Merge branch 'development' into driver-wrapper-key-agreement

This commit is contained in:
Aditya Deshpande 2022-11-22 17:55:53 +00:00
commit 8cc1470c18
19 changed files with 191 additions and 112 deletions

View file

@ -0,0 +1,5 @@
Bugfix
* Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
bytes when parsing certificates containing a binary RFC 4108
HardwareModuleName as a Subject Alternative Name extension. Hardware
serial numbers are now rendered in hex format. Fixes #6262.

View file

@ -758,11 +758,11 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
* *
* \param Q The destination MPI for the quotient. * \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the * This may be \c NULL if the value of the
* quotient is not needed. * quotient is not needed. This must not alias A or B.
* \param R The destination MPI for the remainder value. * \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the * This may be \c NULL if the value of the
* remainder is not needed. * remainder is not needed. This must not alias A or B.
* \param A The dividend. This must point to an initialized MPi. * \param A The dividend. This must point to an initialized MPI.
* \param B The divisor. This must point to an initialized MPI. * \param B The divisor. This must point to an initialized MPI.
* *
* \return \c 0 if successful. * \return \c 0 if successful.
@ -779,10 +779,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
* *
* \param Q The destination MPI for the quotient. * \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the * This may be \c NULL if the value of the
* quotient is not needed. * quotient is not needed. This must not alias A.
* \param R The destination MPI for the remainder value. * \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the * This may be \c NULL if the value of the
* remainder is not needed. * remainder is not needed. This must not alias A.
* \param A The dividend. This must point to an initialized MPi. * \param A The dividend. This must point to an initialized MPi.
* \param b The divisor. * \param b The divisor.
* *
@ -837,6 +837,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
* \brief Perform a sliding-window exponentiation: X = A^E mod N * \brief Perform a sliding-window exponentiation: X = A^E mod N
* *
* \param X The destination MPI. This must point to an initialized MPI. * \param X The destination MPI. This must point to an initialized MPI.
* This must not alias E or N.
* \param A The base of the exponentiation. * \param A The base of the exponentiation.
* This must point to an initialized MPI. * This must point to an initialized MPI.
* \param E The exponent MPI. This must point to an initialized MPI. * \param E The exponent MPI. This must point to an initialized MPI.

View file

@ -30,6 +30,7 @@
#include <stdint.h> #include <stdint.h>
#include <stddef.h> #include <stddef.h>
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h" #include "mbedtls/build_info.h"
#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */ #define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */

View file

@ -138,6 +138,7 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
* \param B The right-hand MPI. This must point to an array of limbs * \param B The right-hand MPI. This must point to an array of limbs
* with the same allocated length as \p A. * with the same allocated length as \p A.
* \param limbs The number of limbs in \p A and \p B. * \param limbs The number of limbs in \p A and \p B.
* This must not be 0.
* *
* \return The result of the comparison: * \return The result of the comparison:
* \c 1 if \p A is less than \p B. * \c 1 if \p A is less than \p B.

View file

@ -1797,8 +1797,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL ) if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
"or mbedtls_ssl_set_bio()" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }
@ -2013,8 +2012,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
if( ssl->f_send == NULL ) if( ssl->f_send == NULL )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
"or mbedtls_ssl_set_bio()" ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
} }

View file

@ -1837,6 +1837,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
const char *prefix ) const char *prefix )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
size_t n = *size; size_t n = *size;
char *p = *buf; char *p = *buf;
const mbedtls_x509_sequence *cur = subject_alt_name; const mbedtls_x509_sequence *cur = subject_alt_name;
@ -1889,18 +1890,11 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix ); ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF; MBEDTLS_X509_SAFE_SNPRINTF;
if( other_name->value.hardware_module_name.val.len >= n ) for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
{ {
*p = '\0'; ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); MBEDTLS_X509_SAFE_SNPRINTF;
} }
memcpy( p, other_name->value.hardware_module_name.val.p,
other_name->value.hardware_module_name.val.len );
p += other_name->value.hardware_module_name.val.len;
n -= other_name->value.hardware_module_name.val.len;
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */ }/* MBEDTLS_OID_ON_HW_MODULE_NAME */
} }
break; break;

