lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00
Code Activity

Merge pull request #9451 from minosgalanakis/fix-v3.6-issues-9186-and-9188-bp

Browse Source 
[Backport 3.6] Fix v3.6 issues 9186 and 9188 bp
This commit is contained in:
Gilles Peskine
2024-08-12 09:34:19 +00:00
committed by GitHub
parent 3b41e1d2a5 3001e27f21
commit 7f9470ac02
64 changed files with 428 additions and 394 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CMakeLists.txt
View File

@@ -204,7 +204,7 @@ if(CMAKE_COMPILER_IS_GNU)
# note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
OUTPUT_VARIABLE GCC_VERSION) OUTPUT_VARIABLE GCC_VERSION)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes")
if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0) if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wformat=2 -Wno-format-nonliteral")
endif() endif()
@@ -238,7 +238,7 @@ if(CMAKE_COMPILER_IS_GNU)
endif(CMAKE_COMPILER_IS_GNU) endif(CMAKE_COMPILER_IS_GNU)
if(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral")
set(CMAKE_C_FLAGS_RELEASE "-O2") set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3") set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage") set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")

3
ChangeLog.d/fix-clang-psa-build-without-dhm.txt Normal file
View File

@@ -0,0 +1,3 @@
Bugfix
* Fix Clang compilation error when MBEDTLS_USE_PSA_CRYPTO is enabled
but MBEDTLS_DHM_C is disabled. Reported by Michael Schuster in #9188.

3
ChangeLog.d/fix-server-mode-only-build.txt Normal file
View File

@@ -0,0 +1,3 @@
Bugfix
* Fix server mode only build when MBEDTLS_SSL_SRV_C is enabled but
MBEDTLS_SSL_CLI_C is disabled. Reported by M-Bab on GitHub in #9186.

2
framework

Submodule framework updated: 331565b041...6a1dc7daa9

4
library/CMakeLists.txt
View File

@@ -197,11 +197,11 @@ else()
endif() endif()
if(CMAKE_COMPILER_IS_GNUCC) if(CMAKE_COMPILER_IS_GNUCC)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations")
endif(CMAKE_COMPILER_IS_GNUCC) endif(CMAKE_COMPILER_IS_GNUCC)
if(CMAKE_COMPILER_IS_CLANG) if(CMAKE_COMPILER_IS_CLANG)
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
endif(CMAKE_COMPILER_IS_CLANG) endif(CMAKE_COMPILER_IS_CLANG)
if(CMAKE_COMPILER_IS_MSVC) if(CMAKE_COMPILER_IS_MSVC)

2
library/ssl_misc.h
View File

@@ -1507,7 +1507,7 @@ int mbedtls_ssl_psk_derive_premaster(mbedtls_ssl_context *ssl,
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */ #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
#if defined(MBEDTLS_SSL_CLI_C) #if defined(MBEDTLS_SSL_CLI_C) || defined(MBEDTLS_SSL_SRV_C)
MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf); int mbedtls_ssl_conf_has_static_psk(mbedtls_ssl_config const *conf);
#endif #endif

2
library/ssl_tls12_server.c
View File

@@ -3921,7 +3921,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
uint8_t ecpoint_len; size_t ecpoint_len;
mbedtls_ssl_handshake_params *handshake = ssl->handshake; mbedtls_ssl_handshake_params *handshake = ssl->handshake;

2
programs/cipher/cipher_aead_demo.c
View File

@@ -79,7 +79,7 @@ const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
const unsigned char key_bytes[32] = { 0x2a }; const unsigned char key_bytes[32] = { 0x2a };
/* Print the contents of a buffer in hex */ /* Print the contents of a buffer in hex */
void print_buf(const char *title, unsigned char *buf, size_t len) static void print_buf(const char *title, unsigned char *buf, size_t len)
{ {
printf("%s:", title); printf("%s:", title);
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {

3
programs/fuzz/common.h
View File

@@ -23,3 +23,6 @@ int dummy_random(void *p_rng, unsigned char *output, size_t output_len);
int dummy_entropy(void *data, unsigned char *output, size_t len); int dummy_entropy(void *data, unsigned char *output, size_t len);
int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len,
uint32_t timeout); uint32_t timeout);
/* Implemented in the fuzz_*.c sources and required by onefile.c */
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);

1
programs/fuzz/fuzz_pkcs7.c
View File

@@ -1,5 +1,6 @@
#include <stdint.h> #include <stdint.h>
#include "mbedtls/pkcs7.h" #include "mbedtls/pkcs7.h"
#include "common.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{ {

1
programs/fuzz/fuzz_pubkey.c
View File

@@ -1,6 +1,7 @@
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "common.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{ {

1
programs/fuzz/fuzz_x509crl.c
View File

@@ -1,5 +1,6 @@
#include <stdint.h> #include <stdint.h>
#include "mbedtls/x509_crl.h" #include "mbedtls/x509_crl.h"
#include "common.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{ {

1
programs/fuzz/fuzz_x509crt.c
View File

@@ -1,5 +1,6 @@
#include <stdint.h> #include <stdint.h>
#include "mbedtls/x509_crt.h" #include "mbedtls/x509_crt.h"
#include "common.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{ {

1
programs/fuzz/fuzz_x509csr.c
View File

@@ -1,5 +1,6 @@
#include <stdint.h> #include <stdint.h>
#include "mbedtls/x509_csr.h" #include "mbedtls/x509_csr.h"
#include "common.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{ {

3
programs/fuzz/onefile.c
View File

@@ -1,14 +1,13 @@
#include <stdint.h> #include <stdint.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
#include "common.h"
/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway /* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway
* in case it contains platform-specific #defines related to malloc or * in case it contains platform-specific #defines related to malloc or
* stdio functions. */ * stdio functions. */
#include "mbedtls/build_info.h" #include "mbedtls/build_info.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
int main(int argc, char **argv) int main(int argc, char **argv)
{ {
FILE *fp; FILE *fp;

4
programs/hash/md_hmac_demo.c
View File

@@ -57,7 +57,7 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 };
const unsigned char key_bytes[32] = { 0 }; const unsigned char key_bytes[32] = { 0 };
/* Print the contents of a buffer in hex */ /* Print the contents of a buffer in hex */
void print_buf(const char *title, unsigned char *buf, size_t len) static void print_buf(const char *title, unsigned char *buf, size_t len)
{ {
printf("%s:", title); printf("%s:", title);
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
@@ -87,7 +87,7 @@ void print_buf(const char *title, unsigned char *buf, size_t len)
* This function demonstrates computation of the HMAC of two messages using * This function demonstrates computation of the HMAC of two messages using
* the multipart API. * the multipart API.
*/ */
int hmac_demo(void) static int hmac_demo(void)
{ {
int ret; int ret;
const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256; const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256;

4
programs/pkey/gen_key.c
View File

@@ -39,8 +39,8 @@ int main(void)
#define DEV_RANDOM_THRESHOLD 32 #define DEV_RANDOM_THRESHOLD 32
int dev_random_entropy_poll(void *data, unsigned char *output, static int dev_random_entropy_poll(void *data, unsigned char *output,
size_t len, size_t *olen) size_t len, size_t *olen)
{ {
FILE *file; FILE *file;
size_t ret, left = len; size_t ret, left = len;

2
programs/psa/aead_demo.c
View File

@@ -82,7 +82,7 @@ const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
const unsigned char key_bytes[32] = { 0x2a }; const unsigned char key_bytes[32] = { 0x2a };
/* Print the contents of a buffer in hex */ /* Print the contents of a buffer in hex */
void print_buf(const char *title, uint8_t *buf, size_t len) static void print_buf(const char *title, uint8_t *buf, size_t len)
{ {
printf("%s:", title); printf("%s:", title);
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {

4
programs/psa/hmac_demo.c
View File

@@ -59,7 +59,7 @@ const unsigned char msg2_part2[] = { 0x06, 0x06 };
const unsigned char key_bytes[32] = { 0 }; const unsigned char key_bytes[32] = { 0 };
/* Print the contents of a buffer in hex */ /* Print the contents of a buffer in hex */
void print_buf(const char *title, uint8_t *buf, size_t len) static void print_buf(const char *title, uint8_t *buf, size_t len)
{ {
printf("%s:", title); printf("%s:", title);
for (size_t i = 0; i < len; i++) { for (size_t i = 0; i < len; i++) {
@@ -90,7 +90,7 @@ void print_buf(const char *title, uint8_t *buf, size_t len)
* This function demonstrates computation of the HMAC of two messages using * This function demonstrates computation of the HMAC of two messages using
* the multipart API. * the multipart API.
*/ */
psa_status_t hmac_demo(void) static psa_status_t hmac_demo(void)
{ {
psa_status_t status; psa_status_t status;
const psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256); const psa_algorithm_t alg = PSA_ALG_HMAC(PSA_ALG_SHA_256);

4
programs/psa/psa_constant_names.c
View File

@@ -192,7 +192,7 @@ typedef enum {
TYPE_STATUS, TYPE_STATUS,
} signed_value_type; } signed_value_type;
int process_signed(signed_value_type type, long min, long max, char **argp) static int process_signed(signed_value_type type, long min, long max, char **argp)
{ {
for (; *argp != NULL; argp++) { for (; *argp != NULL; argp++) {
char buffer[200]; char buffer[200];
@@ -231,7 +231,7 @@ typedef enum {
TYPE_KEY_USAGE, TYPE_KEY_USAGE,
} unsigned_value_type; } unsigned_value_type;
int process_unsigned(unsigned_value_type type, unsigned long max, char **argp) static int process_unsigned(unsigned_value_type type, unsigned long max, char **argp)
{ {
for (; *argp != NULL; argp++) { for (; *argp != NULL; argp++) {
char buffer[200]; char buffer[200];

4
programs/ssl/ssl_client2.c
View File

@@ -597,8 +597,8 @@ static int my_verify(void *data, mbedtls_x509_crt *crt,
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */ #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
int report_cid_usage(mbedtls_ssl_context *ssl, static int report_cid_usage(mbedtls_ssl_context *ssl,
const char *additional_description) const char *additional_description)
{ {
int ret; int ret;
unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];

