mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-05-28 08:12:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add SNI support to redbean and improve SSL perf

Browse source 
This change makes SSL virtual hosting possible. You can now load
multiple certificates for multiple domains and redbean will just
figure out which one to use, even if you only have 1 ip address.
You can also use a jumbo certificate that lists all your domains
in the the subject alternative names.

This change also makes performance improvements to MbedTLS. Here
are some benchmarks vs. cc1920749e

                                   BEFORE    AFTER   (microsecs)
suite_ssl.com                     2512881   191738 13.11x faster
suite_pkparse.com                   36291     3295 11.01x faster
suite_x509parse.com                854669   120293  7.10x faster
suite_pkwrite.com                    6549     1265  5.18x faster
suite_ecdsa.com                     53347    18778  2.84x faster
suite_pk.com                        49051    18717  2.62x faster
suite_ecdh.com                      19535     9502  2.06x faster
suite_shax.com                      15848     7965  1.99x faster
suite_rsa.com                      353257   184828  1.91x faster
suite_x509write.com                162646    85733  1.90x faster
suite_ecp.com                       20503    11050  1.86x faster
suite_hmac_drbg.no_reseed.com       19528    11417  1.71x faster
suite_hmac_drbg.nopr.com            12460     8010  1.56x faster
suite_mpi.com                      687124   442661  1.55x faster
suite_hmac_drbg.pr.com              11890     7752  1.53x faster

There aren't any special tricks to the performance imporvements.
It's mostly due to code cleanup, assembly and intel instructions
like mulx, adox, and adcx.
This commit is contained in:
Justine Tunney 2021-07-19 14:55:20 -07:00
parent f3e28aa192
commit 398f0c16fb
190 changed files with 14367 additions and 8928 deletions
Download patch file Download diff file Expand all files Collapse all files

