From b422cab052b51ec84758638d6783d6ba4fc60613 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 16:18:10 +0800 Subject: [PATCH 01/11] tls: check RNG in ssl_conf_check when calling mbedtls_ssl_setup Signed-off-by: Yanray Wang --- library/ssl_tls.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 6678b7133a..28be8a6fba 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -1355,6 +1355,11 @@ static int ssl_conf_check(const mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */ + if (ssl->conf->f_rng == NULL) { + MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); + return MBEDTLS_ERR_SSL_NO_RNG; + } + /* Space for further checks */ return 0; From f88e529de348c18467c84925298167fedde86844 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 16:39:34 +0800 Subject: [PATCH 02/11] ssl_helpers: make rng_get available for other test cases This is a pre-step to configure random number generator in some TLS tests. Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 4 ++++ tests/src/test_helpers/ssl_helpers.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index d03c62414b..b45e9695f7 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -193,6 +193,10 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ +#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) +int rng_get(void *p_rng, unsigned char *output, size_t output_len); +#endif + /* * This function can be passed to mbedtls to receive output logs from it. In * this case, it will count the instances of a mbedtls_test_ssl_log_pattern diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index d02d305394..549a4ffc66 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -14,7 +14,7 @@ #if defined(MBEDTLS_SSL_TLS_C) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) static int rng_seed = 0xBEEF; -static int rng_get(void *p_rng, unsigned char *output, size_t output_len) +int rng_get(void *p_rng, unsigned char *output, size_t output_len) { (void) p_rng; for (size_t i = 0; i < output_len; i++) { From d6128e9ab94ded4879771cf9e6371ca041713cc5 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 17:08:56 +0800 Subject: [PATCH 03/11] test_suite_ssl.function: configure RNG to address test failure Signed-off-by: Yanray Wang --- tests/suites/test_suite_ssl.function | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 05571a1dc8..050e525a21 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1121,6 +1121,8 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, @@ -2892,6 +2894,7 @@ void conf_version(int endpoint, int transport, mbedtls_ssl_conf_transport(&conf, transport); mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( @@ -2933,6 +2936,8 @@ void conf_curve() mbedtls_ssl_init(&ssl); MD_OR_USE_PSA_INIT(); + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); TEST_ASSERT(ssl.handshake != NULL && ssl.handshake->group_list != NULL); @@ -2964,6 +2969,7 @@ void conf_group() mbedtls_ssl_config conf; mbedtls_ssl_config_init(&conf); + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); @@ -3069,6 +3075,8 @@ void cookie_parsing(data_t *cookie, int exp_ret) mbedtls_ssl_config_init(&conf); USE_PSA_INIT(); + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT), @@ -3122,6 +3130,8 @@ void cid_sanity() mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -3380,6 +3390,8 @@ void ssl_ecjpake_set_password(int use_opaque_arg) mbedtls_ssl_config_init(&conf); + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, From 5b60b424b7a7ecc366c3e8abf59a62d03cb7921a Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 17:20:22 +0800 Subject: [PATCH 04/11] test_suite_debug.function: configure RNG to address test failure Signed-off-by: Yanray Wang --- tests/suites/test_suite_debug.function | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index b9610406bb..c96e305d4f 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -2,6 +2,7 @@ #include "mbedtls/debug.h" #include "string.h" #include "mbedtls/pk.h" +#include struct buffer_data { char buf[2000]; @@ -65,6 +66,8 @@ void debug_print_msg_threshold(int threshold, int level, char *file, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -103,6 +106,8 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -138,6 +143,8 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -175,6 +182,8 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, @@ -214,6 +223,8 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; + mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, From c83186effa97dfb03c373a5fdce45337fe7ec633 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 17:24:48 +0800 Subject: [PATCH 05/11] ssl_client: remove RNG check in `write_client_hello` RNG check is added in ssl_conf_check when calling mbedtls_ssl_setup, so there is no need to check it again. Signed-off-by: Yanray Wang --- library/ssl_client.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/library/ssl_client.c b/library/ssl_client.c index 55fe352fe4..bef7fc0846 100644 --- a/library/ssl_client.c +++ b/library/ssl_client.c @@ -764,11 +764,6 @@ static int ssl_prepare_client_hello(mbedtls_ssl_context *ssl) MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */ - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } - /* Bet on the highest configured version if we are not in a TLS 1.2 * renegotiation or session resumption. */ From 197199f154e9c7fd45c2f7ab1815db6718830a2f Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 17:28:56 +0800 Subject: [PATCH 06/11] tls12 & tls13 server: remove RNG check in `write_server_hello` RNG check is added in ssl_conf_check when calling mbedtls_ssl_setup, so there is no need to check it again. Signed-off-by: Yanray Wang --- library/ssl_tls12_server.c | 5 ----- library/ssl_tls13_server.c | 4 ---- 2 files changed, 9 deletions(-) diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index a07d0fb346..72564ac2fb 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -2177,11 +2177,6 @@ static int ssl_write_server_hello(mbedtls_ssl_context *ssl) } #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY */ - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } - /* * 0 . 