View file

@ -376,6 +376,8 @@ int main( void )
" a second non-empty message before attempting\n" \ " a second non-empty message before attempting\n" \
" to read a response from the server\n" \ " to read a response from the server\n" \
" debug_level=%%d default: 0 (disabled)\n" \ " debug_level=%%d default: 0 (disabled)\n" \
" build_version=%%d default: none (disabled)\n" \
" option: 1 (print build version only and stop)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \ " options: 1 (non-blocking), 2 (added delays)\n" \
" event=%%d default: 0 (loop)\n" \ " event=%%d default: 0 (loop)\n" \
@ -981,6 +983,16 @@ int main( int argc, char *argv[] )
if( opt.debug_level < 0 || opt.debug_level > 65535 ) if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage; goto usage;
} }
else if( strcmp( p, "build_version" ) == 0 )
{
if( strcmp( q, "1" ) == 0 )
{
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL,
MBEDTLS_VERSION_NUMBER );
goto exit;
}
}
else if( strcmp( p, "context_crt_cb" ) == 0 ) else if( strcmp( p, "context_crt_cb" ) == 0 )
{ {
opt.context_crt_cb = atoi( q ); opt.context_crt_cb = atoi( q );
@ -1691,6 +1703,9 @@ int main( int argc, char *argv[] )
} }
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
/* /*
* 0. Initialize the RNG and the session data * 0. Initialize the RNG and the session data
*/ */

View file

@ -488,6 +488,8 @@ int main( void )
" server_addr=%%s default: (all interfaces)\n" \ " server_addr=%%s default: (all interfaces)\n" \
" server_port=%%d default: 4433\n" \ " server_port=%%d default: 4433\n" \
" debug_level=%%d default: 0 (disabled)\n" \ " debug_level=%%d default: 0 (disabled)\n" \
" build_version=%%d default: none (disabled)\n" \
" option: 1 (print build version only and stop)\n" \
" buffer_size=%%d default: 200 \n" \ " buffer_size=%%d default: 200 \n" \
" (minimum: 1)\n" \ " (minimum: 1)\n" \
" response_size=%%d default: about 152 (basic response)\n" \ " response_size=%%d default: about 152 (basic response)\n" \
@ -1743,6 +1745,16 @@ int main( int argc, char *argv[] )
if( opt.debug_level < 0 || opt.debug_level > 65535 ) if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage; goto usage;
} }
else if( strcmp( p, "build_version" ) == 0 )
{
if( strcmp( q, "1" ) == 0 )
{
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL,
MBEDTLS_VERSION_NUMBER );
goto exit;
}
}
else if( strcmp( p, "nbio" ) == 0 ) else if( strcmp( p, "nbio" ) == 0 )
{ {
opt.nbio = atoi( q ); opt.nbio = atoi( q );
@ -2572,6 +2584,9 @@ int main( int argc, char *argv[] )
} }
#endif /* MBEDTLS_SSL_ALPN */ #endif /* MBEDTLS_SSL_ALPN */
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
/* /*
* 0. Initialize the RNG and the session data * 0. Initialize the RNG and the session data
*/ */

View file

@ -276,6 +276,9 @@ all_final += server5-ss-forgeca.crt
server5-othername.crt: server5.key server5-othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
server5-nonprintable_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
server5-unsupported_othername.crt: server5.key server5-unsupported_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@ $(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@

View file

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G
A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg
b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x
CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU
TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF
BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC
IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT
3vnWdvcHRIAdXA0kh+mcBMaXk9B0
-----END CERTIFICATE-----

View file

@ -15,6 +15,9 @@ basicConstraints = CA:true
[othername_san] [othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
[nonprintable_othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
[unsupoported_othername_san] [unsupoported_othername_san]
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
@ -34,6 +37,10 @@ subjectAltName=@alt_names
hwtype = OID:1.3.6.1.4.1.17.3 hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456 hwserial = OCT:123456
[nonprintable_hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = FORMAT:HEX, OCT:3132338081008180333231
[v3_any_policy_ca] [v3_any_policy_ca]
basicConstraints = CA:true basicConstraints = CA:true
certificatePolicies = 2.5.29.32.0 certificatePolicies = 2.5.29.32.0