82
third_party/mbedtls/test/lib.c vendored
View file

@ -15,17 +15,21 @@
* limitations under the License.
*/
#include "libc/assert.h"
#include "libc/bits/bits.h"
#include "libc/calls/calls.h"
#include "libc/fmt/conv.h"
#include "libc/fmt/fmt.h"
#include "libc/log/log.h"
#include "libc/mem/mem.h"
#include "libc/rand/rand.h"
#include "libc/runtime/internal.h"
#include "libc/stdio/append.internal.h"
#include "libc/stdio/stdio.h"
#include "libc/str/str.h"
#include "libc/sysv/consts/exit.h"
#include "third_party/mbedtls/config.h"
#include "third_party/mbedtls/endian.h"
#include "third_party/mbedtls/error.h"
#include "third_party/mbedtls/platform.h"
#include "third_party/mbedtls/test/lib.h"
@ -49,14 +53,29 @@ typedef struct {
static param_failed_ctx_t param_failed_ctx;
#endif
struct Buffer {
size_t i, n;
char *p;
};
char *output;
jmp_buf jmp_tmp;
int option_verbose;
struct Buffer output;
mbedtls_test_info_t mbedtls_test_info;
static uint64_t Rando(void) {
static uint64_t x = 0x18abac12f3191aed;
uint64_t z = (x += 0x9e3779b97f4a7c15);
z = (z ^ (z >> 30)) * 0xbf58476d1ce4e5b9;
z = (z ^ (z >> 27)) * 0x94d049bb133111eb;
return z ^ (z >> 31);
}
int mbedtls_test_platform_setup(void) {
int ret = 0;
showcrashreports();
setvbuf(stdout, malloc(BUFSIZ), _IOLBF, BUFSIZ);
setvbuf(stderr, malloc(BUFSIZ), _IOLBF, BUFSIZ);
#if defined(MBEDTLS_PLATFORM_C)
ret = mbedtls_platform_setup(&platform_ctx);
#endif /* MBEDTLS_PLATFORM_C */
@ -70,36 +89,45 @@ void mbedtls_test_platform_teardown(void) {
}
wontreturn void exit(int rc) {
if (rc != EXIT_SUCCESS) {
fwrite(output.p, 1, output.i, stderr);
}
if (rc) fwrite(output, 1, appendz(output).i, stderr);
__cxa_finalize(0);
_Exit(rc);
}
int AppendFmt(struct Buffer *b, const char *fmt, ...) {
char *GetTlsError(long r) {
char s[128];
if (-0x10000 < r && r < 0) {
mbedtls_strerror(r, s, sizeof(s));
return xasprintf("-0x%04lx %s", -r, s);
} else {
return xasprintf("%#lx", r);
}
}
int mbedtls_hardware_poll(void *wut, unsigned char *p, size_t n, size_t *olen) {
uint64_t x;
size_t i, j;
unsigned char b[8];
for (i = 0; i < n; ++i) {
x = Rando();
WRITE64LE(b, x);
for (j = 0; j < 8 && i + j < n; ++j) {
p[i + j] = b[j];
}
}
*olen = n;
return 0;
}
int mbedtls_test_write(const char *fmt, ...) {
char *p;
int i, n;
va_list va, vb;
va_list va;
va_start(va, fmt);
if (option_verbose) {
n = vfprintf(stderr, fmt, va);
} else {
va_copy(vb, va);
n = vsnprintf(b->p + b->i, b->n - b->i, fmt, va);
if (n >= b->n - b->i) {
do {
if (b->n) {
b->n += b->n >> 1;
} else {
b->n = 16;
}
} while (b->i + n > b->n);
b->p = realloc(b->p, b->n);
vsnprintf(b->p + b->i, b->n - b->i, fmt, vb);
}
va_end(vb);
b->i += n;
n = vappendf(&output, fmt, va);
}
va_end(va);
return n;
@ -264,14 +292,16 @@ void mbedtls_test_hexify(unsigned char *obuf, const unsigned char *ibuf,
while (len != 0) {
h = *ibuf / 16;
l = *ibuf % 16;
if (h < 10)
if (h < 10) {
*obuf++ = '0' + h;
else
} else {
*obuf++ = 'a' + h - 10;
if (l < 10)
}
if (l < 10) {
*obuf++ = '0' + l;
else
} else {
*obuf++ = 'a' + l - 10;
}
++ibuf;
len--;
}
@ -1037,7 +1067,7 @@ int execute_tests(int argc, const char **argv, const char *default_filename) {
if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS) {
WRITE("PASS (%,ldus)\n", (int64_t)((t2 - t1) * 1e6));
} else if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SKIPPED) {
WRITE("----\n");
WRITE("----");
total_skipped++;
} else {
total_errors++;

