lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Merge branch 'development' into sha3

Browse Source 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
This commit is contained in:
Pol Henarejos
2023-02-07 19:55:31 +01:00
parent 39fb1d52d1 a0c806aac1
commit 4e747337ee
703 changed files with 116443 additions and 109523 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
tests/CMakeLists.txt
View File

@ -16,38 +16,44 @@ endif()
# generated .data files will go there
file(MAKE_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/suites)
# Get base names for generated files (starting at "suites/")
# Get base names for generated files
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
--list-for-cmake
--directory suites
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
OUTPUT_VARIABLE
base_bignum_generated_data_files)
string(REGEX REPLACE "[^;]*/" ""
base_bignum_generated_data_files "${base_bignum_generated_data_files}")
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_psa_tests.py
--list-for-cmake
--directory suites
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
OUTPUT_VARIABLE
base_psa_generated_data_files)
string(REGEX REPLACE "[^;]*/" ""
base_psa_generated_data_files "${base_psa_generated_data_files}")
# Derive generated file paths in the build directory
set(base_generated_data_files ${base_bignum_generated_data_files} ${base_psa_generated_data_files})
# Derive generated file paths in the build directory. The generated data
# files go into the suites/ subdirectory.
set(base_generated_data_files
${base_bignum_generated_data_files} ${base_psa_generated_data_files})
string(REGEX REPLACE "([^;]+)" "suites/\\1"
all_generated_data_files "${base_generated_data_files}")
set(bignum_generated_data_files "")
set(psa_generated_data_files "")
foreach(file ${base_bignum_generated_data_files})
list(APPEND bignum_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
list(APPEND bignum_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file})
endforeach()
foreach(file ${base_psa_generated_data_files})
list(APPEND psa_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/${file})
list(APPEND psa_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file})
endforeach()
if(GEN_FILES)
@ -62,8 +68,12 @@ if(GEN_FILES)
--directory ${CMAKE_CURRENT_BINARY_DIR}/suites
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../tests/scripts/generate_bignum_tests.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_common.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_core.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_mod_raw.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/bignum_mod.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_generation.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py
)
add_custom_command(
OUTPUT
@ -80,14 +90,14 @@ if(GEN_FILES)
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/macro_collector.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/psa_storage.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_generation.py
${CMAKE_CURRENT_SOURCE_DIR}/../scripts/mbedtls_dev/test_data_generation.py
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_config.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_values.h
${CMAKE_CURRENT_SOURCE_DIR}/../include/psa/crypto_extra.h
)
else()
foreach(file ${base_generated_data_files})
foreach(file ${all_generated_data_files})
link_to_source(${file})
endforeach()
endif()
@ -98,6 +108,10 @@ endif()
# the risk of a race.
add_custom_target(test_suite_bignum_generated_data DEPENDS ${bignum_generated_data_files})
add_custom_target(test_suite_psa_generated_data DEPENDS ${psa_generated_data_files})
# If SKIP_TEST_SUITES is not defined with -D, get it from the environment.
if((NOT DEFINED SKIP_TEST_SUITES) AND (DEFINED ENV{SKIP_TEST_SUITES}))
set(SKIP_TEST_SUITES $ENV{SKIP_TEST_SUITES})
endif()
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
# but not "test_suite_foobar".
@ -210,9 +224,9 @@ if(MSVC)
endif(MSVC)
file(GLOB test_suites RELATIVE "${CMAKE_CURRENT_SOURCE_DIR}" suites/*.data)
list(APPEND test_suites ${base_generated_data_files})
list(APPEND test_suites ${all_generated_data_files})
# If the generated .data files are present in the source tree, we just added
# them twice, both through GLOB and through ${base_generated_data_files}.
# them twice, both through GLOB and through ${all_generated_data_files}.
list(REMOVE_DUPLICATES test_suites)
list(SORT test_suites)
foreach(test_suite ${test_suites})
@ -229,6 +243,7 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
if(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/seedfile")
link_to_source(seedfile)
endif()
link_to_source(Descriptions.txt)
link_to_source(compat.sh)
link_to_source(context-info.sh)
link_to_source(data_files)

10
tests/Makefile
View File

@ -92,8 +92,12 @@ generated_files: $(GENERATED_FILES)
.SECONDARY: generated_bignum_test_data generated_psa_test_data
$(GENERATED_BIGNUM_DATA_FILES): generated_bignum_test_data
generated_bignum_test_data: scripts/generate_bignum_tests.py
generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_common.py
generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_core.py
generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_mod_raw.py
generated_bignum_test_data: ../scripts/mbedtls_dev/bignum_mod.py
generated_bignum_test_data: ../scripts/mbedtls_dev/test_case.py
generated_bignum_test_data: ../scripts/mbedtls_dev/test_generation.py
generated_bignum_test_data: ../scripts/mbedtls_dev/test_data_generation.py
generated_bignum_test_data:
echo " Gen $(GENERATED_BIGNUM_DATA_FILES)"
$(PYTHON) scripts/generate_bignum_tests.py
@ -104,7 +108,7 @@ generated_psa_test_data: ../scripts/mbedtls_dev/crypto_knowledge.py
generated_psa_test_data: ../scripts/mbedtls_dev/macro_collector.py
generated_psa_test_data: ../scripts/mbedtls_dev/psa_storage.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_case.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_generation.py
generated_psa_test_data: ../scripts/mbedtls_dev/test_data_generation.py
## The generated file only depends on the options that are present in
## crypto_config.h, not on which options are set. To avoid regenerating this
## file all the time when switching between configurations, don't declare
@ -161,6 +165,7 @@ src/drivers/%.o : src/drivers/%.c
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
C_FILES := $(addsuffix .c,$(APPS))
c: $(C_FILES)
# Wildcard target for test code generation:
# A .c file is generated for each .data file in the suites/ directory. Each .c
@ -198,6 +203,7 @@ ifndef WINDOWS
rm -f src/*.o src/drivers/*.o src/libmbed*
rm -f include/test/instrument_record_status.h
rm -rf libtestdriver1
rm -f ../library/libtestdriver1.a
else
if exist *.c del /Q /F *.c
if exist *.exe del /Q /F *.exe

14
tests/compat-in-docker.sh
View File

@ -6,9 +6,13 @@
# -------
# This runs compat.sh in a Docker container.
#
# WARNING: the Dockerfile used by this script is no longer maintained! See
# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start
# for the set of Docker images we use on the CI.
#
# Notes for users
# ---------------
# If OPENSSL_CMD, GNUTLS_CLI, or GNUTLS_SERV are specified the path must
# If OPENSSL, GNUTLS_CLI, or GNUTLS_SERV are specified the path must
# correspond to an executable inside the Docker container. The special
# values "next" (OpenSSL only) and "legacy" are also allowed as shorthand
# for the installations inside the container.
@ -34,9 +38,9 @@
source tests/scripts/docker_env.sh
case "${OPENSSL_CMD:-default}" in
"legacy") export OPENSSL_CMD="/usr/local/openssl-1.0.1j/bin/openssl";;
"next") export OPENSSL_CMD="/usr/local/openssl-1.1.1a/bin/openssl";;
case "${OPENSSL:-default}" in
"legacy") export OPENSSL="/usr/local/openssl-1.0.1j/bin/openssl";;
"next") export OPENSSL="/usr/local/openssl-1.1.1a/bin/openssl";;
*) ;;
esac
@ -57,7 +61,7 @@ run_in_docker \
-e M_SRV \
-e GNUTLS_CLI \
-e GNUTLS_SERV \
-e OPENSSL_CMD \
-e OPENSSL \
-e OSSL_NO_DTLS \
tests/compat.sh \
$@

