Commit graph

154 commits

Author SHA1 Message Date
Przemek Stekiel
d34f8c36b8 x509 tests: adjust dependencies
*** Comparing before-default -> after-default ***
   x509parse: total 723; skipped  26 ->  26
   x509write: total  41; skipped   8 ->   8

*** Comparing before-full -> after-full ***
   x509parse: total 723; skipped  25 ->  25
   x509write: total  41; skipped   0 ->   0

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Werner Lewis
31ecb9600a Add tests for exceeded buffer size
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:23:43 +01:00
Werner Lewis
3e5585b45d Replace TEST_ASSERT macro uses
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:12:10 +01:00
Werner Lewis
ac80a66395 Reduce buffer sizes to expected size
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:11:50 +01:00
Werner Lewis
12657cdcc6 Remove binary int use
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-20 11:57:35 +01:00
Werner Lewis
b3acb053fb Add mbedtls_x509_dn_get_next function
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-17 16:40:55 +01:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
Add accessor for x509 certificate extension types
2022-06-06 21:51:38 +01:00
Thomas Daubney
5c9c2ce86d Add correct test dependencies
Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C
is a test dependency and so is declared in this commit.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 16:36:43 +01:00
Thomas Daubney
a5f39e0ec2 Move accessor definition
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 15:42:32 +01:00
Thomas Daubney
bd5466ab7e Add test for accessor
Add test logic for accessor.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3
Fix undeclared dependencies: MD
2022-05-10 10:41:32 +02:00
Przemek Stekiel
cd204992f2 Fix dependencies in tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Thomas Daubney
28015e1e44 Set flag to proper value
Set flag to proper value. Was previously 0xFFFFFFF and has been
corrected to 0xFFFFFFFF.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-21 08:12:59 +01:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
2021-06-07 13:52:23 +02:00
Dave Rodgman
c86f330aed
Merge pull request #3777 from hanno-arm/x509-info-optimization_rebased
Reduce ROM usage due to X.509 info
2021-04-28 17:31:55 +01:00
Gilles Peskine
e67665ca20
Merge pull request #4006 from chris-jones-arm/development
Add macro to check error code additions/combinations
2021-04-28 16:47:29 +02:00
Chris Jones
ee33c60fc2 Fix minor styling issues
Remove some accidental newlines that were added previously.

Update some definition guards to make it clearer that
`MBEDTLS_X509_REMOVE_INFO` is defined and not undefined.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:38:24 +01:00
Hanno Becker
fff2d5711c Fix X.509 parsing tests if MBEDTLS_X509_REMOVE_INFO is set
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
b4e5ddce1b Fix X.509 CRT parsing test if MBEDTLS_X509_REMOVE_INFO is set
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:20:56 +01:00
Hanno Becker
5d4c4b1f95 Add missing dependencies on !MBEDTLS_X509_REMOVE_INFO
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:18:52 +01:00
Hanno Becker
612a2f1504 Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO
The introduction of positive options to control the presence
of pre-existing functionality breaks the build for users of
handwritten configurations.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-27 17:18:52 +01:00
Peter Kolbus
9a969b66c1 Reduce code size when mbedtls_x509_*_info() unused
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-27 17:18:52 +01:00
Chris Jones
9f7a693f2c Apply MBEDTLS_ERROR_ADD to library
Replace all occurences of error code addition in the library with the new
MBEDTLS_ERROR_ADD macro.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-15 11:19:47 +01:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Mateusz Starzyk
1aec64642c Remove certs module from mbedtls.
Certs will be used only by tests and programs.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-03-16 15:51:25 +01:00
Gilles Peskine
1f186ff330 Add missing calls to USE_PSA_DONE
Some functions were not deinitializing the PSA subsystem. This could
lead to resource leaks at the level of individual test cases, and
possibly at the level of the whole test suite depending on the order
and selection of test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Gilles Peskine
9de97e21fe Make {USE_,}PSA_{INIT,DONE} available in all test suites
Make USE_PSA_INIT() and USE_PSA_DONE() available in all test suites in
all cases, doing nothing if MBEDTLS_USE_PSA_CRYPTO is disabled. Use
those in preference to having explicit
defined(MBEDTLS_USE_PSA_CRYPTO) checks (but there may still be places
left where using the new macros would be better).

Also provide PSA_INIT() by symmetry with PSA_DONE(), functional
whenver MBEDTLS_PSA_CRYPTO_C is enabled, but currently unused.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:08:14 +01:00
Ronald Cron
ac6ae35150 tests: suites: Remove hex in name of variables of type data_t
Remove `hex` in name of variables of type data_t to reserve it
for variables of type char* that are the hexadecimal
representation of a data buffer.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2020-07-01 17:10:15 +02:00
Nicola Di Lieto
b77fad8ebe test_suite_x509parse.function improvement
as suggested in
https://github.com/ARMmbed/mbedtls/pull/3419#discussion_r441433697

also removed two no longer necessary void casts

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:59:49 +02:00
Nicola Di Lieto
c84b1e6aa0 Pass "certificate policies" extension to callback
Pass the "certificate policies" extension to the callback supplied to
mbedtls_x509_crt_parse_der_with_ext_cb() if it contains unsupported
policies. This allows the callback to fully replicate the behaviour
of the deprecated MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
configuration.