36
programs/ssl/ssl_context_info.c
View File

@@ -111,12 +111,12 @@ const char buf_ln_err[] = "Buffer does not have enough data to complete the pars
/* /*
* Basic printing functions * Basic printing functions
*/ */
void print_version(void) static void print_version(void)
{ {
printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR); printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR);
} }
void print_usage(void) static void print_usage(void)
{ {
print_version(); print_version();
printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n" printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n"
@@ -138,7 +138,7 @@ void print_usage(void)
); );
} }
void printf_dbg(const char *str, ...) static void printf_dbg(const char *str, ...)
{ {
if (debug) { if (debug) {
va_list args; va_list args;
@@ -151,7 +151,7 @@ void printf_dbg(const char *str, ...)
} }
MBEDTLS_PRINTF_ATTRIBUTE(1, 2) MBEDTLS_PRINTF_ATTRIBUTE(1, 2)
void printf_err(const char *str, ...) static void printf_err(const char *str, ...)
{ {
va_list args; va_list args;
va_start(args, str); va_start(args, str);
@@ -165,7 +165,7 @@ void printf_err(const char *str, ...)
/* /*
* Exit from the program in case of error * Exit from the program in case of error
*/ */
void error_exit(void) static void error_exit(void)
{ {
if (NULL != b64_file) { if (NULL != b64_file) {
fclose(b64_file); fclose(b64_file);
@@ -176,7 +176,7 @@ void error_exit(void)
/* /*
* This function takes the input arguments of this program * This function takes the input arguments of this program
*/ */
void parse_arguments(int argc, char *argv[]) static void parse_arguments(int argc, char *argv[])
{ {
int i = 1; int i = 1;
@@ -223,7 +223,7 @@ void parse_arguments(int argc, char *argv[])
/* /*
* This function prints base64 code to the stdout * This function prints base64 code to the stdout
*/ */
void print_b64(const uint8_t *b, size_t len) static void print_b64(const uint8_t *b, size_t len)
{ {
size_t i = 0; size_t i = 0;
const uint8_t *end = b + len; const uint8_t *end = b + len;
@@ -247,8 +247,8 @@ void print_b64(const uint8_t *b, size_t len)
* /p in_line number of bytes in one line * /p in_line number of bytes in one line
* /p prefix prefix for the new lines * /p prefix prefix for the new lines
*/ */
void print_hex(const uint8_t *b, size_t len, static void print_hex(const uint8_t *b, size_t len,
const size_t in_line, const char *prefix) const size_t in_line, const char *prefix)
{ {
size_t i = 0; size_t i = 0;
const uint8_t *end = b + len; const uint8_t *end = b + len;
@@ -271,7 +271,7 @@ void print_hex(const uint8_t *b, size_t len,
/* /*
* Print the value of time_t in format e.g. 2020-01-23 13:05:59 * Print the value of time_t in format e.g. 2020-01-23 13:05:59
*/ */
void print_time(const uint64_t *time) static void print_time(const uint64_t *time)
{ {
#if defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_HAVE_TIME)
char buf[20]; char buf[20];
@@ -292,7 +292,7 @@ void print_time(const uint64_t *time)
/* /*
* Print the input string if the bit is set in the value * Print the input string if the bit is set in the value
*/ */
void print_if_bit(const char *str, int bit, int val) static void print_if_bit(const char *str, int bit, int val)
{ {
if (bit & val) { if (bit & val) {
printf("\t%s\n", str); printf("\t%s\n", str);
@@ -302,7 +302,7 @@ void print_if_bit(const char *str, int bit, int val)
/* /*
* Return pointer to hardcoded "enabled" or "disabled" depending on the input value * Return pointer to hardcoded "enabled" or "disabled" depending on the input value
*/ */
const char *get_enabled_str(int is_en) static const char *get_enabled_str(int is_en)
{ {
return (is_en) ? "enabled" : "disabled"; return (is_en) ? "enabled" : "disabled";
} }
@@ -310,7 +310,7 @@ const char *get_enabled_str(int is_en)
/* /*
* Return pointer to hardcoded MFL string value depending on the MFL code at the input * Return pointer to hardcoded MFL string value depending on the MFL code at the input
*/ */
const char *get_mfl_str(int mfl_code) static const char *get_mfl_str(int mfl_code)
{ {
switch (mfl_code) { switch (mfl_code) {
case MBEDTLS_SSL_MAX_FRAG_LEN_NONE: case MBEDTLS_SSL_MAX_FRAG_LEN_NONE:
@@ -343,7 +343,7 @@ const char *get_mfl_str(int mfl_code)
* \retval number of bytes written in to the b64 buffer or 0 in case no more * \retval number of bytes written in to the b64 buffer or 0 in case no more
* data was found * data was found
*/ */
size_t read_next_b64_code(uint8_t **b64, size_t *max_len) static size_t read_next_b64_code(uint8_t **b64, size_t *max_len)
{ {
int valid_balance = 0; /* balance between valid and invalid characters */ int valid_balance = 0; /* balance between valid and invalid characters */
size_t len = 0; size_t len = 0;
@@ -443,7 +443,7 @@ size_t read_next_b64_code(uint8_t **b64, size_t *max_len)
* /p ssl pointer to serialized certificate * /p ssl pointer to serialized certificate
* /p len number of bytes in the buffer * /p len number of bytes in the buffer
*/ */
void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len) static void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len)
{ {
enum { STRLEN = 4096 }; enum { STRLEN = 4096 };
mbedtls_x509_crt crt; mbedtls_x509_crt crt;
@@ -509,8 +509,8 @@ void print_deserialized_ssl_cert(const uint8_t *ssl, uint32_t len)
* /p len number of bytes in the buffer * /p len number of bytes in the buffer
* /p session_cfg_flag session configuration flags * /p session_cfg_flag session configuration flags
*/ */
void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len, static void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len,
int session_cfg_flag) int session_cfg_flag)
{ {
const struct mbedtls_ssl_ciphersuite_t *ciphersuite_info; const struct mbedtls_ssl_ciphersuite_t *ciphersuite_info;
int ciphersuite_id; int ciphersuite_id;
@@ -746,7 +746,7 @@ void print_deserialized_ssl_session(const uint8_t *ssl, uint32_t len,
* /p ssl pointer to serialized session * /p ssl pointer to serialized session
* /p len number of bytes in the buffer * /p len number of bytes in the buffer
*/ */
void print_deserialized_ssl_context(const uint8_t *ssl, size_t len) static void print_deserialized_ssl_context(const uint8_t *ssl, size_t len)
{ {
const uint8_t *end = ssl + len; const uint8_t *end = ssl + len;
uint32_t session_len; uint32_t session_len;

51
programs/ssl/ssl_server2.c
View File

@@ -756,7 +756,7 @@ struct _sni_entry {
sni_entry *next; sni_entry *next;
}; };
void sni_free(sni_entry *head) static void sni_free(sni_entry *head)
{ {
sni_entry *cur = head, *next; sni_entry *cur = head, *next;
@@ -786,7 +786,7 @@ void sni_free(sni_entry *head)
* *
* Modifies the input string! This is not production quality! * Modifies the input string! This is not production quality!
*/ */
sni_entry *sni_parse(char *sni_string) static sni_entry *sni_parse(char *sni_string)
{ {
sni_entry *cur = NULL, *new = NULL; sni_entry *cur = NULL, *new = NULL;
char *p = sni_string; char *p = sni_string;
@@ -878,8 +878,8 @@ error:
/* /*
* SNI callback. * SNI callback.
*/ */
int sni_callback(void *p_info, mbedtls_ssl_context *ssl, static int sni_callback(void *p_info, mbedtls_ssl_context *ssl,
const unsigned char *name, size_t name_len) const unsigned char *name, size_t name_len)
{ {
const sni_entry *cur = (const sni_entry *) p_info; const sni_entry *cur = (const sni_entry *) p_info;
@@ -909,7 +909,7 @@ int sni_callback(void *p_info, mbedtls_ssl_context *ssl,
/* /*
* server certificate selection callback. * server certificate selection callback.
*/ */
int cert_callback(mbedtls_ssl_context *ssl) static int cert_callback(mbedtls_ssl_context *ssl)
{ {
const sni_entry *cur = (sni_entry *) mbedtls_ssl_get_user_data_p(ssl); const sni_entry *cur = (sni_entry *) mbedtls_ssl_get_user_data_p(ssl);
if (cur != NULL) { if (cur != NULL) {
@@ -954,7 +954,7 @@ struct _psk_entry {
/* /*
* Free a list of psk_entry's * Free a list of psk_entry's
*/ */
int psk_free(psk_entry *head) static int psk_free(psk_entry *head)
{ {
psk_entry *next; psk_entry *next;
@@ -985,7 +985,7 @@ int psk_free(psk_entry *head)
* *
* Modifies the input string! This is not production quality! * Modifies the input string! This is not production quality!
*/ */
psk_entry *psk_parse(char *psk_string) static psk_entry *psk_parse(char *psk_string)
{ {
psk_entry *cur = NULL, *new = NULL; psk_entry *cur = NULL, *new = NULL;
char *p = psk_string; char *p = psk_string;
@@ -1027,8 +1027,8 @@ error:
/* /*
* PSK callback * PSK callback
*/ */
int psk_callback(void *p_info, mbedtls_ssl_context *ssl, static int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
const unsigned char *name, size_t name_len) const unsigned char *name, size_t name_len)
{ {
psk_entry *cur = (psk_entry *) p_info; psk_entry *cur = (psk_entry *) p_info;
@@ -1055,7 +1055,7 @@ static mbedtls_net_context listen_fd, client_fd;
/* Interruption handler to ensure clean exit (for valgrind testing) */ /* Interruption handler to ensure clean exit (for valgrind testing) */
#if !defined(_WIN32) #if !defined(_WIN32)
static int received_sigterm = 0; static int received_sigterm = 0;
void term_handler(int sig) static void term_handler(int sig)
{ {
((void) sig); ((void) sig);
received_sigterm = 1; received_sigterm = 1;
@@ -1105,11 +1105,11 @@ typedef struct {
void *p_rng; void *p_rng;
} ssl_async_key_context_t; } ssl_async_key_context_t;
int ssl_async_set_key(ssl_async_key_context_t *ctx, static int ssl_async_set_key(ssl_async_key_context_t *ctx,
mbedtls_x509_crt *cert, mbedtls_x509_crt *cert,
mbedtls_pk_context *pk, mbedtls_pk_context *pk,
int pk_take_ownership, int pk_take_ownership,
unsigned delay) unsigned delay)
{ {
if (ctx->slots_used >= sizeof(ctx->slots) / sizeof(*ctx->slots)) { if (ctx->slots_used >= sizeof(ctx->slots) / sizeof(*ctx->slots)) {
return -1; return -1;
@@ -1332,8 +1332,8 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
int report_cid_usage(mbedtls_ssl_context *ssl, static int report_cid_usage(mbedtls_ssl_context *ssl,
const char *additional_description) const char *additional_description)
{ {
int ret; int ret;
unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX]; unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX];
@@ -1376,16 +1376,17 @@ int report_cid_usage(mbedtls_ssl_context *ssl,
} }
#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */ #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_HAVE_TIME) #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) && \
defined(MBEDTLS_HAVE_TIME)
static inline void put_unaligned_uint32(void *p, uint32_t x) static inline void put_unaligned_uint32(void *p, uint32_t x)
{ {
memcpy(p, &x, sizeof(x)); memcpy(p, &x, sizeof(x));
} }
/* Functions for session ticket tests */ /* Functions for session ticket tests */
int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session, static int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session,
unsigned char *start, const unsigned char *end, unsigned char *start, const unsigned char *end,
size_t *tlen, uint32_t *ticket_lifetime) size_t *tlen, uint32_t *ticket_lifetime)
{ {
int ret; int ret;
unsigned char *p = start; unsigned char *p = start;
@@ -1410,8 +1411,8 @@ int dummy_ticket_write(void *p_ticket, const mbedtls_ssl_session *session,
return 0; return 0;
} }
int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session, static int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
unsigned char *buf, size_t len) unsigned char *buf, size_t len)
{ {
int ret; int ret;
((void) p_ticket); ((void) p_ticket);
@@ -1467,9 +1468,9 @@ int dummy_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
return ret; return ret;
} }
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_HAVE_TIME */ #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C && MBEDTLS_HAVE_TIME */
int parse_cipher(char *buf) static int parse_cipher(char *buf)
{ {
if (strcmp(buf, "AES-128-CCM")) { if (strcmp(buf, "AES-128-CCM")) {
return MBEDTLS_CIPHER_AES_128_CCM; return MBEDTLS_CIPHER_AES_128_CCM;