508
tests/compat.sh
View File

@ -39,10 +39,21 @@ SRVMEM=0
# default commands, can be overridden by the environment
: ${M_SRV:=../programs/ssl/ssl_server2}
: ${M_CLI:=../programs/ssl/ssl_client2}
: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
: ${OPENSSL:=openssl}
: ${GNUTLS_CLI:=gnutls-cli}
: ${GNUTLS_SERV:=gnutls-serv}
# The OPENSSL variable used to be OPENSSL_CMD for historical reasons.
# To help the migration, error out if the old variable is set,
# but only if it has a different value than the new one.
if [ "${OPENSSL_CMD+set}" = set ]; then
# the variable is set, we can now check its value
if [ "$OPENSSL_CMD" != "$OPENSSL" ]; then
echo "Please use OPENSSL instead of OPENSSL_CMD." >&2
exit 125
fi
fi
# do we have a recent enough GnuTLS?
if ( which $GNUTLS_CLI && which $GNUTLS_SERV ) >/dev/null 2>&1; then
G_VER="$( $GNUTLS_CLI --version | head -n1 )"
@ -78,7 +89,7 @@ FILTER=""
# - NULL: excluded from our default config + requires OpenSSL legacy
# - ARIA: requires OpenSSL >= 1.1.1
# - ChachaPoly: requires OpenSSL >= 1.1.0
EXCLUDE='NULL\|ARIA\|CHACHA20-POLY1305'
EXCLUDE='NULL\|ARIA\|CHACHA20_POLY1305'
VERBOSE=""
MEMCHECK=0
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
@ -194,7 +205,7 @@ filter()
check_openssl_server_bug()
{
if test "X$VERIFY" = "XYES" && is_dtls "$MODE" && \
echo "$1" | grep "^TLS-PSK" >/dev/null;
test "$TYPE" = "PSK";
then
SKIP_NEXT="YES"
fi
@ -228,9 +239,14 @@ reset_ciphersuites()
G_CIPHERS=""
}
check_translation()
# translate_ciphers {g|m|o} {STANDARD_CIPHER_SUITE_NAME...}
# Set $ciphers to the cipher suite name translations for the specified
# program (gnutls, mbedtls or openssl). $ciphers is a space-separated
# list of entries of the form "STANDARD_NAME=PROGRAM_NAME".
translate_ciphers()
{
if [ $1 -ne 0 ]; then
ciphers=$(scripts/translate_ciphers.py "$@")
if [ $? -ne 0 ]; then
echo "translate_ciphers.py failed with exit code $1" >&2
echo "$2" >&2
exit 1
@ -247,71 +263,66 @@ add_common_ciphersuites()
"ECDSA")
CIPHERS="$CIPHERS \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA \
TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 \
TLS-ECDHE-ECDSA-WITH-NULL-SHA \
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 \
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 \
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 \
TLS_ECDHE_ECDSA_WITH_NULL_SHA \
"
;;
"RSA")
CIPHERS="$CIPHERS \
TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
TLS-DHE-RSA-WITH-AES-128-CBC-SHA256 \
TLS-DHE-RSA-WITH-AES-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-AES-256-CBC-SHA \
TLS-DHE-RSA-WITH-AES-256-CBC-SHA256 \
TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 \
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA \
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA \
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA \
TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 \
TLS-ECDHE-RSA-WITH-NULL-SHA \
TLS-RSA-WITH-AES-128-CBC-SHA \
TLS-RSA-WITH-AES-128-CBC-SHA256 \
TLS-RSA-WITH-AES-128-GCM-SHA256 \
TLS-RSA-WITH-AES-256-CBC-SHA \
TLS-RSA-WITH-AES-256-CBC-SHA256 \
TLS-RSA-WITH-AES-256-GCM-SHA384 \
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA \
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA \
TLS-RSA-WITH-NULL-MD5 \
TLS-RSA-WITH-NULL-SHA \
TLS-RSA-WITH-NULL-SHA256 \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA \
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 \
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA \
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA \
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_NULL_SHA \
TLS_RSA_WITH_AES_128_CBC_SHA \
TLS_RSA_WITH_AES_128_CBC_SHA256 \
TLS_RSA_WITH_AES_128_GCM_SHA256 \
TLS_RSA_WITH_AES_256_CBC_SHA \
TLS_RSA_WITH_AES_256_CBC_SHA256 \
TLS_RSA_WITH_AES_256_GCM_SHA384 \
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA \
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA \
TLS_RSA_WITH_NULL_MD5 \
TLS_RSA_WITH_NULL_SHA \
TLS_RSA_WITH_NULL_SHA256 \
"
;;
"PSK")
CIPHERS="$CIPHERS \
TLS-PSK-WITH-AES-128-CBC-SHA \
TLS-PSK-WITH-AES-256-CBC-SHA \
TLS_PSK_WITH_AES_128_CBC_SHA \
TLS_PSK_WITH_AES_256_CBC_SHA \
"
;;
esac
O_CIPHERS="$O_CIPHERS $CIPHERS"
G_CIPHERS="$G_CIPHERS $CIPHERS"
M_CIPHERS="$M_CIPHERS $CIPHERS"
T=$(./scripts/translate_ciphers.py g $CIPHERS)
check_translation $? "$T"
G_CIPHERS="$G_CIPHERS $T"
T=$(./scripts/translate_ciphers.py o $CIPHERS)
check_translation $? "$T"
O_CIPHERS="$O_CIPHERS $T"
}
# Ciphersuites usable only with Mbed TLS and OpenSSL
# A list of ciphersuites in the Mbed TLS convention is compiled and
# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list
# is translated to the OpenSSL naming convention and appended to the list of
# OpenSSL ciphersuites $O_CIPHERS.
# A list of ciphersuites in the standard naming convention is appended
# to the list of Mbed TLS ciphersuites $M_CIPHERS and
# to the list of OpenSSL ciphersuites $O_CIPHERS respectively.
# Based on client's naming convention, all ciphersuite names will be
# translated into another naming format before sent to the client.
#
# NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
# so RSA-PSK ciphersuites need to go in other sections, see
@ -326,57 +337,55 @@ add_openssl_ciphersuites()
"ECDSA")
CIPHERS="$CIPHERS \
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA \
TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA \
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
TLS-ECDH-ECDSA-WITH-NULL-SHA \
TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 \
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 \
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 \
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 \
TLS_ECDH_ECDSA_WITH_NULL_SHA \
TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 \
TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 \
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 \
"
;;
"RSA")
CIPHERS="$CIPHERS \
TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
TLS-DHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 \
TLS-RSA-WITH-ARIA-128-GCM-SHA256 \
TLS-RSA-WITH-ARIA-256-GCM-SHA384 \
TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 \
TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 \
TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 \
TLS_RSA_WITH_ARIA_128_GCM_SHA256 \
TLS_RSA_WITH_ARIA_256_GCM_SHA384 \
"
;;
"PSK")
CIPHERS="$CIPHERS \
TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 \
TLS-DHE-PSK-WITH-ARIA-256-GCM-SHA384 \
TLS-DHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
TLS-ECDHE-PSK-WITH-CHACHA20-POLY1305-SHA256 \
TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
TLS-PSK-WITH-CHACHA20-POLY1305-SHA256 \
TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 \
TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 \
TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 \
TLS_PSK_WITH_ARIA_128_GCM_SHA256 \
TLS_PSK_WITH_ARIA_256_GCM_SHA384 \
TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 \
"
;;
esac
O_CIPHERS="$O_CIPHERS $CIPHERS"
M_CIPHERS="$M_CIPHERS $CIPHERS"
T=$(./scripts/translate_ciphers.py o $CIPHERS)
check_translation $? "$T"
O_CIPHERS="$O_CIPHERS $T"
}
# Ciphersuites usable only with Mbed TLS and GnuTLS
# A list of ciphersuites in the Mbed TLS convention is compiled and
# appended to the list of Mbed TLS ciphersuites $M_CIPHERS. The same list
# is translated to the GnuTLS naming convention and appended to the list of
# GnuTLS ciphersuites $G_CIPHERS.
# A list of ciphersuites in the standard naming convention is appended
# to the list of Mbed TLS ciphersuites $M_CIPHERS and
# to the list of GnuTLS ciphersuites $G_CIPHERS respectively.
# Based on client's naming convention, all ciphersuite names will be
# translated into another naming format before sent to the client.
add_gnutls_ciphersuites()
{
CIPHERS=""
@ -384,107 +393,104 @@ add_gnutls_ciphersuites()
"ECDSA")
CIPHERS="$CIPHERS \
TLS-ECDHE-ECDSA-WITH-AES-128-CCM \
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-ECDHE-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS_ECDHE_ECDSA_WITH_AES_128_CCM \
TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 \
TLS_ECDHE_ECDSA_WITH_AES_256_CCM \
TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 \
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
"
;;
"RSA")
CIPHERS="$CIPHERS \
TLS-DHE-RSA-WITH-AES-128-CCM \
TLS-DHE-RSA-WITH-AES-128-CCM-8 \
TLS-DHE-RSA-WITH-AES-256-CCM \
TLS-DHE-RSA-WITH-AES-256-CCM-8 \
TLS-DHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-DHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
TLS-DHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-ECDHE-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDHE-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDHE-RSA-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-ECDHE-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-RSA-WITH-AES-128-CCM \
TLS-RSA-WITH-AES-128-CCM-8 \
TLS-RSA-WITH-AES-256-CCM \
TLS-RSA-WITH-AES-256-CCM-8 \
TLS-RSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-RSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-RSA-WITH-CAMELLIA-256-CBC-SHA256 \
TLS-RSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS_DHE_RSA_WITH_AES_128_CCM \
TLS_DHE_RSA_WITH_AES_128_CCM_8 \
TLS_DHE_RSA_WITH_AES_256_CCM \
TLS_DHE_RSA_WITH_AES_256_CCM_8 \
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 \
TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
TLS_RSA_WITH_AES_128_CCM \
TLS_RSA_WITH_AES_128_CCM_8 \
TLS_RSA_WITH_AES_256_CCM \
TLS_RSA_WITH_AES_256_CCM_8 \
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 \
TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 \
"
;;
"PSK")
CIPHERS="$CIPHERS \
TLS-DHE-PSK-WITH-AES-128-CBC-SHA \
TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \
TLS-DHE-PSK-WITH-AES-128-CCM \
TLS-DHE-PSK-WITH-AES-128-CCM-8 \
TLS-DHE-PSK-WITH-AES-128-GCM-SHA256 \
TLS-DHE-PSK-WITH-AES-256-CBC-SHA \
TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \
TLS-DHE-PSK-WITH-AES-256-CCM \
TLS-DHE-PSK-WITH-AES-256-CCM-8 \
TLS-DHE-PSK-WITH-AES-256-GCM-SHA384 \
TLS-DHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-DHE-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-DHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-DHE-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-DHE-PSK-WITH-NULL-SHA256 \
TLS-DHE-PSK-WITH-NULL-SHA384 \
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA \
TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
TLS-ECDHE-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDHE-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-ECDHE-PSK-WITH-NULL-SHA256 \
TLS-ECDHE-PSK-WITH-NULL-SHA384 \
TLS-PSK-WITH-AES-128-CBC-SHA256 \
TLS-PSK-WITH-AES-128-CCM \
TLS-PSK-WITH-AES-128-CCM-8 \
TLS-PSK-WITH-AES-128-GCM-SHA256 \
TLS-PSK-WITH-AES-256-CBC-SHA384 \
TLS-PSK-WITH-AES-256-CCM \
TLS-PSK-WITH-AES-256-CCM-8 \
TLS-PSK-WITH-AES-256-GCM-SHA384 \
TLS-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-PSK-WITH-NULL-SHA256 \
TLS-PSK-WITH-NULL-SHA384 \
TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
TLS-RSA-PSK-WITH-AES-128-GCM-SHA256 \
TLS-RSA-PSK-WITH-AES-256-CBC-SHA \
TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
TLS-RSA-PSK-WITH-AES-256-GCM-SHA384 \
TLS-RSA-PSK-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-RSA-PSK-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-RSA-PSK-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-RSA-PSK-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-RSA-PSK-WITH-NULL-SHA256 \
TLS-RSA-PSK-WITH-NULL-SHA384 \
TLS_DHE_PSK_WITH_AES_128_CBC_SHA \
TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 \
TLS_DHE_PSK_WITH_AES_128_CCM \
TLS_DHE_PSK_WITH_AES_128_CCM_8 \
TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 \
TLS_DHE_PSK_WITH_AES_256_CBC_SHA \
TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 \
TLS_DHE_PSK_WITH_AES_256_CCM \
TLS_DHE_PSK_WITH_AES_256_CCM_8 \
TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 \
TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 \
TLS_DHE_PSK_WITH_NULL_SHA256 \
TLS_DHE_PSK_WITH_NULL_SHA384 \
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA \
TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 \
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA \
TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 \
TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
TLS_ECDHE_PSK_WITH_NULL_SHA256 \
TLS_ECDHE_PSK_WITH_NULL_SHA384 \
TLS_PSK_WITH_AES_128_CBC_SHA256 \
TLS_PSK_WITH_AES_128_CCM \
TLS_PSK_WITH_AES_128_CCM_8 \
TLS_PSK_WITH_AES_128_GCM_SHA256 \
TLS_PSK_WITH_AES_256_CBC_SHA384 \
TLS_PSK_WITH_AES_256_CCM \
TLS_PSK_WITH_AES_256_CCM_8 \
TLS_PSK_WITH_AES_256_GCM_SHA384 \
TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 \
TLS_PSK_WITH_NULL_SHA256 \
TLS_PSK_WITH_NULL_SHA384 \
TLS_RSA_PSK_WITH_AES_128_CBC_SHA \
TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 \
TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 \
TLS_RSA_PSK_WITH_AES_256_CBC_SHA \
TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 \
TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 \
TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384 \
TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 \
TLS_RSA_PSK_WITH_NULL_SHA256 \
TLS_RSA_PSK_WITH_NULL_SHA384 \
"
;;
esac
G_CIPHERS="$G_CIPHERS $CIPHERS"
M_CIPHERS="$M_CIPHERS $CIPHERS"
T=$(./scripts/translate_ciphers.py g $CIPHERS)
check_translation $? "$T"
G_CIPHERS="$G_CIPHERS $T"
}
# Ciphersuites usable only with Mbed TLS (not currently supported by another
# peer usable in this script). This provide only very rudimentaty testing, as
# peer usable in this script). This provides only very rudimentaty testing, as
# this is not interop testing, but it's better than nothing.
add_mbedtls_ciphersuites()
{
@ -492,48 +498,48 @@ add_mbedtls_ciphersuites()
"ECDSA")
M_CIPHERS="$M_CIPHERS \
TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256 \
TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384 \
TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384 \
TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384 \
TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 \
TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 \
TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 \
TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 \
TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 \
TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 \
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 \
TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 \
TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 \
TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 \
"
;;
"RSA")
M_CIPHERS="$M_CIPHERS \
TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
TLS-RSA-WITH-ARIA-128-CBC-SHA256 \
TLS-RSA-WITH-ARIA-256-CBC-SHA384 \
TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 \
TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 \
TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 \
TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 \
TLS_RSA_WITH_ARIA_128_CBC_SHA256 \
TLS_RSA_WITH_ARIA_256_CBC_SHA384 \
"
;;
"PSK")
# *PSK-NULL-SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
# *PSK_NULL_SHA suites supported by GnuTLS 3.3.5 but not 3.2.15
M_CIPHERS="$M_CIPHERS \
TLS-DHE-PSK-WITH-ARIA-128-CBC-SHA256 \
TLS-DHE-PSK-WITH-ARIA-256-CBC-SHA384 \
TLS-DHE-PSK-WITH-NULL-SHA \
TLS-ECDHE-PSK-WITH-ARIA-128-CBC-SHA256 \
TLS-ECDHE-PSK-WITH-ARIA-256-CBC-SHA384 \
TLS-ECDHE-PSK-WITH-NULL-SHA \
TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
TLS-PSK-WITH-NULL-SHA \
TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
TLS-RSA-PSK-WITH-CHACHA20-POLY1305-SHA256 \
TLS-RSA-PSK-WITH-NULL-SHA \
TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 \
TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 \
TLS_DHE_PSK_WITH_NULL_SHA \
TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 \
TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 \
TLS_ECDHE_PSK_WITH_NULL_SHA \
TLS_PSK_WITH_ARIA_128_CBC_SHA256 \
TLS_PSK_WITH_ARIA_256_CBC_SHA384 \
TLS_PSK_WITH_NULL_SHA \
TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 \
TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 \
TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 \
TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 \
TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 \
TLS_RSA_PSK_WITH_NULL_SHA \
"
;;
esac
@ -577,7 +583,7 @@ setup_arguments()
# Mbed TLS wants >=1024, so force that for older versions. Don't force
# it for newer versions, which reject a 1024-bit prime. Indifferently
# force it or not for intermediate versions.
case $($OPENSSL_CMD version) in
case $($OPENSSL version) in
"OpenSSL 1.0"*)
O_SERVER_ARGS="$O_SERVER_ARGS -dhparam data_files/dhparams.pem"
;;
@ -595,6 +601,20 @@ setup_arguments()
G_CLIENT_ARGS="-p $PORT --debug 3 $G_MODE"
G_CLIENT_PRIO="NONE:$G_PRIO_MODE:+COMP-NULL:+CURVE-ALL:+SIGN-ALL"
# Newer versions of OpenSSL have a syntax to enable all "ciphers", even
# low-security ones. This covers not just cipher suites but also protocol
# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
# a way to discover it from -help, so check the openssl version.
case $($OPENSSL version) in
"OpenSSL 0"*|"OpenSSL 1.0"*) :;;
*)
O_CLIENT_ARGS="$O_CLIENT_ARGS -cipher ALL@SECLEVEL=0"
O_SERVER_ARGS="$O_SERVER_ARGS -cipher ALL@SECLEVEL=0"
;;
esac
if [ "X$VERIFY" = "XYES" ];
then
M_SERVER_ARGS="$M_SERVER_ARGS ca_file=data_files/test-ca_cat12.crt auth_mode=required"
@ -659,7 +679,11 @@ setup_arguments()
# is_mbedtls <cmd_line>
is_mbedtls() {
echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
case $1 in
*ssl_client2*) true;;
*ssl_server2*) true;;
*) false;;
esac
}
# has_mem_err <log_file_name>
@ -706,7 +730,7 @@ fi
start_server() {
case $1 in
[Oo]pen*)
SERVER_CMD="$OPENSSL_CMD s_server $O_SERVER_ARGS"
SERVER_CMD="$OPENSSL s_server $O_SERVER_ARGS"
;;
[Gg]nu*)
SERVER_CMD="$GNUTLS_SERV $G_SERVER_ARGS --priority $G_SERVER_PRIO"
@ -728,15 +752,17 @@ start_server() {
echo "$SERVER_CMD" > $SRV_OUT
# for servers without -www or equivalent
while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 &
PROCESS_ID=$!
SRV_PID=$!
wait_server_start "$PORT" "$PROCESS_ID"
wait_server_start "$PORT" "$SRV_PID"
}
# terminate the running server
stop_server() {
kill $PROCESS_ID 2>/dev/null
wait $PROCESS_ID 2>/dev/null
# For Ubuntu 22.04, `Terminated` message is outputed by wait command.
# To remove it from stdout, redirect stdout/stderr to SRV_OUT
kill $SRV_PID >/dev/null 2>&1
wait $SRV_PID >> $SRV_OUT 2>&1
if [ "$MEMCHECK" -gt 0 ]; then
if is_mbedtls "$SERVER_CMD" && has_mem_err $SRV_OUT; then
@ -752,7 +778,7 @@ stop_server() {
# kill the running server (used when killed by signal)
cleanup() {
rm -f $SRV_OUT $CLI_OUT
kill $PROCESS_ID >/dev/null 2>&1
kill $SRV_PID >/dev/null 2>&1
kill $WATCHDOG_PID >/dev/null 2>&1
exit 1
}
@ -765,25 +791,25 @@ wait_client_done() {
( sleep "$DOG_DELAY"; echo "TIMEOUT" >> $CLI_OUT; kill $CLI_PID ) &
WATCHDOG_PID=$!
wait $CLI_PID
# For Ubuntu 22.04, `Terminated` message is outputed by wait command.
# To remove it from stdout, redirect stdout/stderr to CLI_OUT
wait $CLI_PID >> $CLI_OUT 2>&1
EXIT=$?
kill $WATCHDOG_PID
wait $WATCHDOG_PID
kill $WATCHDOG_PID >/dev/null 2>&1
wait $WATCHDOG_PID >> $CLI_OUT 2>&1
echo "EXIT: $EXIT" >> $CLI_OUT
}
# run_client <name> <cipher>
# run_client PROGRAM_NAME STANDARD_CIPHER_SUITE PROGRAM_CIPHER_SUITE
run_client() {
# announce what we're going to do
TESTS=$(( $TESTS + 1 ))
VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
TITLE="${1%"${1#?}"}->${SERVER_NAME%"${SERVER_NAME#?}"}"
TITLE="$TITLE $MODE,$VERIF $2"
printf "%s " "$TITLE"
LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
DOTS72="........................................................................"
printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72"
# should we skip?
if [ "X$SKIP_NEXT" = "XYES" ]; then
@ -796,7 +822,7 @@ run_client() {
# run the command and interpret result
case $1 in
[Oo]pen*)
CLIENT_CMD="$OPENSSL_CMD s_client $O_CLIENT_ARGS -cipher $2"
CLIENT_CMD="$OPENSSL s_client $O_CLIENT_ARGS -cipher $3"
log "$CLIENT_CMD"
echo "$CLIENT_CMD" > $CLI_OUT
printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
@ -821,7 +847,7 @@ run_client() {
else
G_HOST="localhost"
fi
CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$2 $G_HOST"
CLIENT_CMD="$GNUTLS_CLI $G_CLIENT_ARGS --priority $G_PRIO_MODE:$3 $G_HOST"
log "$CLIENT_CMD"
echo "$CLIENT_CMD" > $CLI_OUT
printf 'GET HTTP/1.0\r\n\r\n' | $CLIENT_CMD >> $CLI_OUT 2>&1 &
@ -843,7 +869,7 @@ run_client() {
;;
mbed*)
CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$2"
CLIENT_CMD="$M_CLI $M_CLIENT_ARGS force_ciphersuite=$3"
if [ "$MEMCHECK" -gt 0 ]; then
CLIENT_CMD="valgrind --leak-check=full $CLIENT_CMD"
fi
@ -931,8 +957,8 @@ if [ ! -x "$M_CLI" ]; then
fi
if echo "$PEERS" | grep -i openssl > /dev/null; then
if which "$OPENSSL_CMD" >/dev/null 2>&1; then :; else
echo "Command '$OPENSSL_CMD' not found" >&2
if which "$OPENSSL" >/dev/null 2>&1; then :; else
echo "Command '$OPENSSL' not found" >&2
exit 1
fi
fi
@ -976,6 +1002,7 @@ SKIP_NEXT="NO"
trap cleanup INT TERM HUP
for VERIFY in $VERIFIES; do
VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
for MODE in $MODES; do
for TYPE in $TYPES; do
for PEER in $PEERS; do
@ -995,7 +1022,7 @@ for VERIFY in $VERIFIES; do
# help isn't accurate as of 1.0.2g: it supports DTLS 1.2
# but doesn't list it. But the s_server help seems to be
# accurate.)
if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
if ! $OPENSSL s_server -help 2>&1 | grep -q "^ *-$O_MODE "; then
continue;
fi
@ -1006,17 +1033,19 @@ for VERIFY in $VERIFIES; do
if [ "X" != "X$M_CIPHERS" ]; then
start_server "OpenSSL"
for i in $M_CIPHERS; do
check_openssl_server_bug $i
run_client mbedTLS $i
translate_ciphers m $M_CIPHERS
for i in $ciphers; do
check_openssl_server_bug
run_client mbedTLS ${i%%=*} ${i#*=}
done
stop_server
fi
if [ "X" != "X$O_CIPHERS" ]; then
start_server "mbedTLS"
for i in $O_CIPHERS; do
run_client OpenSSL $i
translate_ciphers o $O_CIPHERS
for i in $ciphers; do
run_client OpenSSL ${i%%=*} ${i#*=}
done
stop_server
fi
@ -1032,16 +1061,18 @@ for VERIFY in $VERIFIES; do
if [ "X" != "X$M_CIPHERS" ]; then
start_server "GnuTLS"
for i in $M_CIPHERS; do
run_client mbedTLS $i
translate_ciphers m $M_CIPHERS
for i in $ciphers; do
run_client mbedTLS ${i%%=*} ${i#*=}
done
stop_server
fi
if [ "X" != "X$G_CIPHERS" ]; then
start_server "mbedTLS"
for i in $G_CIPHERS; do
run_client GnuTLS $i
translate_ciphers g $G_CIPHERS
for i in $ciphers; do
run_client GnuTLS ${i%%=*} ${i#*=}
done
stop_server
fi
@ -1059,8 +1090,9 @@ for VERIFY in $VERIFIES; do
if [ "X" != "X$M_CIPHERS" ]; then
start_server "mbedTLS"
for i in $M_CIPHERS; do
run_client mbedTLS $i
translate_ciphers m $M_CIPHERS
for i in $ciphers; do
run_client mbedTLS ${i%%=*} ${i#*=}
done
stop_server
fi
@ -1081,8 +1113,7 @@ done
echo "------------------------------------------------------------------------"
if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ];
then
if [ $FAILED -ne 0 -o $SRVMEM -ne 0 ]; then
printf "FAILED"
else
printf "PASSED"
@ -1098,4 +1129,9 @@ PASSED=$(( $TESTS - $FAILED ))
echo " ($PASSED / $TESTS tests ($SKIPPED skipped$MEMREPORT))"
FAILED=$(( $FAILED + $SRVMEM ))
if [ $FAILED -gt 255 ]; then
# Clamp at 255 as caller gets exit code & 0xFF
# (so 256 would be 0, or success, etc)
FAILED=255
fi
exit $FAILED

