Add tests for key import-export and key import followed by public-key
export when the output buffer is too small. Add these tests for the
following curves:
* p256 as an example of a Weierstrass curve
* Curve25519
* Curve448
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When exporting an FFDH public key we were not properly checking the
length of the output buffer and would write the full length of the key
in all cases. Fix this by checking the size of the output buffer before
we write to it.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This testcase calls psa_export_public_key() on an FFDH key with an
output buffer that is too small. Since the size is calculated based on
the required key size but not checked against the available buffer size,
we overflow the buffer.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
With e.g. `CLOCK_BOOTTIME`, it's plausible that less than 1 second has
passed since the boot reference time.
Only assert that the returned time is nonzero (because all-bits-zero is
highly implausible as an actual clock value, but likely indicates that the
intended value was not copied out correctly).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MinGW uses a legacy printf by default which doesn't support the `z` modifier
for `size_t`. Skip these test cases on MinGW.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When `MBEDTLS_TEST_PLATFORM_IS_NOT_UNIXLIKE` is defined, do not enable
`MBEDTLS_PLATFORM_IS_UNIXLIKE`. This lets us test baremetal builds as such
even if we happen to be building for Linux or other Unix-like platform.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In particular, test `"%zu"` for `size_t` and `"%lld"` for `long long`, which
older Windows runtimes do not support, but which Mbed TLS uses.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The goal isn't to do any functional testing, but to have a simple diagnostic
if some Unix platform function isn't available, and to have a record of
success in the outcome file.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We were using slightly different guards to decide whether to include
`<unistd.h>` in different places. Unify those.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses
`mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of
testing `mbedtls_snprintf()`, which might be subtly different (older
Windows runtimes had slightly different behavior for vsnprintf() vs
snprintf(); TF-PSA-Crypto might pick up a different function if the
platform configuration is different in TF-PSA-Crypto and Mbed TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In mbedtls_x509_string_to_names() we were not checking for allocation
failures. An allocation failure would lead to a memcpy() to a null
pointer address.
Fix this by checking the result of the call to mbedtls_calloc() and
returning MBEDTLS_ERR_X509_ALLOC_FAILED in the error case.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This is not only convenient, but now necessary, because if the content of
the generated files changes due to changes in Python files in the framework,
`all.sh check_generated_files` will fail in the framework CI.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