62
programs/ssl/ssl_test_common_source.c
View File

@@ -12,13 +12,13 @@
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/ */
void eap_tls_key_derivation(void *p_expkey, static void eap_tls_key_derivation(void *p_expkey,
mbedtls_ssl_key_export_type secret_type, mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret, const unsigned char *secret,
size_t secret_len, size_t secret_len,
const unsigned char client_random[32], const unsigned char client_random[32],
const unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type) mbedtls_tls_prf_types tls_prf_type)
{ {
eap_tls_keys *keys = (eap_tls_keys *) p_expkey; eap_tls_keys *keys = (eap_tls_keys *) p_expkey;
@@ -36,13 +36,13 @@ void eap_tls_key_derivation(void *p_expkey,
keys->tls_prf_type = tls_prf_type; keys->tls_prf_type = tls_prf_type;
} }
void nss_keylog_export(void *p_expkey, static void nss_keylog_export(void *p_expkey,
mbedtls_ssl_key_export_type secret_type, mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret, const unsigned char *secret,
size_t secret_len, size_t secret_len,
const unsigned char client_random[32], const unsigned char client_random[32],
const unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type) mbedtls_tls_prf_types tls_prf_type)
{ {
char nss_keylog_line[200]; char nss_keylog_line[200];
size_t const client_random_len = 32; size_t const client_random_len = 32;
@@ -106,13 +106,13 @@ exit:
} }
#if defined(MBEDTLS_SSL_DTLS_SRTP) #if defined(MBEDTLS_SSL_DTLS_SRTP)
void dtls_srtp_key_derivation(void *p_expkey, static void dtls_srtp_key_derivation(void *p_expkey,
mbedtls_ssl_key_export_type secret_type, mbedtls_ssl_key_export_type secret_type,
const unsigned char *secret, const unsigned char *secret,
size_t secret_len, size_t secret_len,
const unsigned char client_random[32], const unsigned char client_random[32],
const unsigned char server_random[32], const unsigned char server_random[32],
mbedtls_tls_prf_types tls_prf_type) mbedtls_tls_prf_types tls_prf_type)
{ {
dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey; dtls_srtp_keys *keys = (dtls_srtp_keys *) p_expkey;
@@ -131,8 +131,8 @@ void dtls_srtp_key_derivation(void *p_expkey,
} }
#endif /* MBEDTLS_SSL_DTLS_SRTP */ #endif /* MBEDTLS_SSL_DTLS_SRTP */
int ssl_check_record(mbedtls_ssl_context const *ssl, static int ssl_check_record(mbedtls_ssl_context const *ssl,
unsigned char const *buf, size_t len) unsigned char const *buf, size_t len)
{ {
int my_ret = 0, ret_cr1, ret_cr2; int my_ret = 0, ret_cr1, ret_cr2;
unsigned char *tmp_buf; unsigned char *tmp_buf;
@@ -195,7 +195,7 @@ cleanup:
return my_ret; return my_ret;
} }
int recv_cb(void *ctx, unsigned char *buf, size_t len) static int recv_cb(void *ctx, unsigned char *buf, size_t len)
{ {
io_ctx_t *io_ctx = (io_ctx_t *) ctx; io_ctx_t *io_ctx = (io_ctx_t *) ctx;
size_t recv_len; size_t recv_len;
@@ -223,8 +223,8 @@ int recv_cb(void *ctx, unsigned char *buf, size_t len)
return (int) recv_len; return (int) recv_len;
} }
int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len, static int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len,
uint32_t timeout) uint32_t timeout)
{ {
io_ctx_t *io_ctx = (io_ctx_t *) ctx; io_ctx_t *io_ctx = (io_ctx_t *) ctx;
int ret; int ret;
@@ -248,7 +248,7 @@ int recv_timeout_cb(void *ctx, unsigned char *buf, size_t len,
return (int) recv_len; return (int) recv_len;
} }
int send_cb(void *ctx, unsigned char const *buf, size_t len) static int send_cb(void *ctx, unsigned char const *buf, size_t len)
{ {
io_ctx_t *io_ctx = (io_ctx_t *) ctx; io_ctx_t *io_ctx = (io_ctx_t *) ctx;
@@ -319,8 +319,8 @@ uint16_t ssl_sig_algs_for_test[] = {
/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
* for more info. * for more info.
*/ */
int x509_crt_verify_info(char *buf, size_t size, const char *prefix, static int x509_crt_verify_info(char *buf, size_t size, const char *prefix,
uint32_t flags) uint32_t flags)
{ {
#if !defined(MBEDTLS_X509_REMOVE_INFO) #if !defined(MBEDTLS_X509_REMOVE_INFO)
return mbedtls_x509_crt_verify_info(buf, size, prefix, flags); return mbedtls_x509_crt_verify_info(buf, size, prefix, flags);
@@ -352,7 +352,8 @@ int x509_crt_verify_info(char *buf, size_t size, const char *prefix,
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_print_supported_sig_algs(void) #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
static void mbedtls_print_supported_sig_algs(void)
{ {
mbedtls_printf("supported signature algorithms:\n"); mbedtls_printf("supported signature algorithms:\n");
mbedtls_printf("\trsa_pkcs1_sha256 "); mbedtls_printf("\trsa_pkcs1_sha256 ");
@@ -373,3 +374,4 @@ void mbedtls_print_supported_sig_algs(void)
mbedtls_printf("ecdsa_sha1\n"); mbedtls_printf("ecdsa_sha1\n");
mbedtls_printf("\n"); mbedtls_printf("\n");
} }
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */

36
programs/test/metatest.c
View File

@@ -76,13 +76,13 @@ void(*volatile do_nothing_with_object_but_the_compiler_does_not_know)(void *) =
/* Test framework features */ /* Test framework features */
/****************************************************************/ /****************************************************************/
void meta_test_fail(const char *name) static void meta_test_fail(const char *name)
{ {
(void) name; (void) name;
mbedtls_test_fail("Forced test failure", __LINE__, __FILE__); mbedtls_test_fail("Forced test failure", __LINE__, __FILE__);
} }
void meta_test_not_equal(const char *name) static void meta_test_not_equal(const char *name)
{ {
int left = 20; int left = 20;
int right = 10; int right = 10;
@@ -94,7 +94,7 @@ exit:
; ;
} }
void meta_test_not_le_s(const char *name) static void meta_test_not_le_s(const char *name)
{ {
int left = 20; int left = 20;
int right = 10; int right = 10;
@@ -106,7 +106,7 @@ exit:
; ;
} }
void meta_test_not_le_u(const char *name) static void meta_test_not_le_u(const char *name)
{ {
size_t left = 20; size_t left = 20;
size_t right = 10; size_t right = 10;
@@ -122,16 +122,16 @@ exit:
/* Platform features */ /* Platform features */
/****************************************************************/ /****************************************************************/
void null_pointer_dereference(const char *name) static void null_pointer_dereference(const char *name)
{ {
(void) name; (void) name;
volatile char *volatile p; volatile char *volatile p;
set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p)); set_to_zero_but_the_compiler_does_not_know(&p, sizeof(p));
/* Undefined behavior (read from null data pointer) */ /* Undefined behavior (read from null data pointer) */
mbedtls_printf("%p -> %u\n", p, (unsigned) *p); mbedtls_printf("%p -> %u\n", (void *) p, (unsigned) *p);
} }
void null_pointer_call(const char *name) static void null_pointer_call(const char *name)
{ {
(void) name; (void) name;
unsigned(*volatile p)(void); unsigned(*volatile p)(void);
@@ -148,7 +148,7 @@ void null_pointer_call(const char *name)
/* Memory */ /* Memory */
/****************************************************************/ /****************************************************************/
void read_after_free(const char *name) static void read_after_free(const char *name)
{ {
(void) name; (void) name;
volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
@@ -158,7 +158,7 @@ void read_after_free(const char *name)
mbedtls_printf("%u\n", (unsigned) *p); mbedtls_printf("%u\n", (unsigned) *p);
} }
void double_free(const char *name) static void double_free(const char *name)
{ {
(void) name; (void) name;
volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
@@ -168,7 +168,7 @@ void double_free(const char *name)
free_but_the_compiler_does_not_know((void *) p); free_but_the_compiler_does_not_know((void *) p);
} }
void read_uninitialized_stack(const char *name) static void read_uninitialized_stack(const char *name)
{ {
(void) name; (void) name;
char buf[1]; char buf[1];
@@ -182,7 +182,7 @@ void read_uninitialized_stack(const char *name)
} }
} }
void memory_leak(const char *name) static void memory_leak(const char *name)
{ {
(void) name; (void) name;
volatile char *p = calloc_but_the_compiler_does_not_know(1, 1); volatile char *p = calloc_but_the_compiler_does_not_know(1, 1);
@@ -196,7 +196,7 @@ void memory_leak(const char *name)
* %(start), %(offset) and %(count) are decimal integers. * %(start), %(offset) and %(count) are decimal integers.
* %(direction) is either the character 'r' for read or 'w' for write. * %(direction) is either the character 'r' for read or 'w' for write.
*/ */
void test_memory_poison(const char *name) static void test_memory_poison(const char *name)
{ {
size_t start = 0, offset = 0, count = 0; size_t start = 0, offset = 0, count = 0;
char direction = 'r'; char direction = 'r';
@@ -254,7 +254,7 @@ void test_memory_poison(const char *name)
/* Threading */ /* Threading */
/****************************************************************/ /****************************************************************/
void mutex_lock_not_initialized(const char *name) static void mutex_lock_not_initialized(const char *name)
{ {
(void) name; (void) name;
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
@@ -270,7 +270,7 @@ exit:
#endif #endif
} }
void mutex_unlock_not_initialized(const char *name) static void mutex_unlock_not_initialized(const char *name)
{ {
(void) name; (void) name;
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
@@ -286,7 +286,7 @@ exit:
#endif #endif
} }
void mutex_free_not_initialized(const char *name) static void mutex_free_not_initialized(const char *name)
{ {
(void) name; (void) name;
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
@@ -300,7 +300,7 @@ void mutex_free_not_initialized(const char *name)
#endif #endif
} }
void mutex_double_init(const char *name) static void mutex_double_init(const char *name)
{ {
(void) name; (void) name;
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
@@ -315,7 +315,7 @@ void mutex_double_init(const char *name)
#endif #endif
} }
void mutex_double_free(const char *name) static void mutex_double_free(const char *name)
{ {
(void) name; (void) name;
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
@@ -330,7 +330,7 @@ void mutex_double_free(const char *name)
#endif #endif
} }
void mutex_leak(const char *name) static void mutex_leak(const char *name)
{ {
(void) name; (void) name;
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)

4
programs/test/selftest.c
View File

@@ -241,7 +241,7 @@ static void create_entropy_seed_file(void)
} }
#endif #endif
int mbedtls_entropy_self_test_wrapper(int verbose) static int mbedtls_entropy_self_test_wrapper(int verbose)
{ {
#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) #if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
create_entropy_seed_file(); create_entropy_seed_file();
@@ -252,7 +252,7 @@ int mbedtls_entropy_self_test_wrapper(int verbose)
#if defined(MBEDTLS_SELF_TEST) #if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose) static int mbedtls_memory_buffer_alloc_free_and_self_test(int verbose)
{ {
if (verbose != 0) { if (verbose != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG) #if defined(MBEDTLS_MEMORY_DEBUG)

16
programs/test/udp_proxy.c
View File

@@ -483,7 +483,7 @@ typedef struct {
} packet; } packet;
/* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */ /* Print packet. Outgoing packets come with a reason (forward, dupl, etc.) */
void print_packet(const packet *p, const char *why) static void print_packet(const packet *p, const char *why)
{ {
#if defined(MBEDTLS_TIMING_C) #if defined(MBEDTLS_TIMING_C)
if (why == NULL) { if (why == NULL) {
@@ -527,7 +527,7 @@ typedef enum {
static inject_clihlo_state_t inject_clihlo_state; static inject_clihlo_state_t inject_clihlo_state;
static packet initial_clihlo; static packet initial_clihlo;
int send_packet(const packet *p, const char *why) static int send_packet(const packet *p, const char *why)
{ {
int ret; int ret;
mbedtls_net_context *dst = p->dst; mbedtls_net_context *dst = p->dst;
@@ -616,13 +616,13 @@ int send_packet(const packet *p, const char *why)
static size_t prev_len; static size_t prev_len;
static packet prev[MAX_DELAYED_MSG]; static packet prev[MAX_DELAYED_MSG];
void clear_pending(void) static void clear_pending(void)
{ {
memset(&prev, 0, sizeof(prev)); memset(&prev, 0, sizeof(prev));
prev_len = 0; prev_len = 0;
} }
void delay_packet(packet *delay) static void delay_packet(packet *delay)
{ {
if (prev_len == MAX_DELAYED_MSG) { if (prev_len == MAX_DELAYED_MSG) {
return; return;
@@ -631,7 +631,7 @@ void delay_packet(packet *delay)
memcpy(&prev[prev_len++], delay, sizeof(packet)); memcpy(&prev[prev_len++], delay, sizeof(packet));
} }
int send_delayed(void) static int send_delayed(void)
{ {
uint8_t offset; uint8_t offset;
int ret; int ret;
@@ -663,9 +663,9 @@ int send_delayed(void)
static unsigned char held[2048] = { 0 }; static unsigned char held[2048] = { 0 };
#define HOLD_MAX 2 #define HOLD_MAX 2
int handle_message(const char *way, static int handle_message(const char *way,
mbedtls_net_context *dst, mbedtls_net_context *dst,
mbedtls_net_context *src) mbedtls_net_context *src)
{ {
int ret; int ret;
packet cur; packet cur;

