Commit 17b85cbd authored by Paul Bakker's avatar Paul Bakker
Browse files

Merged additional tests and improved code coverage

Conflicts:
	ChangeLog
parents 0763a401 0148875c
......@@ -32,6 +32,11 @@ Bugfix
(found by Gergely Budai)
* Fix compile errors when POLARSSL_ERROR_STRERROR_BC is undefined (found by
Shuo Chen).
* oid_get_numeric_string() used to truncate the output without returning an
error if the output buffer was just 1 byte too small.
* dhm_parse_dhm() (hence dhm_parse_dhmfile()) did not set dhm->len.
* Calling pk_debug() on an RSA-alt key would segfault.
* pk_get_size() and pk_get_len() were off by a factor 8 for RSA-alt keys.
= PolarSSL 1.3.5 released on 2014-03-26
Features
......
......@@ -621,12 +621,14 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
#if defined(POLARSSL_SELF_TEST)
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
* \return 0 if successful, or 1 if a test failed
*/
int ecp_self_test( int verbose );
#endif
#ifdef __cplusplus
}
......
......@@ -60,7 +60,7 @@
* CAMELLIA 2 0x0024-0x0026
* XTEA 1 0x0028-0x0028
* BASE64 2 0x002A-0x002C
* OID 1 0x002E-0x002E
* OID 1 0x002E-0x002E 0x000B-0x000B
* PADLOCK 1 0x0030-0x0030
* DES 1 0x0032-0x0032
* CTR_DBRG 4 0x0034-0x003A
......
......@@ -44,6 +44,7 @@
#endif
#define POLARSSL_ERR_OID_NOT_FOUND -0x002E /**< OID is not found. */
#define POLARSSL_ERR_OID_BUF_TOO_SMALL -0x000B /**< output buffer is too small */
/*
* Top level OID tuples
......@@ -376,7 +377,8 @@ typedef struct {
* \param size size of the buffer
* \param oid OID to translate
*
* \return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL or actual length used
* \return Length of the string written (excluding final NULL) or
* POLARSSL_ERR_OID_BUF_TO_SMALL in case of error
*/
int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
......
......@@ -234,7 +234,7 @@ int pk_init_ctx( pk_context *ctx, const pk_info_t *info );
* \param key RSA key pointer
* \param decrypt_func Decryption function
* \param sign_func Signing function
* \param key_len_func Function returning key length
* \param key_len_func Function returning key length in bytes
*
* \return 0 on success, or POLARSSL_ERR_PK_BAD_INPUT_DATA if the
* context wasn't already initialized as RSA_ALT.
......
......@@ -74,6 +74,15 @@ void set_alarm( int seconds );
*/
void m_sleep( int milliseconds );
#if defined(POLARSSL_SELF_TEST)
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if a test failed
*/
int timing_self_test( int verbose );
#endif
#ifdef __cplusplus
}
#endif
......
......@@ -212,6 +212,8 @@ int x509_serial_gets( char *buf, size_t size, const x509_buf *serial );
/**
* \brief Give an known OID, return its descriptive string.
* (Deprecated. Use oid_get_extended_key_usage() instead.)
* Warning: only works for extended_key_usage OIDs!
*
* \param oid buffer containing the oid
*
......@@ -228,8 +230,8 @@ const char *x509_oid_get_description( x509_buf *oid );
* \param size Maximum size of buffer
* \param oid Buffer containing the OID
*
* \return The amount of data written to the buffer, or -1 in
* case of an error.
* \return Length of the string written (exluding final NULL) or
* POLARSSL_ERR_OID_BUF_TO_SMALL in case of error
*/
int x509_oid_get_numeric_string( char *buf, size_t size, x509_buf *oid );
......
......@@ -460,6 +460,8 @@ int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin, size_t dhminlen
ret = 0;
dhm->len = mpi_size( &dhm->P );
exit:
#if defined(POLARSSL_PEM_PARSE_C)
pem_free( &pem );
......