9
tests/configs/config-wrapper-malloc-0-null.h
View File

@ -23,11 +23,12 @@
#include <stdlib.h>
#ifndef MBEDTLS_PLATFORM_STD_CALLOC
static inline void *custom_calloc( size_t nmemb, size_t size )
static inline void *custom_calloc(size_t nmemb, size_t size)
{
if( nmemb == 0 || size == 0 )
return( NULL );
return( calloc( nmemb, size ) );
if (nmemb == 0 || size == 0) {
return NULL;
}
return calloc(nmemb, size);
}
#define MBEDTLS_PLATFORM_MEMORY

7
tests/configs/tls13-only.h
View File

@ -22,9 +22,11 @@
* limitations under the License.
*/
/* Enable TLS 1.3 and core 1.3 features */
#define MBEDTLS_SSL_PROTO_TLS1_3
#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
/* Disable TLS 1.2 and 1.2-specific features */
#undef MBEDTLS_SSL_ENCRYPT_THEN_MAC
#undef MBEDTLS_SSL_EXTENDED_MASTER_SECRET
#undef MBEDTLS_SSL_PROTO_TLS1_2
@ -32,3 +34,8 @@
#undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
#undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
#undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID
#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
/* Enable some invasive tests */
#define MBEDTLS_TEST_HOOKS