2
programs/test/zeroize.c
View File

@@ -23,7 +23,7 @@
#define BUFFER_LEN 1024 #define BUFFER_LEN 1024
void usage(void) static void usage(void)
{ {
mbedtls_printf("Zeroize is a simple program to assist with testing\n"); mbedtls_printf("Zeroize is a simple program to assist with testing\n");
mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n"); mbedtls_printf("the mbedtls_platform_zeroize() function by using the\n");

4
programs/util/pem2der.c
View File

@@ -45,8 +45,8 @@ struct options {
const char *output_file; /* where to store the output */ const char *output_file; /* where to store the output */
} opt; } opt;
int convert_pem_to_der(const unsigned char *input, size_t ilen, static int convert_pem_to_der(const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen) unsigned char *output, size_t *olen)
{ {
int ret; int ret;
const unsigned char *s1, *s2, *end = input + ilen; const unsigned char *s1, *s2, *end = input + ilen;

26
programs/x509/cert_req.c
View File

@@ -94,22 +94,22 @@ int main(void)
* global options * global options
*/ */
struct options { struct options {
const char *filename; /* filename of the key file */ const char *filename; /* filename of the key file */
const char *password; /* password for the key file */ const char *password; /* password for the key file */
int debug_level; /* level of debugging */ int debug_level; /* level of debugging */
const char *output_file; /* where to store the constructed key file */ const char *output_file; /* where to store the constructed key file */
const char *subject_name; /* subject name for certificate request */ const char *subject_name; /* subject name for certificate request */
mbedtls_x509_san_list *san_list; /* subjectAltName for certificate request */ mbedtls_x509_san_list *san_list; /* subjectAltName for certificate request */
unsigned char key_usage; /* key usage flags */ unsigned char key_usage; /* key usage flags */
int force_key_usage; /* Force adding the KeyUsage extension */ int force_key_usage; /* Force adding the KeyUsage extension */
unsigned char ns_cert_type; /* NS cert type */ unsigned char ns_cert_type; /* NS cert type */
int force_ns_cert_type; /* Force adding NsCertType extension */ int force_ns_cert_type; /* Force adding NsCertType extension */
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */ mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
} opt; } opt;
int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file, static int write_certificate_request(mbedtls_x509write_csr *req, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng) void *p_rng)
{ {
int ret; int ret;
FILE *f; FILE *f;

10
programs/x509/cert_write.c
View File

@@ -204,9 +204,9 @@ struct options {
int format; /* format */ int format; /* format */
} opt; } opt;
int write_certificate(mbedtls_x509write_cert *crt, const char *output_file, static int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
int (*f_rng)(void *, unsigned char *, size_t), int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng) void *p_rng)
{ {
int ret; int ret;
FILE *f; FILE *f;
@@ -249,8 +249,8 @@ int write_certificate(mbedtls_x509write_cert *crt, const char *output_file,
return 0; return 0;
} }
int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax, static int parse_serial_decimal_format(unsigned char *obuf, size_t obufmax,
const char *ibuf, size_t *len) const char *ibuf, size_t *len)
{ {
unsigned long long int dec; unsigned long long int dec;
unsigned int remaining_bytes = sizeof(dec); unsigned int remaining_bytes = sizeof(dec);

2
programs/x509/load_roots.c
View File

@@ -48,7 +48,7 @@ struct options {
} opt; } opt;
int read_certificates(const char *const *filenames) static int read_certificates(const char *const *filenames)
{ {
mbedtls_x509_crt cas; mbedtls_x509_crt cas;
int ret = 0; int ret = 0;

4
tests/scripts/components-configuration-tls.sh
View File

@@ -315,14 +315,14 @@ component_build_no_ssl_srv () {
msg "build: full config except SSL server, make, gcc" # ~ 30s msg "build: full config except SSL server, make, gcc" # ~ 30s
scripts/config.py full scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_SRV_C scripts/config.py unset MBEDTLS_SSL_SRV_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes'
} }
component_build_no_ssl_cli () { component_build_no_ssl_cli () {
msg "build: full config except SSL client, make, gcc" # ~ 30s msg "build: full config except SSL client, make, gcc" # ~ 30s
scripts/config.py full scripts/config.py full
scripts/config.py unset MBEDTLS_SSL_CLI_C scripts/config.py unset MBEDTLS_SSL_CLI_C
make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1' make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -Wmissing-prototypes'
} }
component_test_no_max_fragment_length () { component_test_no_max_fragment_length () {

2
tests/src/asn1_helpers.c
View File

@@ -15,6 +15,8 @@
#include <mbedtls/asn1.h> #include <mbedtls/asn1.h>
#include <test/asn1_helpers.h>
int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end, int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
size_t min_bits, size_t max_bits, size_t min_bits, size_t max_bits,
int must_be_odd) int must_be_odd)

4
tests/src/drivers/platform_builtin_keys.c
View File

@@ -10,6 +10,8 @@
#include <test/helpers.h> #include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
#include <psa/crypto.h> #include <psa/crypto.h>
#include <psa/crypto_extra.h> #include <psa/crypto_extra.h>
@@ -76,3 +78,5 @@ psa_status_t mbedtls_psa_platform_get_builtin_key(
return PSA_ERROR_DOES_NOT_EXIST; return PSA_ERROR_DOES_NOT_EXIST;
} }
#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */

3
tests/src/psa_memory_poisoning_wrappers.c
View File

@@ -4,7 +4,8 @@
* Copyright The Mbed TLS Contributors * Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
*/ */
#include "test/memory.h" #include <test/memory.h>
#include <test/psa_memory_poisoning_wrappers.h>
#include "psa_crypto_invasive.h" #include "psa_crypto_invasive.h"

16
tests/src/test_helpers/ssl_helpers.c
View File

@@ -950,10 +950,10 @@ int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,
/* /*
* Write application data. Increase write counter if necessary. * Write application data. Increase write counter if necessary.
*/ */
int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, static int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl,
unsigned char *buf, int buf_len, unsigned char *buf, int buf_len,
int *written, int *written,
const int expected_fragments) const int expected_fragments)
{ {
int ret; int ret;
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
@@ -997,10 +997,10 @@ exit:
* Read application data and increase read counter and fragments counter * Read application data and increase read counter and fragments counter
* if necessary. * if necessary.
*/ */
int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, static int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl,
unsigned char *buf, int buf_len, unsigned char *buf, int buf_len,
int *read, int *fragments, int *read, int *fragments,
const int expected_fragments) const int expected_fragments)
{ {
int ret; int ret;
/* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is

4
tests/suites/helpers.function
View File

@@ -55,8 +55,8 @@
/* Indicates whether we expect mbedtls_entropy_init /* Indicates whether we expect mbedtls_entropy_init
* to initialize some strong entropy source. */ * to initialize some strong entropy source. */
#if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ #if !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \
(!defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ (!defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \
defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
defined(ENTROPY_NV_SEED)) defined(ENTROPY_NV_SEED))
#define ENTROPY_HAVE_STRONG #define ENTROPY_HAVE_STRONG
#endif #endif

8
tests/suites/host_test.function
View File

@@ -8,7 +8,7 @@
* *
* \return 0 if success else 1 * \return 0 if success else 1
*/ */
int verify_string(char **str) static int verify_string(char **str)
{ {
if ((*str)[0] != '"' || if ((*str)[0] != '"' ||
(*str)[strlen(*str) - 1] != '"') { (*str)[strlen(*str) - 1] != '"') {
@@ -32,7 +32,7 @@ int verify_string(char **str)
* *
* \return 0 if success else 1 * \return 0 if success else 1
*/ */
int verify_int(char *str, intmax_t *p_value) static int verify_int(char *str, intmax_t *p_value)
{ {
char *end = NULL; char *end = NULL;
errno = 0; errno = 0;
@@ -80,7 +80,7 @@ int verify_int(char *str, intmax_t *p_value)
* *
* \return 0 if success else -1 * \return 0 if success else -1
*/ */
int get_line(FILE *f, char *buf, size_t len) static int get_line(FILE *f, char *buf, size_t len)
{ {
char *ret; char *ret;
int i = 0, str_len = 0, has_string = 0; int i = 0, str_len = 0, has_string = 0;
@@ -485,7 +485,7 @@ static void try_chdir_if_supported(const char *argv0)
* *
* \return Program exit status. * \return Program exit status.
*/ */
int execute_tests(int argc, const char **argv) static int execute_tests(int argc, const char **argv)
{ {
/* Local Configurations and options */ /* Local Configurations and options */
const char *default_filename = "DATA_FILE"; const char *default_filename = "DATA_FILE";

8
tests/suites/main_test.function
View File

@@ -69,7 +69,7 @@ __MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
* *
* \return 0 if exp_id is found. 1 otherwise. * \return 0 if exp_id is found. 1 otherwise.
*/ */
int get_expression(int32_t exp_id, intmax_t *out_value) static int get_expression(int32_t exp_id, intmax_t *out_value)
{ {
int ret = KEY_VALUE_MAPPING_FOUND; int ret = KEY_VALUE_MAPPING_FOUND;
@@ -100,7 +100,7 @@ int get_expression(int32_t exp_id, intmax_t *out_value)
* *
* \return DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED * \return DEPENDENCY_SUPPORTED if set else DEPENDENCY_NOT_SUPPORTED
*/ */
int dep_check(int dep_id) static int dep_check(int dep_id)
{ {
int ret = DEPENDENCY_NOT_SUPPORTED; int ret = DEPENDENCY_NOT_SUPPORTED;
@@ -155,7 +155,7 @@ TestWrapper_t test_funcs[] =
* DISPATCH_TEST_FN_NOT_FOUND if not found * DISPATCH_TEST_FN_NOT_FOUND if not found
* DISPATCH_UNSUPPORTED_SUITE if not compile time enabled. * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
*/ */
int dispatch_test(size_t func_idx, void **params) static int dispatch_test(size_t func_idx, void **params)
{ {
int ret = DISPATCH_TEST_SUCCESS; int ret = DISPATCH_TEST_SUCCESS;
TestWrapper_t fp = NULL; TestWrapper_t fp = NULL;
@@ -193,7 +193,7 @@ int dispatch_test(size_t func_idx, void **params)
* DISPATCH_TEST_FN_NOT_FOUND if not found * DISPATCH_TEST_FN_NOT_FOUND if not found
* DISPATCH_UNSUPPORTED_SUITE if not compile time enabled. * DISPATCH_UNSUPPORTED_SUITE if not compile time enabled.
*/ */
int check_test(size_t func_idx) static int check_test(size_t func_idx)
{ {
int ret = DISPATCH_TEST_SUCCESS; int ret = DISPATCH_TEST_SUCCESS;
TestWrapper_t fp = NULL; TestWrapper_t fp = NULL;

2
tests/suites/test_suite_alignment.function
View File

@@ -10,7 +10,7 @@
/* /*
* Convert a string of the form "abcd" (case-insensitive) to a uint64_t. * Convert a string of the form "abcd" (case-insensitive) to a uint64_t.
*/ */
int parse_hex_string(char *hex_string, uint64_t *result) static int parse_hex_string(char *hex_string, uint64_t *result)
{ {
uint8_t raw[8] = { 0 }; uint8_t raw[8] = { 0 };
size_t olen; size_t olen;

4
tests/suites/test_suite_asn1parse.function
View File

@@ -122,8 +122,8 @@ exit:
return ERR_PARSE_INCONSISTENCY; return ERR_PARSE_INCONSISTENCY;
} }
int get_len_step(const data_t *input, size_t buffer_size, static int get_len_step(const data_t *input, size_t buffer_size,
size_t actual_length) size_t actual_length)
{ {
unsigned char *buf = NULL; unsigned char *buf = NULL;
unsigned char *p = NULL; unsigned char *p = NULL;