......@@ -655,6 +655,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen )
#if defined(POLARSSL_OID_C)
if( use_ret == -(POLARSSL_ERR_OID_NOT_FOUND) )
snprintf( buf, buflen, "OID - OID is not found" );
if( use_ret == -(POLARSSL_ERR_OID_BUF_TOO_SMALL) )
snprintf( buf, buflen, "OID - output buffer is too small" );
#endif /* POLARSSL_OID_C */
#if defined(POLARSSL_PADLOCK_C)
......
......@@ -590,16 +590,14 @@ static int compat_snprintf(char *str, size_t size, const char *format, ...)
#define snprintf compat_snprintf
#endif
#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL -2
#define SAFE_SNPRINTF() \
{ \
if( ret == -1 ) \
return( -1 ); \
return POLARSSL_ERR_OID_BUF_TOO_SMALL; \
\
if ( (unsigned int) ret > n ) { \
if ( (unsigned int) ret >= n ) { \
p[n - 1] = '\0'; \
return POLARSSL_ERR_DEBUG_BUF_TOO_SMALL;\
return POLARSSL_ERR_OID_BUF_TOO_SMALL; \
} \
\
n -= (unsigned int) ret; \
......@@ -630,7 +628,7 @@ int oid_get_numeric_string( char *buf, size_t size,
{
/* Prevent overflow in value. */
if ( ( ( value << 7 ) >> 7 ) != value )
return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
return( POLARSSL_ERR_OID_BUF_TOO_SMALL );
value <<= 7;
value += oid->p[i] & 0x7F;
......
......@@ -258,6 +258,9 @@ int pk_debug( const pk_context *ctx, pk_debug_item *items )
if( ctx == NULL || ctx->pk_info == NULL )
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
if( ctx->pk_info->debug_func == NULL )
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
ctx->pk_info->debug_func( ctx->pk_ctx, items );
return( 0 );
}
......
......@@ -357,7 +357,7 @@ static size_t rsa_alt_get_size( const void *ctx )
{
const rsa_alt_context *rsa_alt = (const rsa_alt_context *) ctx;
return( rsa_alt->key_len_func( rsa_alt->key ) );
return( 8 * rsa_alt->key_len_func( rsa_alt->key ) );
}
static int rsa_alt_sign_wrap( void *ctx, md_type_t md_alg,
......
......@@ -361,9 +361,13 @@ int pkcs5_self_test( int verbose )
if( ( ret = md_init_ctx( &sha1_ctx, info_sha1 ) ) != 0 )
return( 1 );
if( verbose != 0 )
polarssl_printf( " PBKDF2 warning: test #3 may be slow!\n" );
for( i = 0; i < MAX_TESTS; i++ )
{
polarssl_printf( " PBKDF2 (SHA1) #%d: ", i );
if( verbose != 0 )
polarssl_printf( " PBKDF2 (SHA1) #%d: ", i );
ret = pkcs5_pbkdf2_hmac( &sha1_ctx, password[i], plen[i], salt[i],
slen[i], it_cnt[i], key_len[i], key );
......