168
tests/data_files/Makefile
View File

@ -93,6 +93,53 @@ cert_example_multi.csr: rsa_pkcs1_1024_clear.pem
cert_example_multi.crt: cert_example_multi.csr
$(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
test_csr_v3_keyUsage.csr.der: rsa_pkcs1_1024_clear.pem
$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_keyUsage
test_csr_v3_subjectAltName.csr.der: rsa_pkcs1_1024_clear.pem
$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_subjectAltName
test_csr_v3_nsCertType.csr.der: rsa_pkcs1_1024_clear.pem
$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_nsCertType
test_csr_v3_all.csr.der: rsa_pkcs1_1024_clear.pem
$(OPENSSL) req -new -subj '/CN=etcd' -config $(test_ca_config_file) -key rsa_pkcs1_1024_clear.pem -outform DER -out $@ -reqexts csr_ext_v3_all
test_csr_v3_all_malformed_extensions_sequence_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/300B0603551D0F040403/200B0603551D0F040403/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_extension_id_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/0603551D0F0404030201/0703551D0F0404030201/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_extension_data_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/050403020102302F0603/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_extension_data_len1.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040503020102302F0603/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_extension_data_len2.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/040403020102302F0603/040303020102302F0603/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/03020102302F0603551D/04020102302F0603551D/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/3026A02406082B060105/4026A02406082B060105/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/03020780300D06092A86/04020780300D06092A86/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_duplicated_extension.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551D0F/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_extension_type_oid.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/551D11/551DFF/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_attributes_sequence_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/406006092A864886F70D/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_attributes_id_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/06092A864886F70D0109/07092A864886F70D0109/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_attributes_extension_request.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/2A864886F70D01090E/2A864886F70D01090F/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/31533051300B0603551D/32533051300B0603551D/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3151300B0603551D0F04/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_attributes_len1.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/306106092A864886F70D/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_attributes_len2.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/306006092A864886F70D/305906092A864886F70D/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3052300B0603551D0F04/" | xxd -r -p ) > $@
test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der: test_csr_v3_all.csr.der
(hexdump -ve '1/1 "%.2X"' $< | sed "s/3051300B0603551D0F04/3050300B0603551D0F04/" | xxd -r -p ) > $@
$(test_ca_key_file_rsa_alt):test-ca.opensslconf
$(OPENSSL) genrsa -out $@ 2048
test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
@ -276,8 +323,11 @@ all_final += server5-ss-forgeca.crt
server5-othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
server5-nonprintable_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
server5-unsupported_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupported_othername_san -days 3650 -sha256 -key $< -out $@
server5-fan.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS FAN" -set_serial 77 -config $(test_ca_config_file) -extensions fan_cert -days 3650 -sha256 -key server5.key -out $@
@ -881,6 +931,11 @@ server1.req.sha256: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA256
all_final += server1.req.sha256
server1.req.sha256.ext: server1.key
# Generating this with OpenSSL as a comparison point to test we're getting the same result
openssl req -new -out $@ -key $< -subj '/C=NL/O=PolarSSL/CN=PolarSSL Server 1' -sha256 -addext "extendedKeyUsage=serverAuth"
all_final += server1.req.sha256.ext
server1.req.sha384: server1.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA384
all_final += server1.req.sha384
@ -964,6 +1019,15 @@ test_ca_server1_config_file = test-ca.server1.opensslconf
server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
server1.long_serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
echo "112233445566778899aabbccddeeff0011223344" > test-ca.server1.tmp.serial
$(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
server1.80serial.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
echo "8011223344" > test-ca.server1.tmp.serial
$(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
server1.long_serial_FF.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
echo "ffffffffffffffffffffffffffffffff" > test-ca.server1.tmp.serial
$(OPENSSL) ca -in server1.req.sha256 -key PolarSSLTest -config test-ca.server1.test_serial.opensslconf -notext -batch -out $@
server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
server1.crt.der: server1.crt
@ -1131,6 +1195,108 @@ ecdsa_secp521r1.crt: ecdsa_secp521r1.csr
all_final += ecdsa_secp521r1.crt ecdsa_secp521r1.key
tls13_certs: ecdsa_secp521r1.crt ecdsa_secp521r1.key
# PKCS7 test data
pkcs7_test_cert_1 = pkcs7-rsa-sha256-1.crt
pkcs7_test_cert_2 = pkcs7-rsa-sha256-2.crt
pkcs7_test_file = pkcs7_data.bin
$(pkcs7_test_file):
echo -e "Hello\xd" > $@
all_final += $(pkcs7_test_file)
pkcs7_data_1.bin:
echo -e "2\xd" > $@
all_final += pkcs7_data_1.bin
# Generate signing cert
pkcs7-rsa-sha256-1.crt:
$(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 1" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-1.key -out pkcs7-rsa-sha256-1.crt
cat pkcs7-rsa-sha256-1.crt pkcs7-rsa-sha256-1.key > pkcs7-rsa-sha256-1.pem
all_final += pkcs7-rsa-sha256-1.crt
pkcs7-rsa-sha256-2.crt:
$(OPENSSL) req -x509 -subj="/C=NL/O=PKCS7/CN=PKCS7 Cert 2" -sha256 -nodes -days 365 -newkey rsa:2048 -keyout pkcs7-rsa-sha256-2.key -out pkcs7-rsa-sha256-2.crt
cat pkcs7-rsa-sha256-2.crt pkcs7-rsa-sha256-2.key > pkcs7-rsa-sha256-2.pem
all_final += pkcs7-rsa-sha256-2.crt
# Convert signing certs to DER for testing PEM-free builds
pkcs7-rsa-sha256-1.der: $(pkcs7_test_cert_1)
$(OPENSSL) x509 -in pkcs7-rsa-sha256-1.crt -out $@ -outform DER
all_final += pkcs7-rsa-sha256-1.der
pkcs7-rsa-sha256-2.der: $(pkcs7_test_cert_2)
$(OPENSSL) x509 -in pkcs7-rsa-sha256-2.crt -out $@ -outform DER
all_final += pkcs7-rsa-sha256-2.der
# pkcs7 signature file with CERT
pkcs7_data_cert_signed_sha256.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@
all_final += pkcs7_data_cert_signed_sha256.der
# pkcs7 signature file with CERT and sha1
pkcs7_data_cert_signed_sha1.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha1 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@
all_final += pkcs7_data_cert_signed_sha1.der
# pkcs7 signature file with CERT and sha512
pkcs7_data_cert_signed_sha512.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha512 -signer pkcs7-rsa-sha256-1.pem -noattr -outform DER -out $@
all_final += pkcs7_data_cert_signed_sha512.der
# pkcs7 signature file without CERT
pkcs7_data_without_cert_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -nocerts -noattr -outform DER -out $@
all_final += pkcs7_data_without_cert_signed.der
# pkcs7 signature file with multiple signers
pkcs7_data_multiple_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2)
$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -nocerts -noattr -outform DER -out $@
all_final += pkcs7_data_multiple_signed.der
# pkcs7 signature file with multiple certificates
pkcs7_data_multiple_certs_signed.der: $(pkcs7_test_file) $(pkcs7_test_cert_1) $(pkcs7_test_cert_2)
$(OPENSSL) smime -sign -binary -in pkcs7_data.bin -out $@ -md sha256 -signer pkcs7-rsa-sha256-1.pem -signer pkcs7-rsa-sha256-2.pem -noattr -outform DER -out $@
all_final += pkcs7_data_multiple_certs_signed.der
# pkcs7 signature file with corrupted CERT
pkcs7_data_signed_badcert.der: pkcs7_data_cert_signed_sha256.der
cp pkcs7_data_cert_signed_sha256.der $@
echo -en '\xa1' | dd of=$@ bs=1 seek=547 conv=notrunc
all_final += pkcs7_data_signed_badcert.der
# pkcs7 signature file with corrupted signer info
pkcs7_data_signed_badsigner.der: pkcs7_data_cert_signed_sha256.der
cp pkcs7_data_cert_signed_sha256.der $@
echo -en '\xa1' | dd of=$@ bs=1 seek=918 conv=notrunc
all_final += pkcs7_data_signed_badsigner.der
# pkcs7 file with version 2
pkcs7_data_cert_signed_v2.der: pkcs7_data_cert_signed_sha256.der
cp pkcs7_data_cert_signed_sha256.der $@
echo -en '\x02' | dd of=$@ bs=1 seek=25 conv=notrunc
all_final += pkcs7_data_cert_signed_v2.der
pkcs7_data_cert_encrypted.der: $(pkcs7_test_file) $(pkcs7_test_cert_1)
$(OPENSSL) smime -encrypt -aes256 -in pkcs7_data.bin -binary -outform DER -out $@ pkcs7-rsa-sha256-1.crt
all_final += pkcs7_data_cert_encrypted.der
## Negative tests
# For some interesting sizes, what happens if we make them off-by-one?
pkcs7_signerInfo_issuer_invalid_size.der: pkcs7_data_cert_signed_sha256.der
cp $< $@
echo -en '\x35' | dd of=$@ seek=919 bs=1 conv=notrunc
all_final += pkcs7_signerInfo_issuer_invalid_size.der
pkcs7_signerInfo_serial_invalid_size.der: pkcs7_data_cert_signed_sha256.der
cp $< $@
echo -en '\x15' | dd of=$@ seek=973 bs=1 conv=notrunc
all_final += pkcs7_signerInfo_serial_invalid_size.der
# pkcs7 signature file just with signed data
pkcs7_data_cert_signeddata_sha256.der: pkcs7_data_cert_signed_sha256.der
dd if=pkcs7_data_cert_signed_sha256.der of=$@ skip=19 bs=1
all_final += pkcs7_data_cert_signeddata_sha256.der
################################################################
#### Diffie-Hellman parameters
################################################################

BIN
tests/data_files/dh.optlen.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/lms_hash-sigs_sha256_m32_h5_lmots_sha256_n32_w8_aux Normal file
View File

Binary file not shown.

BIN
tests/data_files/lms_hash-sigs_sha256_m32_h5_lmots_sha256_n32_w8_prv Normal file
View File

Binary file not shown.

BIN
tests/data_files/lms_hash-sigs_sha256_m32_h5_lmots_sha256_n32_w8_pub Normal file
View File

Binary file not shown.

BIN
tests/data_files/lms_hsslms_sha256_m32_h5_lmots_sha256_n32_w8_prv Normal file
View File

Binary file not shown.

BIN
tests/data_files/lms_pyhsslms_sha256_m32_h5_lmots_sha256_n32_w8_prv Normal file
View File

Binary file not shown.

BIN
tests/data_files/lms_pyhsslms_sha256_m32_h5_lmots_sha256_n32_w8_pub Normal file
View File

Binary file not shown.

20
tests/data_files/pkcs7-rsa-sha256-1.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N
Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4
3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j
9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra
xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7
y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC
AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY
MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8
wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8
1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51
1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9
SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H
EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM=
-----END CERTIFICATE-----

BIN
tests/data_files/pkcs7-rsa-sha256-1.der Normal file
View File

Binary file not shown.

28
tests/data_files/pkcs7-rsa-sha256-1.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0
ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz
FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN
q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX
HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ
qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY
lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu
+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv
eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL
aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8
EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI
Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/
20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe
LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE
9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs
SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX
Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U
eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq
VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq
t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ
NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd
moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv
qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc
4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB
rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4
LrS/V2yBrDJVczQQM4psonLF
-----END PRIVATE KEY-----