6
tests/suites/test_suite_asn1write.function
View File

@@ -12,7 +12,7 @@ typedef struct {
size_t size; size_t size;
} generic_write_data_t; } generic_write_data_t;
int generic_write_start_step(generic_write_data_t *data) static int generic_write_start_step(generic_write_data_t *data)
{ {
mbedtls_test_set_step(data->size); mbedtls_test_set_step(data->size);
mbedtls_free(data->output); mbedtls_free(data->output);
@@ -26,8 +26,8 @@ exit:
return 0; return 0;
} }
int generic_write_finish_step(generic_write_data_t *data, static int generic_write_finish_step(generic_write_data_t *data,
const data_t *expected, int ret) const data_t *expected, int ret)
{ {
int ok = 0; int ok = 0;

8
tests/suites/test_suite_bignum.function
View File

@@ -32,6 +32,7 @@ static int sign_is_valid(const mbedtls_mpi *X)
return 1; return 1;
} }
#if defined(MBEDTLS_GENPRIME)
typedef struct mbedtls_test_mpi_random { typedef struct mbedtls_test_mpi_random {
data_t *data; data_t *data;
size_t pos; size_t pos;
@@ -44,9 +45,9 @@ typedef struct mbedtls_test_mpi_random {
* test) are stored in the data member of the state structure. Each number is in * test) are stored in the data member of the state structure. Each number is in
* the format that mbedtls_mpi_read_string understands and is chunk_len long. * the format that mbedtls_mpi_read_string understands and is chunk_len long.
*/ */
int mbedtls_test_mpi_miller_rabin_determinizer(void *state, static int mbedtls_test_mpi_miller_rabin_determinizer(void *state,
unsigned char *buf, unsigned char *buf,
size_t len) size_t len)
{ {
mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state; mbedtls_test_mpi_random *random = (mbedtls_test_mpi_random *) state;
@@ -73,6 +74,7 @@ int mbedtls_test_mpi_miller_rabin_determinizer(void *state,
return 0; return 0;
} }
#endif /* MBEDTLS_GENPRIME */
/* Random generator that is told how many bytes to return. */ /* Random generator that is told how many bytes to return. */
static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len) static int f_rng_bytes_left(void *state, unsigned char *buf, size_t len)

2
tests/suites/test_suite_cipher.function
View File

@@ -129,7 +129,7 @@ exit:
* return 1 if it is, * return 1 if it is,
* 0 if it isn't. * 0 if it isn't.
*/ */
int buffer_is_all_zero(const uint8_t *buf, size_t size) static int buffer_is_all_zero(const uint8_t *buf, size_t size)
{ {
for (size_t i = 0; i < size; i++) { for (size_t i = 0; i < size; i++) {
if (buf[i] != 0) { if (buf[i] != 0) {

6
tests/suites/test_suite_common.function
View File

@@ -1,7 +1,11 @@
/* BEGIN_HEADER */ /* BEGIN_HEADER */
#include "common.h" #include "common.h"
void fill_arrays(unsigned char *a, unsigned char *b, unsigned char *r1, unsigned char *r2, size_t n) static void fill_arrays(unsigned char *a,
unsigned char *b,
unsigned char *r1,
unsigned char *r2,
size_t n)
{ {
for (size_t i = 0; i < n; i++) { for (size_t i = 0; i < n; i++) {
a[i] = (unsigned char) i * 3; a[i] = (unsigned char) i * 3;

1
tests/suites/test_suite_ctr_drbg.function
View File

@@ -96,6 +96,7 @@ exit:
} }
static const int thread_random_reps = 10; static const int thread_random_reps = 10;
void *thread_random_function(void *ctx); /* only used conditionally in ctr_drbg_threads */
void *thread_random_function(void *ctx) void *thread_random_function(void *ctx)
{ {
unsigned char out[16]; unsigned char out[16];

2
tests/suites/test_suite_debug.function
View File

@@ -9,7 +9,7 @@ struct buffer_data {
char *ptr; char *ptr;
}; };
void string_debug(void *data, int level, const char *file, int line, const char *str) static void string_debug(void *data, int level, const char *file, int line, const char *str)
{ {
struct buffer_data *buffer = (struct buffer_data *) data; struct buffer_data *buffer = (struct buffer_data *) data;
char *p = buffer->ptr; char *p = buffer->ptr;

6
tests/suites/test_suite_dhm.function
View File

@@ -1,9 +1,9 @@
/* BEGIN_HEADER */ /* BEGIN_HEADER */
#include "mbedtls/dhm.h" #include "mbedtls/dhm.h"
int check_get_value(const mbedtls_dhm_context *ctx, static int check_get_value(const mbedtls_dhm_context *ctx,
mbedtls_dhm_parameter param, mbedtls_dhm_parameter param,
const mbedtls_mpi *expected) const mbedtls_mpi *expected)
{ {
mbedtls_mpi actual; mbedtls_mpi actual;
int ok = 0; int ok = 0;

13
tests/suites/test_suite_entropy.function
View File

@@ -60,12 +60,14 @@ static void entropy_clear_sources(mbedtls_entropy_context *ctx)
} }
#if defined(MBEDTLS_ENTROPY_NV_SEED) #if defined(MBEDTLS_ENTROPY_NV_SEED)
#if defined(MBEDTLS_MD_LIGHT) && defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
/* /*
* NV seed read/write functions that use a buffer instead of a file * NV seed read/write functions that use a buffer instead of a file
*/ */
static unsigned char buffer_seed[MBEDTLS_ENTROPY_BLOCK_SIZE]; static unsigned char buffer_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
int buffer_nv_seed_read(unsigned char *buf, size_t buf_len) static int buffer_nv_seed_read(unsigned char *buf, size_t buf_len)
{ {
if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) { if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) {
return -1; return -1;
@@ -75,7 +77,7 @@ int buffer_nv_seed_read(unsigned char *buf, size_t buf_len)
return 0; return 0;
} }
int buffer_nv_seed_write(unsigned char *buf, size_t buf_len) static int buffer_nv_seed_write(unsigned char *buf, size_t buf_len)
{ {
if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) { if (buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE) {
return -1; return -1;
@@ -84,7 +86,9 @@ int buffer_nv_seed_write(unsigned char *buf, size_t buf_len)
memcpy(buffer_seed, buf, MBEDTLS_ENTROPY_BLOCK_SIZE); memcpy(buffer_seed, buf, MBEDTLS_ENTROPY_BLOCK_SIZE);
return 0; return 0;
} }
#endif /* MBEDTLS_MD_LIGHT && MBEDTLS_PLATFORM_NV_SEED_ALT */
#if defined(MBEDTLS_FS_IO)
/* /*
* NV seed read/write helpers that fill the base seedfile * NV seed read/write helpers that fill the base seedfile
*/ */
@@ -111,7 +115,8 @@ static int write_nv_seed(unsigned char *buf, size_t buf_len)
return 0; return 0;
} }
int read_nv_seed(unsigned char *buf, size_t buf_len) #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
static int read_nv_seed(unsigned char *buf, size_t buf_len)
{ {
FILE *f; FILE *f;
@@ -133,6 +138,8 @@ int read_nv_seed(unsigned char *buf, size_t buf_len)
return 0; return 0;
} }
#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
#endif /* MBEDTLS_FS_IO */
#endif /* MBEDTLS_ENTROPY_NV_SEED */ #endif /* MBEDTLS_ENTROPY_NV_SEED */
/* END_HEADER */ /* END_HEADER */

6
tests/suites/test_suite_lmots.function
View File

@@ -2,8 +2,8 @@
#include "lmots.h" #include "lmots.h"
#include "mbedtls/lms.h" #include "mbedtls/lms.h"
#if defined(MBEDTLS_TEST_HOOKS) #if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_LMS_PRIVATE)
int check_lmots_private_key_for_leak(unsigned char *sig) static int check_lmots_private_key_for_leak(unsigned char *sig)
{ {
size_t idx; size_t idx;
@@ -18,7 +18,7 @@ int check_lmots_private_key_for_leak(unsigned char *sig)
exit: exit:
return -1; return -1;
} }
#endif /* defined(MBEDTLS_TEST_HOOKS) */ #endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_LMS_PRIVATE */
/* END_HEADER */ /* END_HEADER */

38
tests/suites/test_suite_pk.function
View File

@@ -221,9 +221,9 @@ exit:
} }
#if defined(MBEDTLS_PSA_CRYPTO_C) #if defined(MBEDTLS_PSA_CRYPTO_C)
psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, static psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len,
psa_key_type_t type, psa_key_usage_t usage, psa_key_type_t type, psa_key_usage_t usage,
psa_algorithm_t alg, mbedtls_svc_key_id_t *key) psa_algorithm_t alg, mbedtls_svc_key_id_t *key)
{ {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status; psa_status_t status;
@@ -320,11 +320,11 @@ exit:
* for volatile keys. * for volatile keys.
* \param[out] key Identifier of the "generated" (actually imported) PSA key. * \param[out] key Identifier of the "generated" (actually imported) PSA key.
*/ */
psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits, static psa_status_t pk_psa_setup(psa_key_type_t type, size_t bits,
psa_key_usage_t usage, psa_algorithm_t alg, psa_key_usage_t usage, psa_algorithm_t alg,
psa_algorithm_t enrollment_alg, psa_algorithm_t enrollment_alg,
mbedtls_svc_key_id_t persistent_key_id, mbedtls_svc_key_id_t persistent_key_id,
mbedtls_svc_key_id_t *key) mbedtls_svc_key_id_t *key)
{ {
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
psa_status_t status = PSA_ERROR_GENERIC_ERROR; psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -467,19 +467,19 @@ exit:
} }
#endif /* MBEDTLS_PSA_CRYPTO_C */ #endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
const unsigned char *input, unsigned char *output, const unsigned char *input, unsigned char *output,
size_t output_max_len) size_t output_max_len)
{ {
return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx,
mbedtls_test_rnd_std_rand, NULL, mbedtls_test_rnd_std_rand, NULL,
olen, input, output, output_max_len); olen, input, output, output_max_len);
} }
int mbedtls_rsa_sign_func(void *ctx, static int mbedtls_rsa_sign_func(void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_md_type_t md_alg, unsigned int hashlen, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig) const unsigned char *hash, unsigned char *sig)
{ {
((void) f_rng); ((void) f_rng);
((void) p_rng); ((void) p_rng);
@@ -487,11 +487,11 @@ int mbedtls_rsa_sign_func(void *ctx,
mbedtls_test_rnd_std_rand, NULL, mbedtls_test_rnd_std_rand, NULL,
md_alg, hashlen, hash, sig); md_alg, hashlen, hash, sig);
} }
size_t mbedtls_rsa_key_len_func(void *ctx) static size_t mbedtls_rsa_key_len_func(void *ctx)
{ {
return ((const mbedtls_rsa_context *) ctx)->len; return ((const mbedtls_rsa_context *) ctx)->len;
} }
#endif /* MBEDTLS_RSA_C */ #endif /* MBEDTLS_RSA_C && MBEDTLS_PK_RSA_ALT_SUPPORT */
typedef enum { typedef enum {
/* The values are compatible with thinking of "from pair" as a boolean. */ /* The values are compatible with thinking of "from pair" as a boolean. */
@@ -618,7 +618,7 @@ exit:
/* Create a copy of a PSA key with same usage and algorithm policy and destroy /* Create a copy of a PSA key with same usage and algorithm policy and destroy
* the original one. */ * the original one. */
mbedtls_svc_key_id_t psa_copy_and_destroy(mbedtls_svc_key_id_t orig_key_id) static mbedtls_svc_key_id_t psa_copy_and_destroy(mbedtls_svc_key_id_t orig_key_id)
{ {
psa_key_attributes_t orig_attr = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t orig_attr = PSA_KEY_ATTRIBUTES_INIT;
psa_key_attributes_t new_attr = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t new_attr = PSA_KEY_ATTRIBUTES_INIT;

