cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-08 06:40:16 -04:00
Code Issues Packages Projects Releases Wiki Activity

Refactor ssl test suite to use pointers more

Browse Source 
This way it's easier to track structures that are partially set up.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek 2022-10-18 07:55:46 -04:00
parent e8ed2a1115
commit 0d2982be13
1 changed files with 69 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
tests/suites/test_suite_ssl.function
View File

@ -734,9 +734,9 @@ int mbedtls_mock_tcp_recv_msg( void *ctx, unsigned char *buf, size_t buf_len )
*/
typedef struct mbedtls_endpoint_certificate
{
mbedtls_x509_crt ca_cert;
mbedtls_x509_crt cert;
mbedtls_pk_context pkey;
mbedtls_x509_crt* ca_cert;
mbedtls_x509_crt* cert;
mbedtls_pk_context* pkey;
} mbedtls_endpoint_certificate;
/*
@ -753,6 +753,42 @@ typedef struct mbedtls_endpoint
mbedtls_endpoint_certificate cert;
} mbedtls_endpoint;
/*
* Deinitializes certificates from endpoint represented by \p ep.
*/
void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
{
mbedtls_endpoint_certificate *cert = &( ep->cert );
if( cert != NULL )
{
if( cert->ca_cert != NULL )
{
mbedtls_x509_crt_free( cert->ca_cert );
mbedtls_free( cert->ca_cert );
cert->ca_cert = NULL;
}
if( cert->cert != NULL )
{
mbedtls_x509_crt_free( cert->cert );
mbedtls_free( cert->cert );
cert->cert = NULL;
}
if( cert->pkey != NULL )
{
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if( mbedtls_pk_get_type( cert->pkey ) == MBEDTLS_PK_OPAQUE )
{
mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
psa_destroy_key( *key_slot );
}
#endif
mbedtls_pk_free( cert->pkey );
mbedtls_free( cert->pkey );
cert->pkey = NULL;
}
}
}
/*
* Initializes \p ep_cert structure and assigns it to endpoint
* represented by \p ep.
@ -763,7 +799,7 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
{
int i = 0;
int ret = -1;
mbedtls_endpoint_certificate *cert;
mbedtls_endpoint_certificate *cert = NULL;
if( ep == NULL )
{
@ -771,15 +807,19 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
}
cert = &( ep->cert );
mbedtls_x509_crt_init( &( cert->ca_cert ) );
mbedtls_x509_crt_init( &( cert->cert ) );
mbedtls_pk_init( &( cert->pkey ) );
cert->ca_cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
cert->cert = mbedtls_calloc( 1, sizeof(mbedtls_x509_crt) );
cert->pkey = mbedtls_calloc( 1, sizeof(mbedtls_pk_context) );
mbedtls_x509_crt_init( cert->ca_cert );
mbedtls_x509_crt_init( cert->cert );
mbedtls_pk_init( cert->pkey );
/* Load the trusted CA */
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
{
ret = mbedtls_x509_crt_parse_der( &( cert->ca_cert ),
ret = mbedtls_x509_crt_parse_der( cert->ca_cert,
(const unsigned char *) mbedtls_test_cas_der[i],
mbedtls_test_cas_der_len[i] );
TEST_ASSERT( ret == 0 );
@ -791,24 +831,24 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
{
if( pk_alg == MBEDTLS_PK_RSA )
{
ret = mbedtls_x509_crt_parse( &( cert->cert ),
ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char*) mbedtls_test_srv_crt_rsa_sha256_der,
mbedtls_test_srv_crt_rsa_sha256_der_len );
TEST_ASSERT( ret == 0 );
ret = mbedtls_pk_parse_key( &( cert->pkey ),
ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char*) mbedtls_test_srv_key_rsa_der,
mbedtls_test_srv_key_rsa_der_len, NULL, 0 );
TEST_ASSERT( ret == 0 );