48
tests/data_files/pkcs7-rsa-sha256-1.pem Normal file
View File

@ -0,0 +1,48 @@
-----BEGIN CERTIFICATE-----
MIIDSTCCAjGgAwIBAgIUe97d0kRM0c3+XEGoECyJt98ubL8wDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
NyBDZXJ0IDEwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMi2z2mJnNHw67TKZFwF5w4N
Lv7dzGHQicvVFaOaNXm5I0O2HsdQBg+07TeHYzJADkJfHTdsfnXClzMU7fS7MMj4
3QO5/P+VWiRdSRN61uYAVsrBlVKoZdUhhxh8wELJxJ4+OpwXpTS0U82rwMsRO09j
9bMXS57pkCsZENEUlqJ5p0Mmrc/uEL/Z5+uvuzd76bY5WRZdE91XURccra08HTra
xovIAR1htUz2AXi+NoOaiayRq0GePKN9a6iB0lUYxNtovKb3yDYC9pmoaxf7Hnc7
y+dLuTpJslGuhkKLV0Dhhoux1vq54ocS6Y7DGa2Pyk1zAQxLCcS4BFiWHnzwg1MC
AwEAAaNTMFEwHQYDVR0OBBYEFIru5ZR8xnxd1RWnbip+zTHuUv3IMB8GA1UdIwQY
MBaAFIru5ZR8xnxd1RWnbip+zTHuUv3IMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAIIda5jNRX3r0rCBrKJ+vs1Pk6zIKEQ7Oeq/+p+k6eRUO0b8
wx4rW0gXeQPeppaaxKLMZXBlA5DxsI1DpML5dcfti/M1bHIYOAISRRqPEd5GVTy8
1ltCVN249mg06yHdoqjzO1geFIRVesoblO6JMd3xYDe3pxcTIakZNq/Cf/zjld51
1fcMuLWu4F/1BwiNZa8eQ5Zs1Cy+b3+s+NrgVd2CIrFpZSFyP4EkUXhZXJha6Rf9
SzmYdz4al7e9EAhURvQlm8wJpFSSkoLBuJtx7Vh6d14KPUU2NB9F2ulp6AbJb+/H
EGd3bAK6IhIrkZmxTAwowESHUJBwuX890tbZcnM=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDIts9piZzR8Ou0
ymRcBecODS7+3cxh0InL1RWjmjV5uSNDth7HUAYPtO03h2MyQA5CXx03bH51wpcz
FO30uzDI+N0Dufz/lVokXUkTetbmAFbKwZVSqGXVIYcYfMBCycSePjqcF6U0tFPN
q8DLETtPY/WzF0ue6ZArGRDRFJaieadDJq3P7hC/2efrr7s3e+m2OVkWXRPdV1EX
HK2tPB062saLyAEdYbVM9gF4vjaDmomskatBnjyjfWuogdJVGMTbaLym98g2AvaZ
qGsX+x53O8vnS7k6SbJRroZCi1dA4YaLsdb6ueKHEumOwxmtj8pNcwEMSwnEuARY
lh588INTAgMBAAECggEBAIg+P1B+TurbRMQ11iX5A7wwCsSKPh/vdHneLJAfL0lu
+JcP2piko1iqEZPt3NHRVVyMP8LNbJH3Ardz74p+PkFNXIkZCLlc4hFpGR+V9KWv
eTqsaPXwxR8FYTSoCcHMQCDCUPp/um6qMXCcs4OkMMRVMATfPT+jf28h1p52AUJL
aAoBJfn7gP3WiB0FWq0bRZgSZzNYowE/MhGAQ+DuBGTSASSK3YJcxE94044fBVE8
EqYKrxoY/x56li5cZ0v9kaURCrvhqCeq2+U5kIkgtvp2l6wF0Mm1du3BLxo2LQEI
Y2j+6BFEV74Mtv48GTwrZcyit787zyo9vVGcviSD5VECgYEA/mgLc5KfF/cQLmM/
20T4k0edvktkRIJHFUBphowt5Hb0a0wM5C1VM4z3yN3b9ikQK+ZaQXETdPATBXIe
LntX1D1xtbMxdcAfd1FSq8QxAuaPknJZBgtzlpCsx3ZvMnNuzKZN/TU8kR1biwPE
9HaeEG3bouUu+CI/l/DqrBbQRacCgYEAyfiqsLWGhXQ7e3pLk47PDYlMOsjDWPjs
SGcatH1/lIMWyZue4W2IUcFMbpbjA6QWibo3VnOavIRSTn97JNUWYvgc5MmaQ7iX
Iss4m3vJ1LIqx30iUgw3EfDoWdpufEEYssZ/VxJPs3sdmZGALgd3CaqxHJuhuS+U
eVhWzD6LonUCgYBRCbt8GRxsedrBrAPPSO0VnR52W3WZDRavglEa9tQ3jlzVQOhq
VrZpMWJMrb8/bl0kXsApUGeuPDsS5QMQM2IKzXfHNUlwBL8BNvpqlJg4IFFjiOEq
t8MeFv+ymdtZ6sNElUUKf0bHwt5CLfUzGgXHnfb0sKSBjgdL0wYtwyacyQKBgQDJ
NcyG4zEy/srLhtiIFnu8Fo40+hFzL/nlX6JBMc3KHJa1Hy43krF+ET6d5gAffndd
moDKxbzgFksRHPuHhCobSucuHpJq6RjYdvDcJYS7OwxXVRi9+KFcZE52RaBQdWGv
qQTvr7RrMDoa5dN3B8TVgpGT2JBTN02JXjKKo7zkiQKBgCZwKDiXl7qsGidvlFZc
4CEtFsCgnNgdRTzsTL/Pr8q9CBK3BhjZjNzQALF1iGFDC1FdFYFOwI1E3j+MRHJB
rQMF8zbmmlZ6SC5QtqatCSCCKUyrUjD5J+4UfJqWFjiBBdwz+5VJojHw1yijEwl4
LrS/V2yBrDJVczQQM4psonLF
-----END PRIVATE KEY-----

20
tests/data_files/pkcs7-rsa-sha256-2.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65
lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y
c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B
g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89
KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj
j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC
AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY
MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka
q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+
ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB
xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS
IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+
gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U=
-----END CERTIFICATE-----

BIN
tests/data_files/pkcs7-rsa-sha256-2.der Normal file
View File

Binary file not shown.

28
tests/data_files/pkcs7-rsa-sha256-2.key Normal file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of
5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5
ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2
IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK
OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp
eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX
oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM
NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7
73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD
w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T
i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB
qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9
ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH
slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo
in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D
NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w
+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95
0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG
+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ
FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI
xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9
1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3
kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa
uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO
0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ
Qn6c/zyvMKSyrCVxo5pTd5Il
-----END PRIVATE KEY-----

48
tests/data_files/pkcs7-rsa-sha256-2.pem Normal file
View File

@ -0,0 +1,48 @@
-----BEGIN CERTIFICATE-----
MIIDSTCCAjGgAwIBAgIUVk1VQCWvWZ4ycHmycg7wDfN8+3wwDQYJKoZIhvcNAQEL
BQAwNDELMAkGA1UEBhMCTkwxDjAMBgNVBAoMBVBLQ1M3MRUwEwYDVQQDDAxQS0NT
NyBDZXJ0IDIwHhcNMjIxMDI4MTYxMDU2WhcNMjMxMDI4MTYxMDU2WjA0MQswCQYD
VQQGEwJOTDEOMAwGA1UECgwFUEtDUzcxFTATBgNVBAMMDFBLQ1M3IENlcnQgMjCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMmVNZZ0/qcT+h/lVNO+gP65
lERTTudQ15h8QTLjaKhx5SSTLnuUhD0jLbR+ng8PMqdJ8ePkZEh1+7mi9MHzID4Y
c47jH8M+Jc/JdBr6cSjbFd23QHESUjKKmV1IjSHc6Llbxe962z4gEXYjJAMkfr6B
g1iecK3AlnEI4F0BsQfC5dgA4Qce2okvcTuhYgvHtLZ+UN4ca50Kw0o4u5FYdl89
KDCE4zNp8MaaxGC83xcM4A9XqjHyZ7a2wvACTlmLQ2q/E+RN/8THEel4Y+yv82Uj
j2LqqEaA06dvSdOPdaGz9jUZauqBw7TcuGGVzrrsZ0g/sHXKng9TppehAV/HrJUC
AwEAAaNTMFEwHQYDVR0OBBYEFI5FVrtfLwPXRERcyVX6qBVvfoduMB8GA1UdIwQY
MBaAFI5FVrtfLwPXRERcyVX6qBVvfoduMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBAKRl0wgREe6eAduJSV5fs+Ec0s2qs2lHQqt/0JGEIbZBBtka
q1UH9CIMMAd6Kb0kh5GlJT2shg/EAYWoitMwntkeRYTln2k2/B5jux+U5Ph4HyC+
ad2GqmsoXWDru79rltT7Pv1hS1ofJyQ4Jv88vQA/SuIIRGdTC24VAVgg00JxvDRB
xeqsQ9Pld4ebg4VvqsInnSpmKCcxfWxFhJk/Ax8bK/tV/GnrPiwsvry1j9nZyebS
IyI01/6DwJS2ZhFnsLGyPHFOAFNtomjIdQ6gf2L1wq0qiGOKj/K9IzFNCpCz82a+
gMgqFzCT5TCZC16kUG2NA2pXAx9O4uppKjRk97U=
-----END CERTIFICATE-----
-----BEGIN PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDJlTWWdP6nE/of
5VTTvoD+uZREU07nUNeYfEEy42ioceUkky57lIQ9Iy20fp4PDzKnSfHj5GRIdfu5
ovTB8yA+GHOO4x/DPiXPyXQa+nEo2xXdt0BxElIyipldSI0h3Oi5W8Xvets+IBF2
IyQDJH6+gYNYnnCtwJZxCOBdAbEHwuXYAOEHHtqJL3E7oWILx7S2flDeHGudCsNK
OLuRWHZfPSgwhOMzafDGmsRgvN8XDOAPV6ox8me2tsLwAk5Zi0NqvxPkTf/ExxHp
eGPsr/NlI49i6qhGgNOnb0nTj3Whs/Y1GWrqgcO03Lhhlc667GdIP7B1yp4PU6aX
oQFfx6yVAgMBAAECggEBAMVHm3w134qQCHfyroPTqtaftDTx+wRyn6yB3iT5XdGM
NZ8H07Pp80kKBo7gY7uFOiNyQKKxQFuR69sPWc3+LI3YzC8IpGslhUfHdjN46gn7
73hfAVgnf/4qmlEq0cRUOAY/hIUMjUhNhglB9tqEeu3iPjMaTFgfZJwW/czH/QMD
w4zj5XoLgwRkqVvUceu/dBgV8KP5DpON+q8wpfWtjunv7rg5Nc3BVBrpb5SadJ7T
i5TsS+pZQyp+mTvyCI3A1hkr2Vw5tULWO8SPhuEQkdtC/CL+luCUO7L16lU6KhFB
qP5Fduik5skyLCVvAMUkjKcrC22k0gkhOHvfmMhjaAECgYEA68+hAQIiV9ErZGk9
ZLu+VJHBSPmEQCkUcbviwzoRo8YSyka12TZERy+NJcvmD9deNgFbp8GyZf01XJWH
slSYt6LyInrJrTpv+3q2Vl5GQp0f+39i7MHnwGGKbWsDbSAm+L9yKTJzYJz1O5fo
in06AiyyGPwnXd1cm5bTXVX+dQECgYEA2tdi6DXF8awE23pv4HphPBhXS5hmYP/D
NC7CtP8wQsxjPdiIxkBFFVEaFCC2njq1VhTyJb5noJM4kOIwcoaQ/zgyyxQa0u7w
+CqvAh1WwG+sT/B7vivrtDmmYeyGQapFo5DRIz+MflKAhzDhtnEyT9vLuCdn8J95
0YvxZJ9+k5UCgYEAh+e7SER9nJUt6AoLWyIlGMKEXlWIFh5W7RG3KIMwJW6D59aG
+fAfu9M5Cx6PsnOSlZeExpOJCOS9O2Xmti2xcqzT1nFkCJWUcqCPtAlTfxLlmuIZ
FpDOy36r9FHnwJ32OAjGd93ex0DOyZDMcfyoURaHcoTo/10UAYwUt0dXhwECgYAI
xad2TWmA1XdgYNkJM36gTQ16v0IjUz084z70yGHj25OC0CIzaDIct6KG+gS39Px9
1dsa/jXjLuOOkzKD9LbtNBB9KXIl0GQiXnujZw+qKQ/MKISdS99n2wO7WyLKkQu3
kb+AXTTBf4cdZC04BfORVesll5bIA2x7pNNpSCdnvQKBgG7VXYcPlIV7iAyi2xFa
uN1jccu/AK7xA0G1jz2SHNlpet74LmWR8XsTujJeo8WG1IRFxSky4h/pAP0XWIFO
0LPK7eeDtnFq6y1/DXpI+/9BWX5T/8+4Yk93p37YrBVWKfd21dhrAklQs11m3rlQ
Qn6c/zyvMKSyrCVxo5pTd5Il
-----END PRIVATE KEY-----

1
tests/data_files/pkcs7_data.bin Normal file
View File

@ -0,0 +1 @@
Hello

1
tests/data_files/pkcs7_data_1.bin Normal file
View File

@ -0,0 +1 @@
2

BIN
tests/data_files/pkcs7_data_cert_encrypted.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_cert_signed_sha1.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_cert_signed_sha256.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_cert_signed_sha512.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_cert_signed_v2.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_cert_signeddata_sha256.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_multiple_certs_signed.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_multiple_signed.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_signed_badcert.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_signed_badsigner.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_data_without_cert_signed.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_get_signers_info_set-leak-fuzz_pkcs7-4541044530479104.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_get_signers_info_set-missing_free-fuzz_pkcs7-6213931373035520.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_signerInfo_issuer_invalid_size.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/pkcs7_signerInfo_serial_invalid_size.der Normal file
View File

Binary file not shown.