......@@ -25,6 +25,13 @@
#include "polarssl/config.h"
#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_PLATFORM_C)
#include "polarssl/platform.h"
#else
#include <stdio.h>
#define polarssl_printf printf
#endif
#if defined(POLARSSL_TIMING_C) && !defined(POLARSSL_TIMING_ALT)
#include "polarssl/timing.h"
......@@ -55,7 +62,7 @@ struct _hr_time
#endif
#if !defined(POLARSSL_HAVE_HARDCLOCK) && defined(POLARSSL_HAVE_ASM) && \
(defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
(defined(_MSC_VER) && defined(_M_IX86)) || defined(__WATCOMC__)
#define POLARSSL_HAVE_HARDCLOCK
......@@ -76,7 +83,7 @@ unsigned long hardclock( void )
unsigned long hardclock( void )
{
unsigned long lo, hi;
asm( "rdtsc" : "=a" (lo), "=d" (hi) );
asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
return( lo );
}
#endif
......@@ -89,7 +96,7 @@ unsigned long hardclock( void )
unsigned long hardclock( void )
{
unsigned long lo, hi;
asm( "rdtsc" : "=a" (lo), "=d" (hi) );
asm volatile( "rdtsc" : "=a" (lo), "=d" (hi) );
return( lo | (hi << 32) );
}
#endif
......@@ -105,9 +112,9 @@ unsigned long hardclock( void )
do
{
asm( "mftbu %0" : "=r" (tbu0) );
asm( "mftb %0" : "=r" (tbl ) );
asm( "mftbu %0" : "=r" (tbu1) );
asm volatile( "mftbu %0" : "=r" (tbu0) );
asm volatile( "mftb %0" : "=r" (tbl ) );
asm volatile( "mftbu %0" : "=r" (tbu1) );
}
while( tbu0 != tbu1 );
......@@ -126,7 +133,7 @@ unsigned long hardclock( void )
unsigned long hardclock( void )
{
unsigned long tick;
asm( "rdpr %%tick, %0;" : "=&r" (tick) );
asm volatile( "rdpr %%tick, %0;" : "=&r" (tick) );
return( tick );
}
#endif
......@@ -140,8 +147,8 @@ unsigned long hardclock( void )
unsigned long hardclock( void )
{
unsigned long tick;
asm( ".byte 0x83, 0x41, 0x00, 0x00" );
asm( "mov %%g1, %0" : "=r" (tick) );
asm volatile( ".byte 0x83, 0x41, 0x00, 0x00" );
asm volatile( "mov %%g1, %0" : "=r" (tick) );
return( tick );
}
#endif
......@@ -154,7 +161,7 @@ unsigned long hardclock( void )
unsigned long hardclock( void )
{
unsigned long cc;
asm( "rpcc %0" : "=r" (cc) );
asm volatile( "rpcc %0" : "=r" (cc) );
return( cc & 0xFFFFFFFF );
}
#endif
......@@ -167,7 +174,7 @@ unsigned long hardclock( void )
unsigned long hardclock( void )
{
unsigned long itc;
asm( "mov %0 = ar.itc" : "=r" (itc) );
asm volatile( "mov %0 = ar.itc" : "=r" (itc) );
return( itc );
}
#endif
......@@ -181,9 +188,9 @@ unsigned long hardclock( void )
{
LARGE_INTEGER offset;
QueryPerformanceCounter( &offset );
QueryPerformanceCounter( &offset );
return (unsigned long)( offset.QuadPart );
return (unsigned long)( offset.QuadPart );
}
#endif
......@@ -234,17 +241,17 @@ unsigned long get_timer( struct hr_time *val, int reset )
}
DWORD WINAPI TimerProc( LPVOID uElapse )
{
{
Sleep( (DWORD) uElapse );
alarmed = 1;
alarmed = 1;
return( TRUE );
}
void set_alarm( int seconds )
{
{
DWORD ThreadId;
alarmed = 0;
alarmed = 0;
CloseHandle( CreateThread( NULL, 0, TimerProc,
(LPVOID) ( seconds * 1000 ), 0, &ThreadId ) );
}
......@@ -254,7 +261,7 @@ void m_sleep( int milliseconds )
Sleep( milliseconds );
}
#else
#else /* _WIN32 && !EFIX64 && !EFI32 */
unsigned long get_timer( struct hr_time *val, int reset )
{
......@@ -282,10 +289,10 @@ void m_sleep( int milliseconds )
usleep( milliseconds * 1000 );
}
#else
#else /* INTEGRITY */
static void sighandler( int signum )
{
{
alarmed = 1;
signal( signum, sighandler );
}
......@@ -308,6 +315,150 @@ void m_sleep( int milliseconds )
}
#endif /* INTEGRITY */
#endif /* _WIN32 && !EFIX64 && !EFI32 */
#if defined(POLARSSL_SELF_TEST)