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-06-17 17:55:29 +02:00
Nicola Di Lieto
e58b4638e5 Unsupported extension tests in test_suite_x509parse
All combinations of critical or not, recognized or not by the
callback are now tested as requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647880

In addition pass the OID of the unsupported extension to be parsed
to the callback using the opaque pointer, which makes the tests fail
if the library forwards the wrong pointer to the callback, as
requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647392

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-29 23:11:28 +02:00
Nicola Di Lieto
5659e7e889 Add opaque context to mbedtls_x509_crt_ext_cb_t
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:41:38 +02:00
Nicola Di Lieto
17bb60c0f1 Tests for mbedtls_x509_crt_parse_der_with_ext_cb
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
2020-05-28 23:20:47 +02:00
Kenneth Soerensen
518d435e7b Fix GCC format-signedness warnings
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
2020-04-22 16:01:48 +02:00
Hanno Becker
20a4ade3f5 Add test cases exercising successful verification of MD2/MD4/MD5 CRT 2019-06-03 14:45:21 +01:00
Ron Eldor
890819a597 Change mbedtls_x509_subject_alternative_name
Make `mbedtls_x509_subject_alternative_name` to be a single item
rather than a list. Adapt the subject alternative name parsing function,
to receive a signle `mbedtls_x509_buf` item from the subject_alt_names
sequence of the certificate.
2019-05-13 19:23:07 +03:00
Ron Eldor
b2dc3fa72e Suppport otherName of type hardware module name
Add support of parsing of subject alternative name, of type otherName.
Currently supports only hardware module name, as defined in rfc 4108.
2019-05-07 17:04:57 +03:00
Janos Follath
846ae7a70d Document and test flags in x509_verify 2019-04-05 16:45:01 +01:00
Janos Follath
d7ecbd6914 Fix style issues and a typo 2019-04-05 16:44:42 +01:00
Jarno Lamsa
dfd22c4dbd Address comments for x509 tests 2019-04-01 15:18:53 +03:00
Jarno Lamsa
31d9db6195 Change the verify function naming
Change the naming to reflect that the function uses a new ca callback
feature to distinguish different callbacks.
2019-04-01 14:33:49 +03:00
Hanno Becker
3f932bbc5d Remove trailing whitespace in test_suite_x509parse.function 2019-03-28 17:06:47 +00:00
Hanno Becker
0350d56286 Only run X.509 CRT verification tests with CA callback tests if !CRL 2019-03-28 16:13:44 +00:00
Hanno Becker
cbb590369c Minor fixes to CA callback tests 2019-03-28 16:13:44 +00:00
Jarno Lamsa
557426ad77 Add a failure testcase for ca callback 2019-03-28 16:13:43 +00:00
Jarno Lamsa
912ed33991 Change callback name to ca_callback 2019-03-28 16:13:43 +00:00
Jarno Lamsa
03cd120ce4 Test for ca list callback 2019-03-28 16:13:43 +00:00
Jaeden Amero
8963b0311c Merge remote-tracking branch 'origin/pr/2411' into development 2019-02-22 10:32:44 +00:00
Jaeden Amero
3ea2687053 psa: Initialize crypto in tests that need to
Don't unconditionally enable PSA Crypto for all tests. Only enable it in
tests that require it. This allows crypto tests to check that
psa_crypto_init() fails when it is supposed to fail, since we want to
perform some action in a test, and then call psa_crypto_init() and check
the result without it having been called previously.
2019-02-13 07:34:54 -05:00
Hanno Becker
2d8a2c0852 Modify existing X.509 test for also test new copyless API
The existing test `x509parse_crt()` for X.509 CRT parsing
so far used the generic parsing API `mbedtls_x509_crt_parse()`
capable of parsing both PEM encoded and DER encoded certficates,
but was actually only used with DER encoded input data. Moreover,
as the purpose of the test is the testing of the core DER X.509 parsing
functionality, not the PEM vs. DER dispatch (which is now already tested
in the various `x509_crt_info()` tests), the call can be replaced with a
direct call to `mbedtls_x509_parse_crt_der()`.

This commit does that, and further adds to the test an analogous
call to the new API `mbedtls_x509_parse_crt_der_nocopy()` to test
copyless parsing of X.509 certificates.
2019-02-08 14:24:58 +00:00