View file

@ -126,9 +126,11 @@ code that is generated or read from helpers and platform files.
This script replaces following fields in the template and generates This script replaces following fields in the template and generates
the test source file: the test source file:
$test_common_helpers <-- All common code from helpers.function __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
All common code from helpers.function
is substituted here. is substituted here.
$functions_code <-- Test functions are substituted here __MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
Test functions are substituted here
from the input test_suit_xyz.function from the input test_suit_xyz.function
file. C preprocessor checks are generated file. C preprocessor checks are generated
for the build dependencies specified for the build dependencies specified
@ -137,21 +139,25 @@ $functions_code <-- Test functions are substituted here
functions with code to expand the functions with code to expand the
string parameters read from the data string parameters read from the data
file. file.
$expression_code <-- This script enumerates the __MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
This script enumerates the
expressions in the .data file and expressions in the .data file and
generates code to handle enumerated generates code to handle enumerated
expression Ids and return the values. expression Ids and return the values.
$dep_check_code <-- This script enumerates all __MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
This script enumerates all
build dependencies and generate build dependencies and generate
code to handle enumerated build code to handle enumerated build
dependency Id and return status: if dependency Id and return status: if
the dependency is defined or not. the dependency is defined or not.
$dispatch_code <-- This script enumerates the functions __MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
This script enumerates the functions
specified in the input test data file specified in the input test data file
and generates the initializer for the and generates the initializer for the
function table in the template function table in the template
file. file.
$platform_code <-- Platform specific setup and test __MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
Platform specific setup and test
dispatch code. dispatch code.
""" """
@ -974,11 +980,27 @@ def write_test_source_file(template_file, c_file, snippets):
:param snippets: Generated and code snippets :param snippets: Generated and code snippets
:return: :return:
""" """
# Create a placeholder pattern with the correct named capture groups
# to override the default provided with Template.
# Match nothing (no way of escaping placeholders).
escaped = "(?P<escaped>(?!))"
# Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern.
named = "__MBEDTLS_TEST_TEMPLATE__(?P<named>[A-Z][_A-Z0-9]*)"
# Match nothing (no braced placeholder syntax).
braced = "(?P<braced>(?!))"
# If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid.
invalid = "(?P<invalid>__MBEDTLS_TEST_TEMPLATE__)"
placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid]))
with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f: with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
for line_no, line in enumerate(template_f.readlines(), 1): for line_no, line in enumerate(template_f.readlines(), 1):
# Update line number. +1 as #line directive sets next line number # Update line number. +1 as #line directive sets next line number
snippets['line_no'] = line_no + 1 snippets['line_no'] = line_no + 1
code = string.Template(line).substitute(**snippets) template = string.Template(line)
template.pattern = placeholder_pattern
snippets = {k.upper():v for (k, v) in snippets.items()}
code = template.substitute(**snippets)
c_f.write(code) c_f.write(code)

View file

@ -50,11 +50,13 @@ GetOptions(
'verbose|v:1' => \$verbose, 'verbose|v:1' => \$verbose,
) or die; ) or die;
# All test suites = executable files, excluding source files, debug # All test suites = executable files derived from a .data file.
# and profiling information, etc. We can't just grep {! /\./} because my @suites = ();
# some of our test cases' base names contain a dot. for my $data_file (glob 'suites/test_suite_*.data') {
my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*'; (my $base = $data_file) =~ s#^suites/(.*)\.data$#$1#;
@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites; push @suites, $base if -x $base;
push @suites, "$base.exe" if -e "$base.exe";
}
die "$0: no test suite found\n" unless @suites; die "$0: no test suite found\n" unless @suites;
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar" # "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"