20
tests/data_files/server1.80serial.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDRDCCAiygAwIBAgIGAIARIjNEMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYT
Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
QTAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDwxCzAJBgNVBAYTAk5M
MREwDwYDVQQKDAhQb2xhclNTTDEaMBgGA1UEAwwRUG9sYXJTU0wgU2VydmVyIDEw
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAh89QGrVVVOL/TbugmUu
FWFeib+46EWQ2+6IFlLT8UNQR5YSWWSHa/0r4Eb5c77dz5LhkVvtZqBviSl5RYDQ
g2rVQUN3Xzl8CQRHgrBXOXDto+wVGR6oMwhHwQVCqf1Mw7Tf3QYfTRBRQGdzEw9A
+G2BJV8KsVPGMH4VOaz5Wu5/kp6mBVvnE5eFtSOS2dQkBtUJJYl1B92mGo8/CRm+
rWUsZOuVm9z+QV4XptpsW2nMAroULBYknErczdD3Umdz8S2gI/1+9DHKLXDKiQsE
2y6mT3Buns69WIniU1meblqSZeKIPwyUGaPd5eidlRPtKdurcBLcWsprF6tSglSx
AgMBAAGjTTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1D
WQKmMB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
BQUAA4IBAQBJKeTUCctb/wCxBte2AIiaTfATzukTVtGhKkdy3cY6U2DVSXc+s+jr
Kut8AYnjp1T6bho98RHbbk+hu+0gBWL2ysJd1+slLBUEotUMTkzgA1YdBXy9J/eM
HJ2a0ydFll/m2rXx7RRJWSbcgPZxQLDfollnNVfhcb75O3GsT3YfEIsjLmon7NHr
rJmTp773trg0cNJ6j5dKMA/2SQH5PL1cmcFgNfVZ+etNRIhwpIQYySWJ/468Mcg5
ZKPY6nubIIj+HPB3Mhy8d9U3gAJvc9iEdzbKjrkJdVROONsyMYge4vnbjyKUr7/m
ZN1O6pZy9Fvgbdhvx4ZHpfgEsa1qfLCH
-----END CERTIFICATE-----

20
tests/data_files/server1.key_ext_usage.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDVzCCAj+gAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
o2UwYzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAWBgNVHSUBAf8EDDAKBggr
BgEFBQcDATANBgkqhkiG9w0BAQUFAAOCAQEAegtCN4EObE69RjW1hKUEQ/InrIsf
poKIgJCh3sck+FYKjcsMhRPBztnZaqjvkLnmCcq0Yv7uUDThHsNuu+NbeVr4flZL
gUoSSdHXYrJ8qDYez6oGoxttoZ33sqD3LQfzWZhDoTyjGUHTiWaA6KidCsWzkhKY
aNXF7O8dHO7k06I2UWt7SKbBm1dPj8OM4285kkQ7KCpG27ABtHePkp9aG66O/ktD
GbZs0AaYpeVnB9v1vSp6xInDCWydDFbmEE0mzAQr285UU07QEpnU1W/2qZHfLxnQ
GiDpR5pxoKXkskj2VuHPZPqbIkv9v2+bjeyXHDRSL7Rj087xhD5uXKb9fw==
-----END CERTIFICATE-----

21
tests/data_files/server1.key_ext_usages.crt Normal file
View File

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDYTCCAkmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
o28wbTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAgBgNVHSUBAf8EFjAUBggr
BgEFBQcDAwYIKwYBBQUHAwgwDQYJKoZIhvcNAQEFBQADggEBADIT9M10vT5yzMSR
GaaImXjyTRIBK683Vxnq5jqAJ75KzNUC52aiCOfd9/hAMkq3Pj+r6tIsH+jsl5PL
E4iv8GVDlbjA57icTD30XbolL4YPUvZYclxVopfRhTiDa5KJ1lYkUwWAE/Glj66Q
WO7Hihl+GYXap2e7dBZ7hGHdv6J1gRfA1OW6iB23Wl4xb0Y1CGc16yJZwuFbtbwM
w8z8a0XNd2UQTYesYlIvVpVcx2atgkbZwehPWGNCLGngz60fultj7JdLuUHi+r0z
DtjbSPsHDZDAer6ZxjaA4hkcnppacFttC+deD8bQ8+2JjHF6Gb/MBnaYIbOZOBgC
8CPIBjk=
-----END CERTIFICATE-----

20
tests/data_files/server1.long_serial.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDUjCCAjqgAwIBAgIUESIzRFVmd4iZqrvM3e7/ABEiM0QwDQYJKoZIhvcNAQEF
BQAwOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQ
b2xhclNTTCBUZXN0IENBMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0NDQwNlow
PDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRowGAYDVQQDDBFQb2xh
clNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkC
Hz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3P
kuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzD
tN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG
1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3Px
LaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p
26twEtxaymsXq1KCVLECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TW
PynBdHRFOwUSLD2ovUNZAqYwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH
/f8wDQYJKoZIhvcNAQEFBQADggEBAC9qt4BC8zKb5o00ZVtTX0XYKWchHKYSrHk2
r+zfW8pRcSaTGRTtMGkF7vozFrCX4Pr4vCKXOYFKQ/UEpWv5WzW7nB0+Ja0g4gnc
9bLtg51n+IIG93ITGDm5+9YpsX6HsXSBpfY0vo9TwKg3bG1X26WG8j6m+V684hwV
yveRUIrSvvgVJOBSe5rhn/pLmcpbI0nkPBGlqPd10qWc0RYSrSAa3bq/dpoqR7hY
BGbbV1/9IgFhr2r44R17bhqevK3VhK4KOPRT5VMXjTh1iG4L13lIxBIuu+Lw0Pc0
s+gQTGntA/sZkijC7mw0/q3nsRDKhHHXTDf2gjdUhMvFwYzmKBI=
-----END CERTIFICATE-----

20
tests/data_files/server1.long_serial_FF.crt Normal file
View File

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDTzCCAjegAwIBAgIRAP////////////////////8wDQYJKoZIhvcNAQEFBQAw
OzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xh
clNTTCBUZXN0IENBMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0NDQwNlowPDEL
MAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRowGAYDVQQDDBFQb2xhclNT
TCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1A
atVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGR
W+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/d
Bh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1Qkl
iXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj
/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26tw
EtxaymsXq1KCVLECAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynB
dHRFOwUSLD2ovUNZAqYwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8w
DQYJKoZIhvcNAQEFBQADggEBADYfhZU2lWxBamt7m3A4XQj6bZ4BZlabv5IbLI32
nej6w/6/gsXPI85nfZqpIn6IYwAeDRdJo/eUqYkIdoy5DEP+50pgCGJK5HAoBWVJ
THKeVJn/vPH3Dz/CaCYQoHTmSi+ChfIhPh84UUdfVpv2qNInII4RxFlSAHUkRMbV
BX6imMSD5M508G6vWGUUc6G/sx/s7vtVeGGPyNOQPgwMTes60Mewpu9LKKaSwfqQ
DgEa8WzxPrPEyOUiIp7ClwlXe3JECHIjm445qmENgfY/8tlsyAdYKSkotfiuoUWb
daylD6QVUXn67loYDPZALghpDxmSm21VE7feTWOUbOpe14U=
-----END CERTIFICATE-----

17
tests/data_files/server1.req.sha256.ext Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICpzCCAY8CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAmMCQGCSqGSIb3DQEJDjEX
MBUwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAHi0yEGu
Fh5tuLiLuT95UrRnly55+lTY9xchFiKtlcoEdSheybYxqk3JHuSSqojOFKZBlRdk
oG6Azg56/aMHPWyvtCMSRQX4b+FgjeQsm9IfhYNMquQOxyPxm62vjuU3MfZIofXH
hKdI6Ci2CDF4Fyvw50KBWniV38eE9+kjsvDLdXD3ESZJGhjjuFl8ReUiA2wdBTcP
XEZaXUIc6B4tUnlPeqn/2zp4GBqqWzNZx6TXBpApASGG3BEJnM52FVPC7E9p+8YZ
qIGuiF5Cz/rYZkpwffBWIfS2zZakHLm5TB8FgZkWlyReJU9Ihk2Tl/sZ1kllFdYa
xLPnLCL82KFL1Co=
-----END CERTIFICATE REQUEST-----

12
tests/data_files/server5-nonprintable_othername.crt Normal file
View File

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G
A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg
b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x
CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU
TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF
BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC
IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT
3vnWdvcHRIAdXA0kh+mcBMaXk9B0
-----END CERTIFICATE-----

23
tests/data_files/test-ca.opensslconf
View File

@ -15,7 +15,10 @@ basicConstraints = CA:true
[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
[unsupoported_othername_san]
[nonprintable_othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
[unsupported_othername_san]
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
[dns_alt_names]
@ -34,6 +37,10 @@ subjectAltName=@alt_names
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456
[nonprintable_hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = FORMAT:HEX, OCT:3132338081008180333231
[v3_any_policy_ca]
basicConstraints = CA:true
certificatePolicies = 2.5.29.32.0
@ -75,3 +82,17 @@ fullname=URI:http://pki.example.com/
# these IPs are the ascii values for 'abcd' and 'abcd.example.com'
[tricky_ip_san]
subjectAltName=IP:97.98.99.100,IP:6162:6364:2e65:7861:6d70:6c65:2e63:6f6d
[csr_ext_v3_keyUsage]
keyUsage = digitalSignature, keyEncipherment
[csr_ext_v3_subjectAltName]
subjectAltName=DNS:example.com, DNS:example.net, DNS:*.example.org
[csr_ext_v3_nsCertType]
nsCertType=server
[csr_ext_v3_all]
keyUsage = cRLSign
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
nsCertType=client

25
tests/data_files/test-ca.server1.test_serial.opensslconf Normal file
View File

@ -0,0 +1,25 @@
[ ca ]
default_ca = test-ca
[ test-ca ]
certificate = test-ca.crt
private_key = test-ca.key
serial = test-ca.server1.tmp.serial
default_md = sha1
default_startdate = 20190210144406Z
default_enddate = 20290210144406Z
x509_extensions = v3_ca
new_certs_dir = ./
database = ./test-ca.server1.db
policy = policy_match
unique_subject = no
[v3_ca]
basicConstraints = CA:false
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
[policy_match]
countryName = supplied
organizationName = supplied
commonName = supplied

BIN
tests/data_files/test_csr_v3_all.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_attributes_extension_request.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len1.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_len2.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_sequence_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_attributes_extension_request_set_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_attributes_id_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_attributes_len1.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_attributes_len2.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_attributes_sequence_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_duplicated_extension.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_extension_data_len1.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_extension_data_len2.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_extension_data_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_extension_id_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_extension_key_usage_bitstream_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_extension_subject_alt_name_sequence_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_extension_type_oid.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_all_malformed_extensions_sequence_tag.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_keyUsage.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_nsCertType.csr.der Normal file
View File

Binary file not shown.

BIN
tests/data_files/test_csr_v3_subjectAltName.csr.der Normal file
View File

Binary file not shown.