2
tests/suites/test_suite_pkcs7.function
View File

@@ -17,7 +17,7 @@
* END_DEPENDENCIES * END_DEPENDENCIES
*/ */
/* BEGIN_SUITE_HELPERS */ /* BEGIN_SUITE_HELPERS */
int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen) static int pkcs7_parse_buffer(unsigned char *pkcs7_buf, int buflen)
{ {
int res; int res;
mbedtls_pkcs7 pkcs7; mbedtls_pkcs7 pkcs7;

2
tests/suites/test_suite_platform.function
View File

@@ -18,7 +18,7 @@
#else #else
#include <unistd.h> #include <unistd.h>
#endif #endif
void sleep_ms(int milliseconds) static void sleep_ms(int milliseconds)
{ {
#if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \ #if defined(_WIN32) || defined(WIN32) || defined(__CYGWIN__) || \
defined(__MINGW32__) || defined(_WIN64) defined(__MINGW32__) || defined(_WIN64)

66
tests/suites/test_suite_psa_crypto.function
View File

@@ -39,28 +39,6 @@
#define ASSERT_OPERATION_IS_ACTIVE(operation) TEST_ASSERT(operation.id != 0) #define ASSERT_OPERATION_IS_ACTIVE(operation) TEST_ASSERT(operation.id != 0)
#define ASSERT_OPERATION_IS_INACTIVE(operation) TEST_ASSERT(operation.id == 0) #define ASSERT_OPERATION_IS_INACTIVE(operation) TEST_ASSERT(operation.id == 0)
#if defined(PSA_WANT_ALG_JPAKE)
int ecjpake_operation_setup(psa_pake_operation_t *operation,
psa_pake_cipher_suite_t *cipher_suite,
psa_pake_role_t role,
mbedtls_svc_key_id_t key,
size_t key_available)
{
PSA_ASSERT(psa_pake_abort(operation));
PSA_ASSERT(psa_pake_setup(operation, cipher_suite));
PSA_ASSERT(psa_pake_set_role(operation, role));
if (key_available) {
PSA_ASSERT(psa_pake_set_password_key(operation, key));
}
return 0;
exit:
return 1;
}
#endif
/** An invalid export length that will never be set by psa_export_key(). */ /** An invalid export length that will never be set by psa_export_key(). */
static const size_t INVALID_EXPORT_LENGTH = ~0U; static const size_t INVALID_EXPORT_LENGTH = ~0U;
@@ -175,12 +153,12 @@ static int construct_fake_rsa_key(unsigned char *buffer,
} }
#endif /* MBEDTLS_ASN1_WRITE_C */ #endif /* MBEDTLS_ASN1_WRITE_C */
int exercise_mac_setup(psa_key_type_t key_type, static int exercise_mac_setup(psa_key_type_t key_type,
const unsigned char *key_bytes, const unsigned char *key_bytes,
size_t key_length, size_t key_length,
psa_algorithm_t alg, psa_algorithm_t alg,
psa_mac_operation_t *operation, psa_mac_operation_t *operation,
psa_status_t *status) psa_status_t *status)
{ {
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -207,12 +185,12 @@ exit:
return 0; return 0;
} }
int exercise_cipher_setup(psa_key_type_t key_type, static int exercise_cipher_setup(psa_key_type_t key_type,
const unsigned char *key_bytes, const unsigned char *key_bytes,
size_t key_length, size_t key_length,
psa_algorithm_t alg, psa_algorithm_t alg,
psa_cipher_operation_t *operation, psa_cipher_operation_t *operation,
psa_status_t *status) psa_status_t *status)
{ {
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -285,14 +263,14 @@ exit:
/* Assert that a key isn't reported as having a slot number. */ /* Assert that a key isn't reported as having a slot number. */
#if defined(MBEDTLS_PSA_CRYPTO_SE_C) #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
#define ASSERT_NO_SLOT_NUMBER(attributes) \ #define ASSERT_NO_SLOT_NUMBER(attributes) \
do \ do \
{ \ { \
psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \ psa_key_slot_number_t ASSERT_NO_SLOT_NUMBER_slot_number; \
TEST_EQUAL(psa_get_key_slot_number( \ TEST_EQUAL(psa_get_key_slot_number( \
attributes, \ attributes, \
&ASSERT_NO_SLOT_NUMBER_slot_number), \ &ASSERT_NO_SLOT_NUMBER_slot_number), \
PSA_ERROR_INVALID_ARGUMENT); \ PSA_ERROR_INVALID_ARGUMENT); \
} \ } \
while (0) while (0)
#else /* MBEDTLS_PSA_CRYPTO_SE_C */ #else /* MBEDTLS_PSA_CRYPTO_SE_C */
#define ASSERT_NO_SLOT_NUMBER(attributes) \ #define ASSERT_NO_SLOT_NUMBER(attributes) \
@@ -1338,6 +1316,7 @@ exit:
#if defined(MBEDTLS_THREADING_PTHREAD) #if defined(MBEDTLS_THREADING_PTHREAD)
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
typedef struct same_key_context { typedef struct same_key_context {
data_t *data; data_t *data;
mbedtls_svc_key_id_t key; mbedtls_svc_key_id_t key;
@@ -1354,7 +1333,7 @@ same_key_context;
/* Attempt to import the key in ctx. This handles any valid error codes /* Attempt to import the key in ctx. This handles any valid error codes
* and reports an error for any invalid codes. This function also insures * and reports an error for any invalid codes. This function also insures
* that once imported by some thread, all threads can use the key. */ * that once imported by some thread, all threads can use the key. */
void *thread_import_key(void *ctx) static void *thread_import_key(void *ctx)
{ {
mbedtls_svc_key_id_t returned_key_id; mbedtls_svc_key_id_t returned_key_id;
same_key_context *skc = (struct same_key_context *) ctx; same_key_context *skc = (struct same_key_context *) ctx;
@@ -1428,7 +1407,7 @@ exit:
return NULL; return NULL;
} }
void *thread_use_and_destroy_key(void *ctx) static void *thread_use_and_destroy_key(void *ctx)
{ {
same_key_context *skc = (struct same_key_context *) ctx; same_key_context *skc = (struct same_key_context *) ctx;
@@ -1456,6 +1435,7 @@ void *thread_use_and_destroy_key(void *ctx)
exit: exit:
return NULL; return NULL;
} }
#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
typedef struct generate_key_context { typedef struct generate_key_context {
psa_key_type_t type; psa_key_type_t type;
@@ -1468,7 +1448,7 @@ typedef struct generate_key_context {
int reps; int reps;
} }
generate_key_context; generate_key_context;
void *thread_generate_key(void *ctx) static void *thread_generate_key(void *ctx)
{ {
mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT; mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT; psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;

30
tests/suites/test_suite_psa_crypto_metadata.function
View File

@@ -80,17 +80,17 @@
* Unconditionally mask flag into the ambient variable * Unconditionally mask flag into the ambient variable
* classification_flags_tested. * classification_flags_tested.
*/ */
#define TEST_CLASSIFICATION_MACRO(cond, flag, alg, flags) \ #define TEST_CLASSIFICATION_MACRO(cond, flag, alg, flags) \
do \ do \
{ \ { \
if (cond) \ if (cond) \
{ \ { \
if ((flags) & (flag)) \ if ((flags) & (flag)) \
TEST_ASSERT(PSA_##flag(alg)); \ TEST_ASSERT(PSA_##flag(alg)); \
else \ else \
TEST_ASSERT(!PSA_##flag(alg)); \ TEST_ASSERT(!PSA_##flag(alg)); \
} \ } \
classification_flags_tested |= (flag); \ classification_flags_tested |= (flag); \
} \ } \
while (0) while (0)
@@ -106,7 +106,7 @@
* The expected parity is even so that 0 is considered a valid encoding. * The expected parity is even so that 0 is considered a valid encoding.
* *
* Return a nonzero value if value has even parity and 0 otherwise. */ * Return a nonzero value if value has even parity and 0 otherwise. */
int has_even_parity(uint32_t value) static int has_even_parity(uint32_t value)
{ {
value ^= value >> 16; value ^= value >> 16;
value ^= value >> 8; value ^= value >> 8;
@@ -116,7 +116,7 @@ int has_even_parity(uint32_t value)
#define TEST_PARITY(value) \ #define TEST_PARITY(value) \
TEST_ASSERT(has_even_parity(value)) TEST_ASSERT(has_even_parity(value))
void algorithm_classification(psa_algorithm_t alg, unsigned flags) static void algorithm_classification(psa_algorithm_t alg, unsigned flags)
{ {
unsigned classification_flags_tested = 0; unsigned classification_flags_tested = 0;
TEST_CLASSIFICATION_MACRO(1, ALG_IS_VENDOR_DEFINED, alg, flags); TEST_CLASSIFICATION_MACRO(1, ALG_IS_VENDOR_DEFINED, alg, flags);
@@ -155,7 +155,7 @@ void algorithm_classification(psa_algorithm_t alg, unsigned flags)
exit:; exit:;
} }
void key_type_classification(psa_key_type_t type, unsigned flags) static void key_type_classification(psa_key_type_t type, unsigned flags)
{ {
unsigned classification_flags_tested = 0; unsigned classification_flags_tested = 0;
@@ -192,9 +192,9 @@ void key_type_classification(psa_key_type_t type, unsigned flags)
exit:; exit:;
} }
void mac_algorithm_core(psa_algorithm_t alg, int classification_flags, static void mac_algorithm_core(psa_algorithm_t alg, int classification_flags,
psa_key_type_t key_type, size_t key_bits, psa_key_type_t key_type, size_t key_bits,
size_t length) size_t length)
{ {
/* Algorithm classification */ /* Algorithm classification */
TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); TEST_ASSERT(!PSA_ALG_IS_HASH(alg));
@@ -218,9 +218,9 @@ void mac_algorithm_core(psa_algorithm_t alg, int classification_flags,
exit:; exit:;
} }
void aead_algorithm_core(psa_algorithm_t alg, int classification_flags, static void aead_algorithm_core(psa_algorithm_t alg, int classification_flags,
psa_key_type_t key_type, size_t key_bits, psa_key_type_t key_type, size_t key_bits,
size_t tag_length) size_t tag_length)
{ {
/* Algorithm classification */ /* Algorithm classification */
TEST_ASSERT(!PSA_ALG_IS_HASH(alg)); TEST_ASSERT(!PSA_ALG_IS_HASH(alg));

8
tests/suites/test_suite_psa_crypto_op_fail.function
View File

@@ -27,11 +27,11 @@ static int test_equal_status(const char *test,
* run, it would be better to clarify the expectations and reconcile the * run, it would be better to clarify the expectations and reconcile the
* library and the test case generator. * library and the test case generator.
*/ */
#define TEST_STATUS(expr1, expr2) \ #define TEST_STATUS(expr1, expr2) \
do { \ do { \
if (!test_equal_status( #expr1 " == " #expr2, __LINE__, __FILE__, \ if (!test_equal_status( #expr1 " == " #expr2, __LINE__, __FILE__, \
expr1, expr2)) \ expr1, expr2)) \
goto exit; \ goto exit; \
} while (0) } while (0)
/* END_HEADER */ /* END_HEADER */