View file

@ -357,8 +357,12 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs,
size_t hex_len = strlen( input ); size_t hex_len = strlen( input );
size_t byte_len = ( hex_len + 1 ) / 2; size_t byte_len = ( hex_len + 1 ) / 2;
*plimbs = CHARS_TO_LIMBS( byte_len ); *plimbs = CHARS_TO_LIMBS( byte_len );
/* A core bignum is not allowed to be empty. Forbid it as test data,
* this way static analyzers have a chance of knowing we don't expect
* the bignum functions to support empty inputs. */
if( *plimbs == 0 ) if( *plimbs == 0 )
return( 0 ); return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
*pX = mbedtls_calloc( *plimbs, sizeof( **pX ) ); *pX = mbedtls_calloc( *plimbs, sizeof( **pX ) );
if( *pX == NULL ) if( *pX == NULL )

View file

@ -3,17 +3,17 @@
* *** THIS FILE HAS BEEN MACHINE GENERATED *** * *** THIS FILE HAS BEEN MACHINE GENERATED ***
* *
* This file has been machine generated using the script: * This file has been machine generated using the script:
* $generator_script * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
* *
* Test file : $test_file * Test file : __MBEDTLS_TEST_TEMPLATE__TEST_FILE
* *
* The following files were used to create this file. * The following files were used to create this file.
* *
* Main code file : $test_main_file * Main code file : __MBEDTLS_TEST_TEMPLATE__TEST_MAIN_FILE
* Platform code file : $test_platform_file * Platform code file : __MBEDTLS_TEST_TEMPLATE__TEST_PLATFORM_FILE
* Helper file : $test_common_helper_file * Helper file : __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPER_FILE
* Test suite file : $test_case_file * Test suite file : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_FILE
* Test suite data : $test_case_data_file * Test suite data : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_DATA_FILE
* *
*/ */
@ -37,9 +37,9 @@
/*----------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------*/
/* Common helper code */ /* Common helper code */
$test_common_helpers __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
#line $line_no "suites/main_test.function" #line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------*/
@ -48,9 +48,9 @@ $test_common_helpers
#define TEST_SUITE_ACTIVE #define TEST_SUITE_ACTIVE
$functions_code __MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
#line $line_no "suites/main_test.function" #line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------*/
@ -62,7 +62,7 @@ $functions_code
* For optimizing space for embedded targets each expression/macro * For optimizing space for embedded targets each expression/macro
* is identified by a unique identifier instead of string literals. * is identified by a unique identifier instead of string literals.
* Identifiers and evaluation code is generated by script: * Identifiers and evaluation code is generated by script:
* $generator_script * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
* *
* \param exp_id Expression identifier. * \param exp_id Expression identifier.
* \param out_value Pointer to int to hold the integer. * \param out_value Pointer to int to hold the integer.
@ -78,8 +78,8 @@ int get_expression( int32_t exp_id, int32_t * out_value )
switch( exp_id ) switch( exp_id )
{ {
$expression_code __MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
#line $line_no "suites/main_test.function" #line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default: default:
{ {
ret = KEY_VALUE_MAPPING_NOT_FOUND; ret = KEY_VALUE_MAPPING_NOT_FOUND;
@ -95,7 +95,7 @@ $expression_code
* For optimizing space for embedded targets each dependency * For optimizing space for embedded targets each dependency
* is identified by a unique identifier instead of string literals. * is identified by a unique identifier instead of string literals.
* Identifiers and check code is generated by script: * Identifiers and check code is generated by script:
* $generator_script * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
* *
* \param dep_id Dependency identifier. * \param dep_id Dependency identifier.
* *
@ -109,8 +109,8 @@ int dep_check( int dep_id )
switch( dep_id ) switch( dep_id )
{ {
$dep_check_code __MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
#line $line_no "suites/main_test.function" #line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default: default:
break; break;
} }
@ -137,13 +137,13 @@ typedef void (*TestWrapper_t)( void **param_array );
/** /**
* \brief Table of test function wrappers. Used by dispatch_test(). * \brief Table of test function wrappers. Used by dispatch_test().
* This table is populated by script: * This table is populated by script:
* $generator_script * __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
* *
*/ */
TestWrapper_t test_funcs[] = TestWrapper_t test_funcs[] =
{ {
$dispatch_code __MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
#line $line_no "suites/main_test.function" #line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
}; };
/** /**
@ -219,9 +219,9 @@ int check_test( size_t func_idx )
} }
$platform_code __MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
#line $line_no "suites/main_test.function" #line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------*/
/* Main Test code */ /* Main Test code */