4
tests/docker/bionic/Dockerfile
View File

@ -4,6 +4,10 @@
# -------
# Defines a Docker container suitable to build and run all tests (all.sh),
# except for those that use a proprietary toolchain.
#
# WARNING: this Dockerfile is no longer maintained! See
# https://github.com/Mbed-TLS/mbedtls-test/blob/master/README.md#quick-start
# for the set of Docker images we use on the CI.
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0

6
tests/include/alt-dummy/aes_alt.h
View File

@ -19,16 +19,14 @@
#ifndef AES_ALT_H
#define AES_ALT_H
typedef struct mbedtls_aes_context
{
typedef struct mbedtls_aes_context {
int dummy;
}
mbedtls_aes_context;
#if defined(MBEDTLS_CIPHER_MODE_XTS)
typedef struct mbedtls_aes_xts_context
{
typedef struct mbedtls_aes_xts_context {
int dummy;
} mbedtls_aes_xts_context;
#endif

3
tests/include/alt-dummy/aria_alt.h
View File

@ -19,8 +19,7 @@
#ifndef ARIA_ALT_H
#define ARIA_ALT_H
typedef struct mbedtls_aria_context
{
typedef struct mbedtls_aria_context {
int dummy;
}
mbedtls_aria_context;

3
tests/include/alt-dummy/camellia_alt.h
View File

@ -19,8 +19,7 @@
#ifndef CAMELLIA_ALT_H
#define CAMELLIA_ALT_H
typedef struct mbedtls_camellia_context
{
typedef struct mbedtls_camellia_context {
int dummy;
}
mbedtls_camellia_context;

3
tests/include/alt-dummy/ccm_alt.h
View File

@ -19,8 +19,7 @@
#ifndef CCM_ALT_H
#define CCM_ALT_H
typedef struct mbedtls_ccm_context
{
typedef struct mbedtls_ccm_context {
int dummy;
}
mbedtls_ccm_context;

3
tests/include/alt-dummy/chacha20_alt.h
View File

@ -19,8 +19,7 @@
#ifndef CHACHA20_ALT_H
#define CHACHA20_ALT_H
typedef struct mbedtls_chacha20_context
{
typedef struct mbedtls_chacha20_context {
int dummy;
}
mbedtls_chacha20_context;

3
tests/include/alt-dummy/chachapoly_alt.h
View File

@ -21,8 +21,7 @@
#include "mbedtls/chacha20.h"
typedef struct mbedtls_chachapoly_context
{
typedef struct mbedtls_chachapoly_context {
int dummy;
}
mbedtls_chachapoly_context;

3
tests/include/alt-dummy/cmac_alt.h
View File

@ -19,8 +19,7 @@
#ifndef CMAC_ALT_H
#define CMAC_ALT_H
struct mbedtls_cmac_context_t
{
struct mbedtls_cmac_context_t {
int dummy;
};

6
tests/include/alt-dummy/des_alt.h
View File

@ -20,14 +20,12 @@
#ifndef DES_ALT_H
#define DES_ALT_H
typedef struct mbedtls_des_context
{
typedef struct mbedtls_des_context {
int dummy;
}
mbedtls_des_context;
typedef struct mbedtls_des3_context
{
typedef struct mbedtls_des3_context {
int dummy;
}
mbedtls_des3_context;

3
tests/include/alt-dummy/dhm_alt.h
View File

@ -19,8 +19,7 @@
#ifndef DHM_ALT_H
#define DHM_ALT_H
typedef struct mbedtls_dhm_context
{
typedef struct mbedtls_dhm_context {
int dummy;
}
mbedtls_dhm_context;

3
tests/include/alt-dummy/ecjpake_alt.h
View File

@ -19,8 +19,7 @@
#ifndef ECJPAKE_ALT_H
#define ECJPAKE_ALT_H
typedef struct mbedtls_ecjpake_context
{
typedef struct mbedtls_ecjpake_context {
int dummy;
} mbedtls_ecjpake_context;

3
tests/include/alt-dummy/ecp_alt.h
View File

@ -19,8 +19,7 @@
#ifndef ECP_ALT_H
#define ECP_ALT_H
typedef struct mbedtls_ecp_group
{
typedef struct mbedtls_ecp_group {
const mbedtls_ecp_group_id id;
const mbedtls_mpi P;
const mbedtls_mpi A;

3
tests/include/alt-dummy/gcm_alt.h
View File

@ -19,8 +19,7 @@
#ifndef GCM_ALT_H
#define GCM_ALT_H
typedef struct mbedtls_gcm_context
{
typedef struct mbedtls_gcm_context {
int dummy;
}
mbedtls_gcm_context;

3
tests/include/alt-dummy/md5_alt.h
View File

@ -19,8 +19,7 @@
#ifndef MD5_ALT_H
#define MD5_ALT_H
typedef struct mbedtls_md5_context
{
typedef struct mbedtls_md5_context {
int dummy;
}
mbedtls_md5_context;

3
tests/include/alt-dummy/platform_alt.h
View File

@ -19,8 +19,7 @@
#ifndef PLATFORM_ALT_H
#define PLATFORM_ALT_H
typedef struct mbedtls_platform_context
{
typedef struct mbedtls_platform_context {
int dummy;
}
mbedtls_platform_context;

3
tests/include/alt-dummy/poly1305_alt.h
View File

@ -19,8 +19,7 @@
#ifndef POLY1305_ALT_H
#define POLY1305_ALT_H
typedef struct mbedtls_poly1305_context
{
typedef struct mbedtls_poly1305_context {
int dummy;
}
mbedtls_poly1305_context;

3
tests/include/alt-dummy/ripemd160_alt.h
View File

@ -19,8 +19,7 @@
#ifndef RIPEMD160_ALT_H
#define RIPEMD160_ALT_H
typedef struct mbedtls_ripemd160_context
{
typedef struct mbedtls_ripemd160_context {
int dummy;
}
mbedtls_ripemd160_context;

3
tests/include/alt-dummy/rsa_alt.h
View File

@ -19,8 +19,7 @@
#ifndef RSA_ALT_H
#define RSA_ALT_H
typedef struct mbedtls_rsa_context
{
typedef struct mbedtls_rsa_context {
int dummy;
}
mbedtls_rsa_context;

3
tests/include/alt-dummy/sha1_alt.h
View File

@ -19,8 +19,7 @@
#ifndef SHA1_ALT_H
#define SHA1_ALT_H
typedef struct mbedtls_sha1_context
{
typedef struct mbedtls_sha1_context {
int dummy;
}
mbedtls_sha1_context;

3
tests/include/alt-dummy/sha256_alt.h
View File

@ -19,8 +19,7 @@
#ifndef SHA256_ALT_H
#define SHA256_ALT_H
typedef struct mbedtls_sha256_context
{
typedef struct mbedtls_sha256_context {
int dummy;
}
mbedtls_sha256_context;

3
tests/include/alt-dummy/sha512_alt.h
View File

@ -19,8 +19,7 @@
#ifndef SHA512_ALT_H
#define SHA512_ALT_H
typedef struct mbedtls_sha512_context
{
typedef struct mbedtls_sha512_context {
int dummy;
}
mbedtls_sha512_context;

3
tests/include/alt-dummy/threading_alt.h
View File

@ -19,8 +19,7 @@
#ifndef THREADING_ALT_H
#define THREADING_ALT_H
typedef struct mbedtls_threading_mutex_t
{
typedef struct mbedtls_threading_mutex_t {
int dummy;
} mbedtls_threading_mutex_t;

6
tests/include/alt-dummy/timing_alt.h
View File

@ -19,13 +19,11 @@
#ifndef TIMING_ALT_H
#define TIMING_ALT_H
struct mbedtls_timing_hr_time
{
struct mbedtls_timing_hr_time {
int dummy;
};
typedef struct mbedtls_timing_delay_context
{
typedef struct mbedtls_timing_delay_context {
int dummy;
} mbedtls_timing_delay_context;

106
tests/include/spe/crypto_spe.h
View File

@ -34,110 +34,110 @@
#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
#define psa_crypto_init \
PSA_FUNCTION_NAME(psa_crypto_init)
PSA_FUNCTION_NAME(psa_crypto_init)
#define psa_key_derivation_get_capacity \
PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
#define psa_key_derivation_set_capacity \
PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
#define psa_key_derivation_input_bytes \
PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
#define psa_key_derivation_output_bytes \
PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
#define psa_key_derivation_input_key \
PSA_FUNCTION_NAME(psa_key_derivation_input_key)
PSA_FUNCTION_NAME(psa_key_derivation_input_key)
#define psa_key_derivation_output_key \
PSA_FUNCTION_NAME(psa_key_derivation_output_key)
PSA_FUNCTION_NAME(psa_key_derivation_output_key)
#define psa_key_derivation_setup \
PSA_FUNCTION_NAME(psa_key_derivation_setup)
PSA_FUNCTION_NAME(psa_key_derivation_setup)
#define psa_key_derivation_abort \
PSA_FUNCTION_NAME(psa_key_derivation_abort)
PSA_FUNCTION_NAME(psa_key_derivation_abort)
#define psa_key_derivation_key_agreement \
PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
#define psa_raw_key_agreement \
PSA_FUNCTION_NAME(psa_raw_key_agreement)
PSA_FUNCTION_NAME(psa_raw_key_agreement)
#define psa_generate_random \
PSA_FUNCTION_NAME(psa_generate_random)
PSA_FUNCTION_NAME(psa_generate_random)
#define psa_aead_encrypt \
PSA_FUNCTION_NAME(psa_aead_encrypt)
PSA_FUNCTION_NAME(psa_aead_encrypt)
#define psa_aead_decrypt \
PSA_FUNCTION_NAME(psa_aead_decrypt)
PSA_FUNCTION_NAME(psa_aead_decrypt)
#define psa_open_key \
PSA_FUNCTION_NAME(psa_open_key)
PSA_FUNCTION_NAME(psa_open_key)
#define psa_close_key \
PSA_FUNCTION_NAME(psa_close_key)
PSA_FUNCTION_NAME(psa_close_key)
#define psa_import_key \
PSA_FUNCTION_NAME(psa_import_key)
PSA_FUNCTION_NAME(psa_import_key)
#define psa_destroy_key \
PSA_FUNCTION_NAME(psa_destroy_key)
PSA_FUNCTION_NAME(psa_destroy_key)
#define psa_get_key_attributes \
PSA_FUNCTION_NAME(psa_get_key_attributes)
PSA_FUNCTION_NAME(psa_get_key_attributes)
#define psa_reset_key_attributes \
PSA_FUNCTION_NAME(psa_reset_key_attributes)
PSA_FUNCTION_NAME(psa_reset_key_attributes)
#define psa_export_key \
PSA_FUNCTION_NAME(psa_export_key)
PSA_FUNCTION_NAME(psa_export_key)
#define psa_export_public_key \
PSA_FUNCTION_NAME(psa_export_public_key)
PSA_FUNCTION_NAME(psa_export_public_key)
#define psa_purge_key \
PSA_FUNCTION_NAME(psa_purge_key)
PSA_FUNCTION_NAME(psa_purge_key)
#define psa_copy_key \
PSA_FUNCTION_NAME(psa_copy_key)
PSA_FUNCTION_NAME(psa_copy_key)
#define psa_cipher_operation_init \
PSA_FUNCTION_NAME(psa_cipher_operation_init)
PSA_FUNCTION_NAME(psa_cipher_operation_init)
#define psa_cipher_generate_iv \
PSA_FUNCTION_NAME(psa_cipher_generate_iv)
PSA_FUNCTION_NAME(psa_cipher_generate_iv)
#define psa_cipher_set_iv \
PSA_FUNCTION_NAME(psa_cipher_set_iv)
PSA_FUNCTION_NAME(psa_cipher_set_iv)
#define psa_cipher_encrypt_setup \
PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
#define psa_cipher_decrypt_setup \
PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
#define psa_cipher_update \
PSA_FUNCTION_NAME(psa_cipher_update)
PSA_FUNCTION_NAME(psa_cipher_update)
#define psa_cipher_finish \
PSA_FUNCTION_NAME(psa_cipher_finish)
PSA_FUNCTION_NAME(psa_cipher_finish)
#define psa_cipher_abort \
PSA_FUNCTION_NAME(psa_cipher_abort)
PSA_FUNCTION_NAME(psa_cipher_abort)
#define psa_hash_operation_init \
PSA_FUNCTION_NAME(psa_hash_operation_init)
PSA_FUNCTION_NAME(psa_hash_operation_init)
#define psa_hash_setup \
PSA_FUNCTION_NAME(psa_hash_setup)
PSA_FUNCTION_NAME(psa_hash_setup)
#define psa_hash_update \
PSA_FUNCTION_NAME(psa_hash_update)
PSA_FUNCTION_NAME(psa_hash_update)
#define psa_hash_finish \
PSA_FUNCTION_NAME(psa_hash_finish)
PSA_FUNCTION_NAME(psa_hash_finish)
#define psa_hash_verify \
PSA_FUNCTION_NAME(psa_hash_verify)
PSA_FUNCTION_NAME(psa_hash_verify)
#define psa_hash_abort \
PSA_FUNCTION_NAME(psa_hash_abort)
PSA_FUNCTION_NAME(psa_hash_abort)
#define psa_hash_clone \
PSA_FUNCTION_NAME(psa_hash_clone)
PSA_FUNCTION_NAME(psa_hash_clone)
#define psa_hash_compute \
PSA_FUNCTION_NAME(psa_hash_compute)
PSA_FUNCTION_NAME(psa_hash_compute)
#define psa_hash_compare \
PSA_FUNCTION_NAME(psa_hash_compare)
PSA_FUNCTION_NAME(psa_hash_compare)
#define psa_mac_operation_init \
PSA_FUNCTION_NAME(psa_mac_operation_init)
PSA_FUNCTION_NAME(psa_mac_operation_init)
#define psa_mac_sign_setup \
PSA_FUNCTION_NAME(psa_mac_sign_setup)
PSA_FUNCTION_NAME(psa_mac_sign_setup)
#define psa_mac_verify_setup \
PSA_FUNCTION_NAME(psa_mac_verify_setup)
PSA_FUNCTION_NAME(psa_mac_verify_setup)
#define psa_mac_update \
PSA_FUNCTION_NAME(psa_mac_update)
PSA_FUNCTION_NAME(psa_mac_update)
#define psa_mac_sign_finish \
PSA_FUNCTION_NAME(psa_mac_sign_finish)
PSA_FUNCTION_NAME(psa_mac_sign_finish)
#define psa_mac_verify_finish \
PSA_FUNCTION_NAME(psa_mac_verify_finish)
PSA_FUNCTION_NAME(psa_mac_verify_finish)
#define psa_mac_abort \
PSA_FUNCTION_NAME(psa_mac_abort)
PSA_FUNCTION_NAME(psa_mac_abort)
#define psa_sign_hash \
PSA_FUNCTION_NAME(psa_sign_hash)
PSA_FUNCTION_NAME(psa_sign_hash)
#define psa_verify_hash \
PSA_FUNCTION_NAME(psa_verify_hash)
PSA_FUNCTION_NAME(psa_verify_hash)
#define psa_asymmetric_encrypt \
PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
#define psa_asymmetric_decrypt \
PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
#define psa_generate_key \
PSA_FUNCTION_NAME(psa_generate_key)
PSA_FUNCTION_NAME(psa_generate_key)
#endif /* CRYPTO_SPE_H */