34
tests/suites/test_suite_psa_crypto_pake.function
View File

@@ -71,9 +71,9 @@ static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
* we're corrupting. * we're corrupting.
*/ */
#define DO_ROUND_CONDITIONAL_INJECT(this_stage, buf) \ #define DO_ROUND_CONDITIONAL_INJECT(this_stage, buf) \
if (this_stage == err_stage) \ if (this_stage == err_stage) \
{ \ { \
*(buf + 7) ^= 1; \ *(buf + 7) ^= 1; \
} }
#define DO_ROUND_CONDITIONAL_CHECK_FAILURE(this_stage, function) \ #define DO_ROUND_CONDITIONAL_CHECK_FAILURE(this_stage, function) \
@@ -84,20 +84,20 @@ static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
} }
#define DO_ROUND_UPDATE_OFFSETS(main_buf_offset, step_offset, step_size) \ #define DO_ROUND_UPDATE_OFFSETS(main_buf_offset, step_offset, step_size) \
{ \ { \
step_offset = main_buf_offset; \ step_offset = main_buf_offset; \
main_buf_offset += step_size; \ main_buf_offset += step_size; \
} }
#define DO_ROUND_CHECK_FAILURE() \ #define DO_ROUND_CHECK_FAILURE() \
if (err_stage != ERR_NONE && status != PSA_SUCCESS) \ if (err_stage != ERR_NONE && status != PSA_SUCCESS) \
{ \ { \
TEST_EQUAL(status, expected_error_arg); \ TEST_EQUAL(status, expected_error_arg); \
break; \ break; \
} \ } \
else \ else \
{ \ { \
TEST_EQUAL(status, PSA_SUCCESS); \ TEST_EQUAL(status, PSA_SUCCESS); \
} }
#if defined(PSA_WANT_ALG_JPAKE) #if defined(PSA_WANT_ALG_JPAKE)
@@ -550,15 +550,15 @@ exit:
* - terminated with failure otherwise (either no error was expected at this * - terminated with failure otherwise (either no error was expected at this
* stage or a different error code was expected) * stage or a different error code was expected)
*/ */
#define SETUP_ALWAYS_CHECK_STEP(test_function, this_check_err_stage) \ #define SETUP_ALWAYS_CHECK_STEP(test_function, this_check_err_stage) \
status = test_function; \ status = test_function; \
if (err_stage != this_check_err_stage) \ if (err_stage != this_check_err_stage) \
{ \ { \
PSA_ASSERT(status); \ PSA_ASSERT(status); \
} \ } \
else \ else \
{ \ { \
TEST_EQUAL(status, expected_error); \ TEST_EQUAL(status, expected_error); \
goto exit; \ goto exit; \
} }
@@ -572,10 +572,10 @@ exit:
* The test succeeds if the returned error is exactly the expected one, * The test succeeds if the returned error is exactly the expected one,
* otherwise it fails. * otherwise it fails.
*/ */
#define SETUP_CONDITIONAL_CHECK_STEP(test_function, this_check_err_stage) \ #define SETUP_CONDITIONAL_CHECK_STEP(test_function, this_check_err_stage) \
if (err_stage == this_check_err_stage) \ if (err_stage == this_check_err_stage) \
{ \ { \
TEST_EQUAL(test_function, expected_error); \ TEST_EQUAL(test_function, expected_error); \
goto exit; \ goto exit; \
} }
/* END_HEADER */ /* END_HEADER */

54
tests/suites/test_suite_psa_crypto_se_driver_hal.function
View File

@@ -14,8 +14,8 @@
#endif #endif
/* Same in library/psa_crypto.c */ /* Same in library/psa_crypto.c */
#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ #if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
#define BUILTIN_ALG_ANY_HKDF 1 #define BUILTIN_ALG_ANY_HKDF 1
#endif #endif
@@ -36,11 +36,11 @@
/** The location and lifetime used for tests that use a single driver. */ /** The location and lifetime used for tests that use a single driver. */
#define TEST_DRIVER_LOCATION 1 #define TEST_DRIVER_LOCATION 1
#define TEST_SE_PERSISTENT_LIFETIME \ #define TEST_SE_PERSISTENT_LIFETIME \
(PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION)) PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION))
#define TEST_SE_VOLATILE_LIFETIME \ #define TEST_SE_VOLATILE_LIFETIME \
(PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION)) PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION))
@@ -54,13 +54,13 @@
* *
* Use this macro to assert on guarantees provided by the core. * Use this macro to assert on guarantees provided by the core.
*/ */
#define DRIVER_ASSERT_RETURN(TEST) \ #define DRIVER_ASSERT_RETURN(TEST) \
do { \ do { \
if (!(TEST)) \ if (!(TEST)) \
{ \ { \
mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
return PSA_ERROR_DETECTED_BY_DRIVER; \ return PSA_ERROR_DETECTED_BY_DRIVER; \
} \ } \
} while (0) } while (0)
/** Like #TEST_ASSERT for use in a driver method, with cleanup. /** Like #TEST_ASSERT for use in a driver method, with cleanup.
@@ -70,14 +70,14 @@
* *
* Use this macro to assert on guarantees provided by the core. * Use this macro to assert on guarantees provided by the core.
*/ */
#define DRIVER_ASSERT(TEST) \ #define DRIVER_ASSERT(TEST) \
do { \ do { \
if (!(TEST)) \ if (!(TEST)) \
{ \ { \
mbedtls_test_fail( #TEST, __LINE__, __FILE__); \ mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
status = PSA_ERROR_DETECTED_BY_DRIVER; \ status = PSA_ERROR_DETECTED_BY_DRIVER; \
goto exit; \ goto exit; \
} \ } \
} while (0) } while (0)
/** Like #PSA_ASSERT for a PSA API call that calls a driver underneath. /** Like #PSA_ASSERT for a PSA API call that calls a driver underneath.
@@ -91,16 +91,16 @@
* case, the test driver code is expected to have called mbedtls_test_fail() * case, the test driver code is expected to have called mbedtls_test_fail()
* already, so we make sure not to overwrite the failure information. * already, so we make sure not to overwrite the failure information.
*/ */
#define PSA_ASSERT_VIA_DRIVER(expr, expected_status) \ #define PSA_ASSERT_VIA_DRIVER(expr, expected_status) \
do { \ do { \
psa_status_t PSA_ASSERT_VIA_DRIVER_status = (expr); \ psa_status_t PSA_ASSERT_VIA_DRIVER_status = (expr); \
if (PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER) \ if (PSA_ASSERT_VIA_DRIVER_status == PSA_ERROR_DETECTED_BY_DRIVER) \
goto exit; \ goto exit; \
if (PSA_ASSERT_VIA_DRIVER_status != (expected_status)) \ if (PSA_ASSERT_VIA_DRIVER_status != (expected_status)) \
{ \ { \
mbedtls_test_fail( #expr, __LINE__, __FILE__); \ mbedtls_test_fail( #expr, __LINE__, __FILE__); \
goto exit; \ goto exit; \
} \ } \
} while (0) } while (0)
@@ -599,7 +599,7 @@ exit:
* If this changes, the storage format version must change. * If this changes, the storage format version must change.
* See psa_get_se_driver_its_file_uid() in psa_crypto_se.c. * See psa_get_se_driver_its_file_uid() in psa_crypto_se.c.
*/ */
psa_storage_uid_t file_uid_for_location(psa_key_location_t location) static psa_storage_uid_t file_uid_for_location(psa_key_location_t location)
{ {
if (location > PSA_MAX_SE_LOCATION) { if (location > PSA_MAX_SE_LOCATION) {
return 0; return 0;

68
tests/suites/test_suite_psa_crypto_se_driver_hal_mocks.function
View File

@@ -6,7 +6,7 @@
/** The location and lifetime used for tests that use a single driver. */ /** The location and lifetime used for tests that use a single driver. */
#define TEST_DRIVER_LOCATION 1 #define TEST_DRIVER_LOCATION 1
#define TEST_SE_PERSISTENT_LIFETIME \ #define TEST_SE_PERSISTENT_LIFETIME \
(PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \ (PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION)) PSA_KEY_PERSISTENCE_DEFAULT, TEST_DRIVER_LOCATION))
@@ -162,11 +162,11 @@ static psa_status_t mock_import(psa_drv_se_context_t *drv_context,
return mock_import_data.return_value; return mock_import_data.return_value;
} }
psa_status_t mock_export(psa_drv_se_context_t *context, static psa_status_t mock_export(psa_drv_se_context_t *context,
psa_key_slot_number_t slot_number, psa_key_slot_number_t slot_number,
uint8_t *p_data, uint8_t *p_data,
size_t data_size, size_t data_size,
size_t *p_data_length) size_t *p_data_length)
{ {
(void) context; (void) context;
(void) p_data; (void) p_data;
@@ -179,11 +179,11 @@ psa_status_t mock_export(psa_drv_se_context_t *context,
return mock_export_data.return_value; return mock_export_data.return_value;
} }
psa_status_t mock_export_public(psa_drv_se_context_t *context, static psa_status_t mock_export_public(psa_drv_se_context_t *context,
psa_key_slot_number_t slot_number, psa_key_slot_number_t slot_number,
uint8_t *p_data, uint8_t *p_data,
size_t data_size, size_t data_size,
size_t *p_data_length) size_t *p_data_length)
{ {
(void) context; (void) context;
(void) p_data; (void) p_data;
@@ -196,14 +196,14 @@ psa_status_t mock_export_public(psa_drv_se_context_t *context,
return mock_export_public_data.return_value; return mock_export_public_data.return_value;
} }
psa_status_t mock_sign(psa_drv_se_context_t *context, static psa_status_t mock_sign(psa_drv_se_context_t *context,
psa_key_slot_number_t key_slot, psa_key_slot_number_t key_slot,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *p_hash, const uint8_t *p_hash,
size_t hash_length, size_t hash_length,
uint8_t *p_signature, uint8_t *p_signature,
size_t signature_size, size_t signature_size,
size_t *p_signature_length) size_t *p_signature_length)
{ {
(void) context; (void) context;
(void) p_hash; (void) p_hash;
@@ -219,13 +219,13 @@ psa_status_t mock_sign(psa_drv_se_context_t *context,
return mock_sign_data.return_value; return mock_sign_data.return_value;
} }
psa_status_t mock_verify(psa_drv_se_context_t *context, static psa_status_t mock_verify(psa_drv_se_context_t *context,
psa_key_slot_number_t key_slot, psa_key_slot_number_t key_slot,
psa_algorithm_t alg, psa_algorithm_t alg,
const uint8_t *p_hash, const uint8_t *p_hash,
size_t hash_length, size_t hash_length,
const uint8_t *p_signature, const uint8_t *p_signature,
size_t signature_length) size_t signature_length)
{ {
(void) context; (void) context;
(void) p_hash; (void) p_hash;
@@ -240,11 +240,11 @@ psa_status_t mock_verify(psa_drv_se_context_t *context,
return mock_verify_data.return_value; return mock_verify_data.return_value;
} }
psa_status_t mock_allocate(psa_drv_se_context_t *drv_context, static psa_status_t mock_allocate(psa_drv_se_context_t *drv_context,
void *persistent_data, void *persistent_data,
const psa_key_attributes_t *attributes, const psa_key_attributes_t *attributes,
psa_key_creation_method_t method, psa_key_creation_method_t method,
psa_key_slot_number_t *key_slot) psa_key_slot_number_t *key_slot)
{ {
(void) drv_context; (void) drv_context;
(void) persistent_data; (void) persistent_data;
@@ -258,9 +258,9 @@ psa_status_t mock_allocate(psa_drv_se_context_t *drv_context,
return mock_allocate_data.return_value; return mock_allocate_data.return_value;
} }
psa_status_t mock_destroy(psa_drv_se_context_t *context, static psa_status_t mock_destroy(psa_drv_se_context_t *context,
void *persistent_data, void *persistent_data,
psa_key_slot_number_t slot_number) psa_key_slot_number_t slot_number)
{ {
(void) context; (void) context;
(void) persistent_data; (void) persistent_data;