/* To test net_usleep against our functions */
#if defined(POLARSSL_NET_C)
#include "polarssl/net.h"
#endif
/*
* Checkup routine
*/
int timing_self_test( int verbose )
{
unsigned long cycles, ratio;
unsigned long millisecs, secs;
int hardfail;
struct hr_time hires;
if( verbose != 0)
polarssl_printf( " TIMING tests warning: will take some time!\n" );
if( verbose != 0 )
polarssl_printf( " TIMING test #1 (m_sleep / get_timer): " );
for( secs = 1; secs <= 3; secs++ )
{
(void) get_timer( &hires, 1 );
m_sleep( 500 * secs );
millisecs = get_timer( &hires, 0 );
if( millisecs < 450 * secs || millisecs > 550 * secs )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
}
if( verbose != 0 )
polarssl_printf( "passed\n" );
if( verbose != 0 )
polarssl_printf( " TIMING test #2 (set_alarm / get_timer): " );
for( secs = 1; secs <= 3; secs++ )
{
(void) get_timer( &hires, 1 );
set_alarm( secs );
while( !alarmed )
;
millisecs = get_timer( &hires, 0 );
if( millisecs < 900 * secs || millisecs > 1100 * secs )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
}
if( verbose != 0 )
polarssl_printf( "passed\n" );
if( verbose != 0 )
polarssl_printf( " TIMING test #3 (hardclock / m_sleep ): " );
/*
* Allow one failure for possible counter wrapping.
* On a 4Ghz 32-bit machine the cycle counter wraps about once per second;
* since the whole test is about 10ms, it shouldn't happen twice in a row.
*/
hardfail = 0;
hard_test:
if( hardfail > 1 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
/* Get a reference ratio cycles/ms */
cycles = hardclock();
m_sleep( 1 );
cycles = hardclock() - cycles;
ratio = cycles / 1;
for( millisecs = 2; millisecs <= 4; millisecs++ )
{
cycles = hardclock();
m_sleep( millisecs );
cycles = hardclock() - cycles;
/* Allow variation up to 20% */
if( cycles / millisecs < ratio - ratio / 5 ||
cycles / millisecs > ratio + ratio / 5 )
{
hardfail++;
goto hard_test;
}
}
if( verbose != 0 )
polarssl_printf( "passed\n" );
if( verbose != 0 )
polarssl_printf( "\n" );
#if defined(POLARSSL_NET_C)
if( verbose != 0 )
polarssl_printf( " TIMING test #4 (net_usleep/ get_timer): " );
for( secs = 1; secs <= 3; secs++ )
{
(void) get_timer( &hires, 1 );
net_usleep( 500000 * secs );
millisecs = get_timer( &hires, 0 );
if( millisecs < 450 * secs || millisecs > 550 * secs )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
}
if( verbose != 0 )
polarssl_printf( "passed\n" );
#endif
return( 0 );
}
#endif /* POLARSSL_SELF_TEST */
#endif /* POLARSSL_TIMING_C && !POLARSSL_TIMING_ALT */
......@@ -49,7 +49,9 @@
#include "polarssl/x509.h"
#include "polarssl/xtea.h"
#include "polarssl/pkcs5.h"
#include "polarssl/pbkdf2.h"
#include "polarssl/ecp.h"
#include "polarssl/timing.h"
#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
#include "polarssl/memory.h"
......@@ -171,11 +173,6 @@ int main( int argc, char *argv[] )
return( ret );
#endif
#if defined(POLARSSL_PKCS5_C)
if( ( ret = pkcs5_self_test( v ) ) != 0 )
return( ret );
#endif
#if defined(POLARSSL_ECP_C)
if( ( ret = ecp_self_test( v ) ) != 0 )
return( ret );
......@@ -186,6 +183,23 @@ int main( int argc, char *argv[] )
return( ret );
#endif
/* Slow tests last */
#if defined(POLARSSL_PBKDF2_C)
if( ( ret = pbkdf2_self_test( v ) ) != 0 )
return( ret );
#else
#if defined(POLARSSL_PKCS5_C)
if( ( ret = pkcs5_self_test( v ) ) != 0 )
return( ret );
#endif
#endif
#if defined(POLARSSL_TIMING_C)
if( ( ret = timing_self_test( v ) ) != 0 )
return( ret );
#endif
#else
printf( " POLARSSL_SELF_TEST not defined.\n" );
#endif
......