6
tests/include/test/asn1_helpers.h
View File

@ -43,8 +43,8 @@
*
* \return \c 0 if the test failed, otherwise 1.
*/
int mbedtls_test_asn1_skip_integer( unsigned char **p, const unsigned char *end,
size_t min_bits, size_t max_bits,
int must_be_odd );
int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
size_t min_bits, size_t max_bits,
int must_be_odd);
#endif /* ASN1_HELPERS_H */

118
tests/include/test/bignum_helpers.h Normal file
View File

@ -0,0 +1,118 @@
/**
* \file bignum_helpers.h
*
* \brief This file contains the prototypes of helper functions for
* bignum-related testing.
*/
/*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef TEST_BIGNUM_HELPERS_H
#define TEST_BIGNUM_HELPERS_H
#include <mbedtls/build_info.h>
#if defined(MBEDTLS_BIGNUM_C)
#include <mbedtls/bignum.h>
#include <bignum_mod.h>
/** Allocate and populate a core MPI from a test case argument.
*
* This function allocates exactly as many limbs as necessary to fit
* the length of the input. In other words, it preserves leading zeros.
*
* The limb array is allocated with mbedtls_calloc() and must later be
* freed with mbedtls_free().
*
* \param[in,out] pX The address where a pointer to the allocated limb
* array will be stored.
* \c *pX must be null on entry.
* On exit, \c *pX is null on error or if the number
* of limbs is 0.
* \param[out] plimbs The address where the number of limbs will be stored.
* \param[in] input The test argument to read.
* It is interpreted as a hexadecimal representation
* of a non-negative integer.
*
* \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
*/
int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs,
const char *input);
/** Read a modulus from a hexadecimal string.
*
* This function allocates exactly as many limbs as necessary to fit
* the length of the input. In other words, it preserves leading zeros.
*
* The limb array is allocated with mbedtls_calloc() and must later be
* freed with mbedtls_free(). You can do that by calling
* mbedtls_test_mpi_mod_modulus_free_with_limbs().
*
* \param[in,out] N A modulus structure. It must be initialized, but
* not set up.
* \param[in] s The null-terminated hexadecimal string to read from.
* \param int_rep The desired representation of residues.
*
* \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
*/
int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
const char *s,
mbedtls_mpi_mod_rep_selector int_rep);
/** Free a modulus and its limbs.
*
* \param[in] N A modulus structure such that there is no other
* reference to `N->p`.
*/
void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N);
/** Read an MPI from a hexadecimal string.
*
* Like mbedtls_mpi_read_string(), but with tighter guarantees around
* edge cases.
*
* - This function guarantees that if \p s begins with '-' then the sign
* bit of the result will be negative, even if the value is 0.
* When this function encounters such a "negative 0", it
* increments #mbedtls_test_case_uses_negative_0.
* - The size of the result is exactly the minimum number of limbs needed
* to fit the digits in the input. In particular, this function constructs
* a bignum with 0 limbs for an empty string, and a bignum with leading 0
* limbs if the string has sufficiently many leading 0 digits.
* This is important so that the "0 (null)" and "0 (1 limb)" and
* "leading zeros" test cases do what they claim.
*
* \param[out] X The MPI object to populate. It must be initialized.
* \param[in] s The null-terminated hexadecimal string to read from.
*
* \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
*/
int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s);
/** Nonzero if the current test case had an input parsed with
* mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc.,
* constructing a result with the sign bit set to -1 and the value being
* all-limbs-0, which is not a valid representation in #mbedtls_mpi but is
* tested for robustness).
*/
extern unsigned mbedtls_test_case_uses_negative_0;
#endif /* MBEDTLS_BIGNUM_C */
#endif /* TEST_BIGNUM_HELPERS_H */

22
tests/include/test/certs.h
View File

@ -33,11 +33,11 @@ extern "C" {
/* List of all PEM-encoded CA certificates, terminated by NULL;
* PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded
* otherwise. */
extern const char * mbedtls_test_cas[];
extern const char *mbedtls_test_cas[];
extern const size_t mbedtls_test_cas_len[];
/* List of all DER-encoded CA certificates, terminated by NULL */
extern const unsigned char * mbedtls_test_cas_der[];
extern const unsigned char *mbedtls_test_cas_der[];
extern const size_t mbedtls_test_cas_der_len[];
#if defined(MBEDTLS_PEM_PARSE_C)
@ -108,9 +108,9 @@ extern const size_t mbedtls_test_ca_crt_rsa_len;
/* Config-dependent dispatch between EC and RSA
* (RSA if enabled, otherwise EC) */
extern const char * mbedtls_test_ca_crt;
extern const char * mbedtls_test_ca_key;
extern const char * mbedtls_test_ca_pwd;
extern const char *mbedtls_test_ca_crt;
extern const char *mbedtls_test_ca_key;
extern const char *mbedtls_test_ca_pwd;
extern const size_t mbedtls_test_ca_crt_len;
extern const size_t mbedtls_test_ca_key_len;
extern const size_t mbedtls_test_ca_pwd_len;
@ -177,9 +177,9 @@ extern const size_t mbedtls_test_srv_crt_rsa_len;
/* Config-dependent dispatch between EC and RSA
* (RSA if enabled, otherwise EC) */
extern const char * mbedtls_test_srv_crt;
extern const char * mbedtls_test_srv_key;
extern const char * mbedtls_test_srv_pwd;
extern const char *mbedtls_test_srv_crt;
extern const char *mbedtls_test_srv_key;
extern const char *mbedtls_test_srv_pwd;
extern const size_t mbedtls_test_srv_crt_len;
extern const size_t mbedtls_test_srv_key_len;
extern const size_t mbedtls_test_srv_pwd_len;
@ -232,9 +232,9 @@ extern const size_t mbedtls_test_cli_crt_rsa_len;
/* Config-dependent dispatch between EC and RSA
* (RSA if enabled, otherwise EC) */
extern const char * mbedtls_test_cli_crt;
extern const char * mbedtls_test_cli_key;
extern const char * mbedtls_test_cli_pwd;
extern const char *mbedtls_test_cli_crt;
extern const char *mbedtls_test_cli_key;
extern const char *mbedtls_test_cli_pwd;
extern const size_t mbedtls_test_cli_crt_len;
extern const size_t mbedtls_test_cli_key_len;
extern const size_t mbedtls_test_cli_pwd_len;

6
tests/include/test/constant_flow.h
View File

@ -46,6 +46,12 @@
* This file contains two implementations: one based on MemorySanitizer, the
* other on valgrind's memcheck. If none of them is enabled, dummy macros that
* do nothing are defined for convenience.
*
* \note #TEST_CF_SECRET must be called directly from within a .function file,
* not indirectly via a macro defined under tests/include or a function
* under tests/src. This is because we only run Valgrind for constant
* flow on test suites that have greppable annotations inside them (see
* `skip_suites_without_constant_flow` in `tests/scripts/all.sh`).
*/
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)

58
tests/include/test/drivers/aead.h
View File

@ -48,10 +48,10 @@ typedef struct {
#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
static inline mbedtls_test_driver_aead_hooks_t
mbedtls_test_driver_aead_hooks_init( void )
mbedtls_test_driver_aead_hooks_init(void)
{
const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT;
return( v );
return v;
}
extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks;
@ -63,7 +63,7 @@ psa_status_t mbedtls_test_transparent_aead_encrypt(
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *plaintext, size_t plaintext_length,
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length );
uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
psa_status_t mbedtls_test_transparent_aead_decrypt(
const psa_key_attributes_t *attributes,
@ -72,62 +72,62 @@ psa_status_t mbedtls_test_transparent_aead_decrypt(
const uint8_t *nonce, size_t nonce_length,
const uint8_t *additional_data, size_t additional_data_length,
const uint8_t *ciphertext, size_t ciphertext_length,
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length );
uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg );
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const psa_key_attributes_t *attributes,
const uint8_t *key_buffer, size_t key_buffer_size,
psa_algorithm_t alg );
psa_algorithm_t alg);
psa_status_t mbedtls_test_transparent_aead_set_nonce(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *nonce,
size_t nonce_length );
size_t nonce_length);
psa_status_t mbedtls_test_transparent_aead_set_lengths(
mbedtls_transparent_test_driver_aead_operation_t *operation,
size_t ad_length,
size_t plaintext_length );
size_t plaintext_length);
psa_status_t mbedtls_test_transparent_aead_update_ad(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *input,
size_t input_length );
size_t input_length);
psa_status_t mbedtls_test_transparent_aead_update(
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length );
mbedtls_transparent_test_driver_aead_operation_t *operation,
const uint8_t *input,
size_t input_length,
uint8_t *output,
size_t output_size,
size_t *output_length);
psa_status_t mbedtls_test_transparent_aead_finish(
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length,
uint8_t *tag,
size_t tag_size,
size_t *tag_length );
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *ciphertext,
size_t ciphertext_size,
size_t *ciphertext_length,
uint8_t *tag,
size_t tag_size,
size_t *tag_length);
psa_status_t mbedtls_test_transparent_aead_verify(
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
size_t tag_length );
mbedtls_transparent_test_driver_aead_operation_t *operation,
uint8_t *plaintext,
size_t plaintext_size,
size_t *plaintext_length,
const uint8_t *tag,
size_t tag_length);
psa_status_t mbedtls_test_transparent_aead_abort(
mbedtls_transparent_test_driver_aead_operation_t *operation );
mbedtls_transparent_test_driver_aead_operation_t *operation);
#endif /* PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */

Some files were not shown because too many files have changed in this diff Show More