10
tests/suites/test_suite_psa_its.function
View File

@@ -19,11 +19,11 @@
#define PSA_ITS_STORAGE_PREFIX "" #define PSA_ITS_STORAGE_PREFIX ""
#define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx" #define PSA_ITS_STORAGE_FILENAME_PATTERN "%08lx%08lx"
#define PSA_ITS_STORAGE_SUFFIX ".psa_its" #define PSA_ITS_STORAGE_SUFFIX ".psa_its"
#define PSA_ITS_STORAGE_FILENAME_LENGTH \ #define PSA_ITS_STORAGE_FILENAME_LENGTH \
(sizeof(PSA_ITS_STORAGE_PREFIX) - 1 + /*prefix without terminating 0*/ \ (sizeof(PSA_ITS_STORAGE_PREFIX) - 1 + /*prefix without terminating 0*/ \
16 + /*UID (64-bit number in hex)*/ \ 16 + /*UID (64-bit number in hex)*/ \
16 + /*UID (64-bit number in hex)*/ \ 16 + /*UID (64-bit number in hex)*/ \
sizeof(PSA_ITS_STORAGE_SUFFIX) - 1 + /*suffix without terminating 0*/ \ sizeof(PSA_ITS_STORAGE_SUFFIX) - 1 + /*suffix without terminating 0*/ \
1 /*terminating null byte*/) 1 /*terminating null byte*/)
#define PSA_ITS_STORAGE_TEMP \ #define PSA_ITS_STORAGE_TEMP \
PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX PSA_ITS_STORAGE_PREFIX "tempfile" PSA_ITS_STORAGE_SUFFIX

16
tests/suites/test_suite_ssl.function
View File

@@ -1623,11 +1623,11 @@ void ssl_tls13_derive_secret(int hash_alg,
unsigned char const *lbl = NULL; unsigned char const *lbl = NULL;
size_t lbl_len; size_t lbl_len;
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \ #define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
if (label_idx == (int) tls13_label_ ## name) \ if (label_idx == (int) tls13_label_ ## name) \
{ \ { \
lbl = mbedtls_ssl_tls13_labels.name; \ lbl = mbedtls_ssl_tls13_labels.name; \
lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \ lbl_len = sizeof(mbedtls_ssl_tls13_labels.name); \
} }
MBEDTLS_SSL_TLS1_3_LABEL_LIST MBEDTLS_SSL_TLS1_3_LABEL_LIST
#undef MBEDTLS_SSL_TLS1_3_LABEL #undef MBEDTLS_SSL_TLS1_3_LABEL
@@ -1667,7 +1667,7 @@ void ssl_tls13_derive_early_secrets(int hash_alg,
/* Double-check that we've passed sane parameters. */ /* Double-check that we've passed sane parameters. */
psa_algorithm_t alg = (psa_algorithm_t) hash_alg; psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
size_t const hash_len = PSA_HASH_LENGTH(alg); size_t const hash_len = PSA_HASH_LENGTH(alg);
TEST_ASSERT(PSA_ALG_IS_HASH(alg) && TEST_ASSERT(PSA_ALG_IS_HASH(alg) &&
secret->len == hash_len && secret->len == hash_len &&
transcript->len == hash_len && transcript->len == hash_len &&
traffic_expected->len == hash_len && traffic_expected->len == hash_len &&
@@ -1701,7 +1701,7 @@ void ssl_tls13_derive_handshake_secrets(int hash_alg,
/* Double-check that we've passed sane parameters. */ /* Double-check that we've passed sane parameters. */
psa_algorithm_t alg = (psa_algorithm_t) hash_alg; psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
size_t const hash_len = PSA_HASH_LENGTH(alg); size_t const hash_len = PSA_HASH_LENGTH(alg);
TEST_ASSERT(PSA_ALG_IS_HASH(alg) && TEST_ASSERT(PSA_ALG_IS_HASH(alg) &&
secret->len == hash_len && secret->len == hash_len &&
transcript->len == hash_len && transcript->len == hash_len &&
client_expected->len == hash_len && client_expected->len == hash_len &&
@@ -1736,7 +1736,7 @@ void ssl_tls13_derive_application_secrets(int hash_alg,
/* Double-check that we've passed sane parameters. */ /* Double-check that we've passed sane parameters. */
psa_algorithm_t alg = (psa_algorithm_t) hash_alg; psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
size_t const hash_len = PSA_HASH_LENGTH(alg); size_t const hash_len = PSA_HASH_LENGTH(alg);
TEST_ASSERT(PSA_ALG_IS_HASH(alg) && TEST_ASSERT(PSA_ALG_IS_HASH(alg) &&
secret->len == hash_len && secret->len == hash_len &&
transcript->len == hash_len && transcript->len == hash_len &&
client_expected->len == hash_len && client_expected->len == hash_len &&
@@ -1772,7 +1772,7 @@ void ssl_tls13_derive_resumption_secrets(int hash_alg,
/* Double-check that we've passed sane parameters. */ /* Double-check that we've passed sane parameters. */
psa_algorithm_t alg = (psa_algorithm_t) hash_alg; psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
size_t const hash_len = PSA_HASH_LENGTH(alg); size_t const hash_len = PSA_HASH_LENGTH(alg);
TEST_ASSERT(PSA_ALG_IS_HASH(alg) && TEST_ASSERT(PSA_ALG_IS_HASH(alg) &&
secret->len == hash_len && secret->len == hash_len &&
transcript->len == hash_len && transcript->len == hash_len &&
resumption_expected->len == hash_len); resumption_expected->len == hash_len);
@@ -1803,7 +1803,7 @@ void ssl_tls13_create_psk_binder(int hash_alg,
/* Double-check that we've passed sane parameters. */ /* Double-check that we've passed sane parameters. */
psa_algorithm_t alg = (psa_algorithm_t) hash_alg; psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
size_t const hash_len = PSA_HASH_LENGTH(alg); size_t const hash_len = PSA_HASH_LENGTH(alg);
TEST_ASSERT(PSA_ALG_IS_HASH(alg) && TEST_ASSERT(PSA_ALG_IS_HASH(alg) &&
transcript->len == hash_len && transcript->len == hash_len &&
binder_expected->len == hash_len); binder_expected->len == hash_len);

61
tests/suites/test_suite_x509parse.function
View File

@@ -60,7 +60,10 @@ const mbedtls_x509_crt_profile profile_sha512 =
1024, 1024,
}; };
int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) #if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_FS_IO)
static int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
{ {
((void) data); ((void) data);
((void) crt); ((void) crt);
@@ -70,7 +73,7 @@ int verify_none(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32
return 0; return 0;
} }
int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) static int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
{ {
((void) data); ((void) data);
((void) crt); ((void) crt);
@@ -80,8 +83,10 @@ int verify_all(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_
return 0; return 0;
} }
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK) #if defined(MBEDTLS_X509_CRL_PARSE_C) && \
int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt **candidates) defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
static int ca_callback_fail(void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates)
{ {
((void) data); ((void) data);
((void) child); ((void) child);
@@ -89,9 +94,9 @@ int ca_callback_fail(void *data, mbedtls_x509_crt const *child, mbedtls_x509_crt
return -1; return -1;
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C)
int ca_callback(void *data, mbedtls_x509_crt const *child, static int ca_callback(void *data, mbedtls_x509_crt const *child,
mbedtls_x509_crt **candidates) mbedtls_x509_crt **candidates)
{ {
int ret = 0; int ret = 0;
mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data; mbedtls_x509_crt *ca = (mbedtls_x509_crt *) data;
@@ -138,10 +143,9 @@ exit:
*candidates = first; *candidates = first;
return ret; return ret;
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRL_PARSE_C && MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) static int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
{ {
int *levels = (int *) data; int *levels = (int *) data;
@@ -158,7 +162,7 @@ int verify_fatal(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint3
} }
/* strsep() not available on Windows */ /* strsep() not available on Windows */
char *mystrsep(char **stringp, const char *delim) static char *mystrsep(char **stringp, const char *delim)
{ {
const char *p; const char *p;
char *ret = *stringp; char *ret = *stringp;
@@ -186,19 +190,18 @@ done:
return ret; return ret;
} }
#if defined(MBEDTLS_X509_CRT_PARSE_C)
typedef struct { typedef struct {
char buf[512]; char buf[512];
char *p; char *p;
} verify_print_context; } verify_print_context;
void verify_print_init(verify_print_context *ctx) static void verify_print_init(verify_print_context *ctx)
{ {
memset(ctx, 0, sizeof(verify_print_context)); memset(ctx, 0, sizeof(verify_print_context));
ctx->p = ctx->buf; ctx->p = ctx->buf;
} }
int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags) static int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint32_t *flags)
{ {
int ret; int ret;
verify_print_context *ctx = (verify_print_context *) data; verify_print_context *ctx = (verify_print_context *) data;
@@ -226,8 +229,8 @@ int verify_print(void *data, mbedtls_x509_crt *crt, int certificate_depth, uint3
return 0; return 0;
} }
int verify_parse_san(mbedtls_x509_subject_alternative_name *san, static int verify_parse_san(mbedtls_x509_subject_alternative_name *san,
char **buf, size_t *size) char **buf, size_t *size)
{ {
int ret; int ret;
size_t i; size_t i;
@@ -316,9 +319,10 @@ int verify_parse_san(mbedtls_x509_subject_alternative_name *san,
return 0; return 0;
} }
#endif /* MBEDTLS_FS_IO */
int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid, static int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf const *oid,
int critical, const unsigned char *cp, const unsigned char *end) int critical, const unsigned char *cp, const unsigned char *end)
{ {
(void) crt; (void) crt;
(void) critical; (void) critical;
@@ -416,9 +420,14 @@ int parse_crt_ext_cb(void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_X509_CSR_PARSE_C) #if defined(MBEDTLS_X509_CSR_PARSE_C) && \
int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, !defined(MBEDTLS_X509_REMOVE_INFO)
int critical, const unsigned char *cp, const unsigned char *end) static int parse_csr_ext_accept_cb(void *p_ctx,
mbedtls_x509_csr const *csr,
mbedtls_x509_buf const *oid,
int critical,
const unsigned char *cp,
const unsigned char *end)
{ {
(void) p_ctx; (void) p_ctx;
(void) csr; (void) csr;
@@ -430,8 +439,12 @@ int parse_csr_ext_accept_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x5
return 0; return 0;
} }
int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x509_buf const *oid, static int parse_csr_ext_reject_cb(void *p_ctx,
int critical, const unsigned char *cp, const unsigned char *end) mbedtls_x509_csr const *csr,
mbedtls_x509_buf const *oid,
int critical,
const unsigned char *cp,
const unsigned char *end)
{ {
(void) p_ctx; (void) p_ctx;
(void) csr; (void) csr;
@@ -443,7 +456,7 @@ int parse_csr_ext_reject_cb(void *p_ctx, mbedtls_x509_csr const *csr, mbedtls_x5
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG);
} }
#endif /* MBEDTLS_X509_CSR_PARSE_C */ #endif /* MBEDTLS_X509_CSR_PARSE_C && !MBEDTLS_X509_REMOVE_INFO */
/* END_HEADER */ /* END_HEADER */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ /* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */

24
tests/suites/test_suite_x509write.function
View File

@@ -10,27 +10,31 @@
#include "mbedtls/pk.h" #include "mbedtls/pk.h"
#include "mbedtls/psa_util.h" #include "mbedtls/psa_util.h"
#if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_PEM_WRITE_C) && \
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, defined(MBEDTLS_X509_CRT_WRITE_C) && \
const unsigned char *input, unsigned char *output, defined(MBEDTLS_X509_CRT_PARSE_C) && \
size_t output_max_len) defined(MBEDTLS_MD_CAN_SHA1) && \
defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
const unsigned char *input, unsigned char *output,
size_t output_max_len)
{ {
return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL, return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL,
olen, input, output, output_max_len); olen, input, output, output_max_len);
} }
int mbedtls_rsa_sign_func(void *ctx, static int mbedtls_rsa_sign_func(void *ctx,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
mbedtls_md_type_t md_alg, unsigned int hashlen, mbedtls_md_type_t md_alg, unsigned int hashlen,
const unsigned char *hash, unsigned char *sig) const unsigned char *hash, unsigned char *sig)
{ {
return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng, return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx, f_rng, p_rng,
md_alg, hashlen, hash, sig); md_alg, hashlen, hash, sig);
} }
size_t mbedtls_rsa_key_len_func(void *ctx) static size_t mbedtls_rsa_key_len_func(void *ctx)
{ {
return ((const mbedtls_rsa_context *) ctx)->len; return ((const mbedtls_rsa_context *) ctx)->len;
} }
#endif /* MBEDTLS_RSA_C */ #endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) && \ #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C) defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)