0 handshake type * 1 . 3 handshake length diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c index d983a00395..25a182c4ac 100644 --- a/library/ssl_tls13_server.c +++ b/library/ssl_tls13_server.c @@ -1948,10 +1948,6 @@ static int ssl_tls13_prepare_server_hello(mbedtls_ssl_context *ssl) int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char *server_randbytes = ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN; - if (ssl->conf->f_rng == NULL) { - MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided")); - return MBEDTLS_ERR_SSL_NO_RNG; - } if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes, MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) { From a72bc9adf7fb345af59f7137a5389ef0ace67030 Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Fri, 1 Dec 2023 23:34:27 +0800 Subject: [PATCH 07/11] ssl_helpers: remove guard for rng_get() After adding a check in ssl_conf_check(), we have configured RNG via mbedtls_ssl_conf_rng() for TLS tests in both test_suite_ssl.function and test_suite_debug.function. As a result, rng_get() is not only available when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED enabled. Therefore, we remove the guard for rng_get() to make it accessible for TLS tests which have call for mbedtls_ssl_setup(). Signed-off-by: Yanray Wang --- tests/include/test/ssl_helpers.h | 2 -- tests/src/test_helpers/ssl_helpers.c | 5 ++--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index b45e9695f7..9493b69ca7 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -193,9 +193,7 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) int rng_get(void *p_rng, unsigned char *output, size_t output_len); -#endif /* * This function can be passed to mbedtls to receive output logs from it. In diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 549a4ffc66..de76b09935 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -12,8 +12,6 @@ #include "md_psa.h" #if defined(MBEDTLS_SSL_TLS_C) -#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) -static int rng_seed = 0xBEEF; int rng_get(void *p_rng, unsigned char *output, size_t output_len) { (void) p_rng; @@ -23,7 +21,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len) return 0; } -#endif void mbedtls_test_ssl_log_analyzer(void *ctx, int level, const char *file, int line, @@ -46,6 +43,8 @@ void mbedtls_test_init_handshake_options( mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) + int rng_seed = 0xBEEF; + srand(rng_seed); rng_seed += 0xD0; #endif From aad9449146f67ead757a663d27971b1a0f494dcc Mon Sep 17 00:00:00 2001 From: Yanray Wang Date: Mon, 4 Dec 2023 10:42:06 +0800 Subject: [PATCH 08/11] test_suite_debug.function: check return value for _config_defaults Signed-off-by: Yanray Wang --- tests/suites/test_suite_debug.function | 45 ++++++++++++++------------ 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index c96e305d4f..fca7ea0615 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -68,10 +68,11 @@ void debug_print_msg_threshold(int threshold, int level, char *file, mbedtls_ssl_conf_rng(&conf, rng_get, NULL); - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); @@ -108,10 +109,11 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, mbedtls_ssl_conf_rng(&conf, rng_get, NULL); - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); @@ -145,10 +147,11 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, mbedtls_ssl_conf_rng(&conf, rng_get, NULL); - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); @@ -184,10 +187,11 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, mbedtls_ssl_conf_rng(&conf, rng_get, NULL); - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); @@ -225,10 +229,11 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, mbedtls_ssl_conf_rng(&conf, rng_get, NULL); - mbedtls_ssl_config_defaults(&conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT); + TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, + MBEDTLS_SSL_IS_CLIENT, + MBEDTLS_SSL_TRANSPORT_STREAM, + MBEDTLS_SSL_PRESET_DEFAULT), + 0); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); From 10b040fa6f7433849208c66ef29e714869138975 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 5 Feb 2024 09:38:09 +0100 Subject: [PATCH 09/11] tests: ssl_helpers: Rename rng_get to mbedtls_test_random mbedtls_test_ as the prefix for test APIs _random like in mbedtls_ctr/hmac_drbg_random Signed-off-by: Ronald Cron --- tests/include/test/ssl_helpers.h | 7 ++++++- tests/src/test_helpers/ssl_helpers.c | 4 ++-- tests/suites/test_suite_debug.function | 10 +++++----- tests/suites/test_suite_ssl.function | 14 +++++++------- 4 files changed, 20 insertions(+), 15 deletions(-) diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h index 9493b69ca7..f214ce0246 100644 --- a/tests/include/test/ssl_helpers.h +++ b/tests/include/test/ssl_helpers.h @@ -193,7 +193,12 @@ typedef struct mbedtls_test_ssl_endpoint { #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ -int rng_get(void *p_rng, unsigned char *output, size_t output_len); +/* + * Random number generator aimed for TLS unitary tests. Its main purpose is to + * simplify the set-up of a random number generator for TLS + * unitary tests: no need to set up a good entropy source for example. + */ +int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len); /* * This function can be passed to mbedtls to receive output logs from it. In diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index de76b09935..860b0a39f4 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -12,7 +12,7 @@ #include "md_psa.h" #if defined(MBEDTLS_SSL_TLS_C) -int rng_get(void *p_rng, unsigned char *output, size_t output_len) +int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len) { (void) p_rng; for (size_t i = 0; i < output_len; i++) { @@ -754,7 +754,7 @@ int mbedtls_test_ssl_endpoint_init( mbedtls_ssl_init(&(ep->ssl)); mbedtls_ssl_config_init(&(ep->conf)); - mbedtls_ssl_conf_rng(&(ep->conf), rng_get, NULL); + mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL); TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0); diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index fca7ea0615..426d835ceb 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -66,7 +66,7 @@ void debug_print_msg_threshold(int threshold, int level, char *file, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, @@ -107,7 +107,7 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, @@ -145,7 +145,7 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, @@ -185,7 +185,7 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, @@ -227,7 +227,7 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 050e525a21..82b541c620 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1121,7 +1121,7 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, @@ -2894,7 +2894,7 @@ void conf_version(int endpoint, int transport, mbedtls_ssl_conf_transport(&conf, transport); mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version); mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version); - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result); TEST_EQUAL(mbedtls_ssl_conf_get_endpoint( @@ -2936,7 +2936,7 @@ void conf_curve() mbedtls_ssl_init(&ssl); MD_OR_USE_PSA_INIT(); - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -2969,7 +2969,7 @@ void conf_group() mbedtls_ssl_config conf; mbedtls_ssl_config_init(&conf); - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_max_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); mbedtls_ssl_conf_min_tls_version(&conf, MBEDTLS_SSL_VERSION_TLS1_2); @@ -3075,7 +3075,7 @@ void cookie_parsing(data_t *cookie, int exp_ret) mbedtls_ssl_config_init(&conf); USE_PSA_INIT(); - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_DATAGRAM, @@ -3130,7 +3130,7 @@ void cid_sanity() mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, @@ -3390,7 +3390,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg) mbedtls_ssl_config_init(&conf); - mbedtls_ssl_conf_rng(&conf, rng_get, NULL); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, From aab4a546bf1637294b0d3f07d068b6a12d05c497 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Fri, 23 Feb 2024 18:51:11 +0100 Subject: [PATCH 10/11] tests: Set the default conf then customize Set the default conf then customize, not the other way around. Signed-off-by: Ronald Cron --- tests/suites/test_suite_debug.function | 20 +++++--------------- tests/suites/test_suite_ssl.function | 13 +++++-------- 2 files changed, 10 insertions(+), 23 deletions(-) diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 426d835ceb..fd5d1f5269 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -66,14 +66,12 @@ void debug_print_msg_threshold(int threshold, int level, char *file, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -107,14 +105,12 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -145,14 +141,12 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -185,14 +179,12 @@ void mbedtls_debug_print_crt(char *crt_file, char *file, int line, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -227,14 +219,12 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, memset(buffer.buf, 0, 2000); buffer.ptr = buffer.buf; - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); - + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 82b541c620..528897cb45 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -1121,12 +1121,12 @@ void ssl_dtls_replay(data_t *prevs, data_t *new, int ret) mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); + TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); /* Read previous record numbers */ @@ -3075,12 +3075,11 @@ void cookie_parsing(data_t *cookie, int exp_ret) mbedtls_ssl_config_init(&conf); USE_PSA_INIT(); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_DATAGRAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id, @@ -3130,13 +3129,12 @@ void cid_sanity() mbedtls_ssl_config_init(&conf); MD_OR_USE_PSA_INIT(); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - TEST_ASSERT(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT) == 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0); @@ -3390,12 +3388,11 @@ void ssl_ecjpake_set_password(int use_opaque_arg) mbedtls_ssl_config_init(&conf); - mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); - TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT), 0); + mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL); TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0); From 987cf898db9bff52ec13b08a67f85517cab26fd2 Mon Sep 17 00:00:00 2001 From: Ronald Cron Date: Mon, 4 Mar 2024 10:24:27 +0100 Subject: [PATCH 11/11] ssl_helpers: Restore rng_seed incrementation Signed-off-by: Ronald Cron --- tests/src/test_helpers/ssl_helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c index 860b0a39f4..53003b2232 100644 --- a/tests/src/test_helpers/ssl_helpers.c +++ b/tests/src/test_helpers/ssl_helpers.c @@ -43,7 +43,7 @@ void mbedtls_test_init_handshake_options( mbedtls_test_handshake_test_options *opts) { #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) - int rng_seed = 0xBEEF; + static int rng_seed = 0xBEEF; srand(rng_seed); rng_seed += 0xD0;