Test some cases where mbedtls_mpi_core_random() or mbedtls_mpi_random()
should return MBEDTLS_ERR_MPI_NOT_ACCEPTABLE. These test cases use a very
small range that makes the NOT_ACCEPTABLE case likely. The test code uses a
deterministic RNG whose implementation is in the test framework, so we know
that the tests will pass reproducibly unless the implementation the test
framework changes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The test function mpi_random_many() is the main function for testing the
get-random-in-range function. It validates that the random generator's
output is within the desired range, and performs some basic statistical
checks including checking that small ranges are covered exhaustively.
Switch this function from testing mbedtls_mpi_random() to testing
mbedtls_mpi_core_random(). This does not reduce the test coverage of
mbedtls_mpi_random() because the same properties are now validated
indirectly via mpi_random_values() which checks that mbedtls_mpi_random()
and mbedtls_mpi_core_random() produce identical values for identical inputs.
As of this commit, mpi_random_many() still uses some legacy mpi functions
internally because the corresponding functions don't exist yet in core.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
For good cases, test that mbedtls_mpi_random() produces the same output as
mbedtls_mpi_core_random().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Shuffle things around a bit inside mbedtls_mpi_random() in preparation for
breaking out mbedtls_mpi_core_random().
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rewrite the minimum bound comparison to avoid a local allocation. This costs
a bit of code size, but saves RAM. This is in preparation for moving the
bulk of the function to the bignum_core module where allocation is not
permitted.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Compare a single-limb MPI with a multi-limb MPI. This is rather ad hoc, but
will be useful for mbedtls_mpi_core_random.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
"version 1.1 of #5137" is not meaningful to users, only as an internal
project milestone. Explain what this means from a user's point of view.
Announce the requirement for jsonschema in the proper section, which is
"Requirement changes". Mention jinja2 and basic.requirements.txt which
had not previously been explicitly mentioned in the changelog.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If my understanding is correct (to be confirmed in review), this is a new
feature which was not particularly desired on its own but was the simplest
way to fix an interoperability issue in TLS 1.2 caused accidentally by
the work on TLS 1.3.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Mention the name of the new functions in the "Features" entry. Clarify what
they're for (there's no structure called mbedtls_x509_named_data, it's
mbedtls_asn1_named_data, but that name isn't so important here since we've
mentioned the names of the functions).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Added mixed cases:
- server using opaque password, while client not
- client using opaque password, while server not
Added a test with mismatched passwords in case both server and
client are using opaque passwords (the same test was already
present for the non-opaque case)
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The code in CMakeLists.txt was an old copy of the code in Makefile. This
brings in branch coverage, which had only been added to Makefile.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