View file

@ -167,9 +167,6 @@ mpi_core_lt_ct:"2B5":"2B4":0
mbedtls_mpi_core_lt_ct: x<y (1 limb) mbedtls_mpi_core_lt_ct: x<y (1 limb)
mpi_core_lt_ct:"2B5":"2B6":1 mpi_core_lt_ct:"2B5":"2B6":1
mbedtls_mpi_core_lt_ct: x=y (0 limbs)
mpi_core_lt_ct:"":"":0
mbedtls_mpi_core_lt_ct: x>y (63 bit x, y first byte greater) mbedtls_mpi_core_lt_ct: x>y (63 bit x, y first byte greater)
mpi_core_lt_ct:"7FFFFFFFFFFFFFFF":"00000000000000FF":0 mpi_core_lt_ct:"7FFFFFFFFFFFFFFF":"00000000000000FF":0

View file

@ -790,8 +790,8 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive,
if( inject_error == 1 ) if( inject_error == 1 )
{ {
buffer0[s_x1_pk_off + 8] >>= 4; buffer0[s_x1_pr_off + 8] ^= 1;
buffer0[s_x2_pk_off + 7] <<= 4; buffer0[s_x2_pr_off + 7] ^= 1;
expected_status = PSA_ERROR_DATA_INVALID; expected_status = PSA_ERROR_DATA_INVALID;
} }
@ -1013,8 +1013,8 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive,
if( inject_error == 2 ) if( inject_error == 2 )
{ {
buffer1[c_x1_pk_off + 12] >>= 4; buffer1[c_x1_pr_off + 12] ^= 1;
buffer1[c_x2_pk_off + 7] <<= 4; buffer1[c_x2_pr_off + 7] ^= 1;
expected_status = PSA_ERROR_DATA_INVALID; expected_status = PSA_ERROR_DATA_INVALID;
} }

View file

@ -88,7 +88,11 @@ x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial n
X509 CRT information EC, SHA256 Digest, hardware module name SAN X509 CRT information EC, SHA256 Digest, hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n" x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
X509 CRT information EC, SHA256 Digest, Wisun Fan device X509 CRT information EC, SHA256 Digest, Wisun Fan device
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -112,7 +116,7 @@ x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nseri
X509 CRT information, Multiple different Subject Alt Name X509 CRT information, Multiple different Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n" x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Subject Alt Name + Key Usage X509 CRT information, Subject Alt Name + Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -172,7 +176,11 @@ x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \:
X509 SAN parsing otherName X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n" x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
X509 SAN parsing binary otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
X509 SAN parsing dNSName X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -180,7 +188,7 @@ x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: exampl
X509 SAN parsing Multiple different types X509 SAN parsing Multiple different types
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n" x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
X509 SAN parsing, no subject alt name X509 SAN parsing, no subject alt name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C

View file

@ -265,17 +265,11 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
ret = mbedtls_snprintf( p, n, ", hardware serial number : " ); ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
MBEDTLS_X509_SAFE_SNPRINTF; MBEDTLS_X509_SAFE_SNPRINTF;
if( san->san.other_name.value.hardware_module_name.val.len >= n ) for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
{ {
*p = '\0'; ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ); MBEDTLS_X509_SAFE_SNPRINTF;
} }
for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
{
*p++ = san->san.other_name.value.hardware_module_name.val.p[i];
}
n -= san->san.other_name.value.hardware_module_name.val.len;
} }
break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */ break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
case( MBEDTLS_X509_SAN_DNS_NAME ): case( MBEDTLS_X509_SAN_DNS_NAME ):