......@@ -4,12 +4,17 @@ test_suites
(reference test vectors, sanity checks, malformed input for parsing
functions, etc.) for all modules except the SSL modules.
selftests
The 'programs/test/selftest' program runs the 'XXX_self_test()' functions
of each individual module. Most of them are included in the respective
test suite, but some slower ones are only included here.
compat
The 'tests/compat.sh' script checks interoperability with OpenSSL and
GnuTLS (and ourselves!) for every common ciphersuite, in every TLS
version, both ways (client/server), using client authentication or not.
For each ciphersuite/version/side/authmode it performs a full handshake
and a small data exchange.
and a small data exchange.
ssl_opt
The 'tests/ssl-opt.sh' script checks various options and/or operations not
......
......@@ -5,16 +5,15 @@
# Check each common ciphersuite, with each version, both ways (client/server),
# with and without client authentication.
set -u
# test if those two are set in the environment before assigning defaults
if [ -n "$GNUTLS_CLI" -a -n "$GNUTLS_SERV" ]; then
if [ -n "${GNUTLS_CLI:-}" -a -n "${GNUTLS_SERV:-}" ]; then
GNUTLS_AVAILABLE=1
else
GNUTLS_AVAILABLE=0
fi
# catch undefined variables from now on
set -u
# initialise counters
let "tests = 0"
let "failed = 0"
......
-----BEGIN DH PARAMETERS-----
MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh
1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32
9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC
-----END DH PARAMETERS-----
-----BEGIN CERTIFICATE REQUEST-----
MIICpTCCAY0CAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAkMCIGCSqGSIb3DQEJDjEV
MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQB95Pkjpg/N
Jbgl5nZcAk8maGMpUFlrhJS4kGutQKZugNX9v8cfABW905IHYXV1dm6zxVcyeqZM
FiOgbV943fu5JbufoazdYXnnR2/iKMigqX4CzZrK3F5ZzegxkfDIfDrn/shC+rWb
SS5WBVLJ3QNj9vwn3/b66IRbp/ViOwHx7+9JT4K/rLId/ynjYf2T57AsmNd/jptc
Zs19fGgtrUXweWkliEZN2zE47Cc53jkx6+Li4TNs4Bjk5P/aXrCP0fBwgGt2K6YW
dQ/nr0PwIbXzVlgUukSTHkJJfhF4Y/WqcUfOPrRdw+zxOLusJ9nzJBR0FOohcBxM
kPBVna0dze/o
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST-----
MIICnzCCAYcCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAeMBwGCSqGSIb3DQEJDjEP
MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQCj6jCu0wE5OQ1JGQwZ
FNwPqZrvKntSq2yLIbgmGxwlvDLxOzn0KmidSFiKRqh0KXwj9siodlz5C0d9tUqq
7xUXg+j+wDHqUV8zo42Jke+UmWXFPpnXx/fDFGTITdLSn8ZDxkt31ESLTEVZvPFD
odm+C+zWJtKpyL+9op4KvyBQ1MZ9nWZpwMaK4g4mdtOIsz75gMa74w8ZT7VzhGMY
cZGmafsl7x++GDDtf0oCPgrj9xy+Ovv/GyUBaB+6lweflTfPDTRSoN0meFlP5ynF
vqcBM5JKH2FUQIizfc9o6Z8tKxe9FCov3x8szAuoMRA7bjhVngeQIrEkTcaQBvBY
NalC
-----END CERTIFICATE REQUEST-----
-----BEGIN CERTIFICATE REQUEST-----
MIICsjCCAZoCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs