type( hash );
- TEST_ASSERT( md_info != NULL );
- out_len = mbedtls_md_get_size( md_info );
- TEST_ASSERT( out_len != 0 );
- block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
-
- /* Use allocated out buffer to catch overwrites */
- ASSERT_ALLOC( out, out_len );
-
- /* Set up contexts with the given hash and a dummy key */
- TEST_EQUAL( 0, mbedtls_md_setup( &ctx, md_info, 1 ) );
- TEST_EQUAL( 0, mbedtls_md_setup( &ref_ctx, md_info, 1 ) );
- memset( ref_out, 42, sizeof( ref_out ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ctx, ref_out, out_len ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_starts( &ref_ctx, ref_out, out_len ) );
- memset( ref_out, 0, sizeof( ref_out ) );
-
- /*
- * Test all possible lengths up to a point. The difference between
- * max_in_len and min_in_len is at most 255, and make sure they both vary
- * by at least one block size.
- */
- for( max_in_len = 0; max_in_len <= 255 + block_size; max_in_len++ )
- {
- mbedtls_test_set_step( max_in_len * 10000 );
-
- /* Use allocated in buffer to catch overreads */
- ASSERT_ALLOC( data, max_in_len );
-
- min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
- for( in_len = min_in_len; in_len <= max_in_len; in_len++ )
- {
- mbedtls_test_set_step( max_in_len * 10000 + in_len );
-
- /* Set up dummy data and add_data */
- rec_num++;
- memset( add_data, rec_num, sizeof( add_data ) );
- for( i = 0; i < in_len; i++ )
- data[i] = ( i & 0xff ) ^ rec_num;
-
- /* Get the function's result */
- TEST_CF_SECRET( &in_len, sizeof( in_len ) );
- TEST_EQUAL( 0, mbedtls_ct_hmac( &ctx, add_data, sizeof( add_data ),
- data, in_len,
- min_in_len, max_in_len,
- out ) );
- TEST_CF_PUBLIC( &in_len, sizeof( in_len ) );
- TEST_CF_PUBLIC( out, out_len );
-
- /* Compute the reference result */
- TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, add_data,
- sizeof( add_data ) ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_update( &ref_ctx, data, in_len ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_finish( &ref_ctx, ref_out ) );
- TEST_EQUAL( 0, mbedtls_md_hmac_reset( &ref_ctx ) );
-
- /* Compare */
- ASSERT_COMPARE( out, out_len, ref_out, out_len );
- }
-
- mbedtls_free( data );
- data = NULL;
- }
-
-exit:
- mbedtls_md_free( &ref_ctx );
- mbedtls_md_free( &ctx );
-
- mbedtls_free( data );
- mbedtls_free( out );
-}
-/* END_CASE */
-
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
-void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
-{
- unsigned char *dst = NULL;
- unsigned char *src = NULL;
- size_t src_len = offset_max + len;
- size_t secret;
-
- ASSERT_ALLOC( dst, len );
- ASSERT_ALLOC( src, src_len );
-
- /* Fill src in a way that we can detect if we copied the right bytes */
- mbedtls_test_rnd_std_rand( NULL, src, src_len );
-
- for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
- {
- mbedtls_test_set_step( (int) secret );
-
- TEST_CF_SECRET( &secret, sizeof( secret ) );
- mbedtls_ct_memcpy_offset( dst, src, secret,
- offset_min, offset_max, len );
- TEST_CF_PUBLIC( &secret, sizeof( secret ) );
- TEST_CF_PUBLIC( dst, len );
-
- ASSERT_COMPARE( dst, len, src + secret, len );
- }
-
-exit:
- mbedtls_free( dst );
- mbedtls_free( src );
-}
-/* END_CASE */
-
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
void raw_key_agreement_fail( int bad_server_ecdhe_key )
{