}
else
{
ret = mbedtls_x509_crt_parse( &( cert->cert ),
ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char*) mbedtls_test_srv_crt_ec_der,
mbedtls_test_srv_crt_ec_der_len );
TEST_ASSERT( ret == 0 );
ret = mbedtls_pk_parse_key( &( cert->pkey ),
ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char*) mbedtls_test_srv_key_ec_der,
mbedtls_test_srv_key_ec_der_len, NULL, 0 );
TEST_ASSERT( ret == 0 );
@ -818,42 +858,40 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
{
if( pk_alg == MBEDTLS_PK_RSA )
{
ret = mbedtls_x509_crt_parse( &( cert->cert ),
ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char *) mbedtls_test_cli_crt_rsa_der,
mbedtls_test_cli_crt_rsa_der_len );
TEST_ASSERT( ret == 0 );
ret = mbedtls_pk_parse_key( &( cert->pkey ),
ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_rsa_der,
mbedtls_test_cli_key_rsa_der_len, NULL, 0 );
TEST_ASSERT( ret == 0 );
}
else
{
ret = mbedtls_x509_crt_parse( &( cert->cert ),
ret = mbedtls_x509_crt_parse( cert->cert,
(const unsigned char *) mbedtls_test_cli_crt_ec_der,
mbedtls_test_cli_crt_ec_len );
TEST_ASSERT( ret == 0 );
ret = mbedtls_pk_parse_key( &( cert->pkey ),
ret = mbedtls_pk_parse_key( cert->pkey,
(const unsigned char *) mbedtls_test_cli_key_ec_der,
mbedtls_test_cli_key_ec_der_len, NULL, 0 );
TEST_ASSERT( ret == 0 );
}
}
mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
mbedtls_ssl_conf_ca_chain( &( ep->conf ), cert->ca_cert, NULL );
ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
&( cert->pkey ) );
ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), cert->cert,
cert->pkey );
TEST_ASSERT( ret == 0 );
exit:
if( ret != 0 )
{
mbedtls_x509_crt_free( &( cert->ca_cert ) );
mbedtls_x509_crt_free( &( cert->cert ) );
mbedtls_pk_free( &( cert->pkey ) );
mbedtls_endpoint_certificate_free( ep );
}
return ret;
@ -959,17 +997,6 @@ exit:
return ret;
}
/*
* Deinitializes certificates from endpoint represented by \p ep.
*/
void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
{
mbedtls_endpoint_certificate *cert = &( ep->cert );
mbedtls_x509_crt_free( &( cert->ca_cert ) );
mbedtls_x509_crt_free( &( cert->cert ) );
mbedtls_pk_free( &( cert->pkey ) );
}
/*
* Deinitializes endpoint represented by \p ep.
*/
@ -1709,6 +1736,10 @@ void perform_handshake( handshake_test_options* options )
#endif
int expected_handshake_result = 0;
USE_PSA_INIT( );
mbedtls_platform_zeroize( &client, sizeof(client) );
mbedtls_platform_zeroize( &server, sizeof(server) );
mbedtls_test_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
mbedtls_message_socket_init( &server_context );
@ -4185,6 +4216,9 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass)
mbedtls_endpoint base_ep, second_ep;
int ret = -1;
mbedtls_platform_zeroize( &base_ep, sizeof(base_ep) );
mbedtls_platform_zeroize( &second_ep, sizeof(second_ep) );
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
NULL, NULL, NULL, NULL );
TEST_ASSERT( ret == 0 );
@ -4571,6 +4605,8 @@ void raw_key_agreement_fail( int bad_server_ecdhe_key )
mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
MBEDTLS_ECP_DP_NONE };
USE_PSA_INIT( );
mbedtls_platform_zeroize( &client, sizeof(client) );
mbedtls_platform_zeroize( &server, sizeof(server) );
/* Client side, force SECP256R1 to make one key bitflip fail
* the raw key agreement. Flipping the first byte makes the