41
third_party/mbedtls/test/lib.h vendored
View file

@ -1,5 +1,8 @@
#ifndef COSMOPOLITAN_THIRD_PARTY_MBEDTLS_TEST_LIB_H_
#define COSMOPOLITAN_THIRD_PARTY_MBEDTLS_TEST_LIB_H_
#include "libc/runtime/gc.internal.h"
#include "libc/str/str.h"
#include "libc/x/x.h"
#include "third_party/mbedtls/config.h"
#include "third_party/mbedtls/platform.h"
@ -42,7 +45,7 @@
#if !(__ASSEMBLER__ + __LINKER__ + 0)
COSMOPOLITAN_C_START_
#define WRITE(...) AppendFmt(&output, __VA_ARGS__)
#define WRITE mbedtls_test_write
#define TEST_ASSERT(TEST) \
do { \
@ -52,7 +55,32 @@ COSMOPOLITAN_C_START_
} \
} while (0)
#define TEST_EQUAL(expr1, expr2) TEST_ASSERT((expr1) == (expr2))
#define TEST_ASSERT_STREQ(A, B) \
do { \
const char *StrA = (A); \
const char *StrB = (B); \
if (strcmp(StrA, StrB)) { \
mbedtls_test_fail( \
xasprintf("!strcmp(%`'s,\n %`'s)", StrA, StrB), __LINE__, \
__FILE__); \
goto exit; \
} \
} while (0)
#define TEST_EQUAL(A, B) \
do { \
long Ax = (long)(A); \
long Bx = (long)(B); \
if (Ax != Bx) { \
mbedtls_test_fail(xasprintf("TEST_EQUAL(%s, %s)\n" \
" Wanted: %,ld (-0x%04lx %s)\n" \
" Got: %,ld (-0x%04lx %s)", \
#A, #B, Ax, -Ax, GetTlsError(Ax), Bx, -Bx, \
GetTlsError(Bx)), \
__LINE__, __FILE__); \
goto exit; \
} \
} while (0)
#define ASSERT_ALLOC(pointer, length) \
do { \
@ -189,13 +217,7 @@ typedef struct {
uint32_t v0, v1;
} mbedtls_test_rnd_pseudo_info;
struct Buffer {
size_t i, n;
char *p;
};
extern jmp_buf jmp_tmp;
extern struct Buffer output;
int mbedtls_test_platform_setup(void);
void mbedtls_test_platform_teardown(void);
@ -218,12 +240,13 @@ int mbedtls_test_rnd_std_rand(void *, unsigned char *, size_t);
int mbedtls_test_rnd_zero_rand(void *, unsigned char *, size_t);
int mbedtls_test_rnd_buffer_rand(void *, unsigned char *, size_t);
int mbedtls_test_rnd_pseudo_rand(void *, unsigned char *, size_t);
int mbedtls_test_write(const char *, ...);
int execute_tests(int, const char **, const char *);
int get_expression(int32_t, int32_t *);
int dispatch_test(size_t, void **);
int dep_check(int);
int check_test(size_t);
int AppendFmt(struct Buffer *, const char *, ...);
char *GetTlsError(long);
COSMOPOLITAN_C_END_
#endif /* !(__ASSEMBLER__ + __LINKER__ + 0) */

4
third_party/mbedtls/test/test.mk vendored
View file

@ -6,6 +6,7 @@ PKGS += THIRD_PARTY_MBEDTLS_TEST
THIRD_PARTY_MBEDTLS_TEST_FILES := $(wildcard third_party/mbedtls/test/*)
THIRD_PARTY_MBEDTLS_TEST_SRCS = $(filter %.c,$(THIRD_PARTY_MBEDTLS_TEST_FILES))
THIRD_PARTY_MBEDTLS_TEST_HDRS = $(filter %.h,$(THIRD_PARTY_MBEDTLS_TEST_FILES))
THIRD_PARTY_MBEDTLS_TEST_INCS = $(filter %.inc,$(THIRD_PARTY_MBEDTLS_TEST_FILES))
THIRD_PARTY_MBEDTLS_TEST_OBJS = \
$(THIRD_PARTY_MBEDTLS_TEST_SRCS:%.c=o/$(MODE)/%.o)
@ -106,6 +107,7 @@ THIRD_PARTY_MBEDTLS_TEST_DIRECTDEPS = \
LIBC_TIME \
LIBC_TESTLIB \
LIBC_UNICODE \
LIBC_X \
LIBC_ZIPOS \
THIRD_PARTY_COMPILER_RT \
THIRD_PARTY_GDTOA \
@ -118,6 +120,8 @@ o/$(MODE)/third_party/mbedtls/test/test.pkg: \
$(THIRD_PARTY_MBEDTLS_TEST_OBJS) \
$(foreach x,$(THIRD_PARTY_MBEDTLS_TEST_DIRECTDEPS),$($(x)_A).pkg)
o/$(MODE)/third_party/mbedtls/test/lib.o: third_party/mbedtls/test/lib.c
o/$(MODE)/third_party/mbedtls/test/%.com.dbg: \
$(THIRD_PARTY_MBEDTLS_TEST_DEPS) \
o/$(MODE)/third_party/mbedtls/test/lib.o \

2
third_party/mbedtls/test/test_suite_cipher.aes.c vendored
View file

@ -781,7 +781,7 @@ void test_enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
/* Check and get info structures */
cipher_info = mbedtls_cipher_info_from_type( cipher_id );
TEST_ASSERT( NULL != cipher_info );
TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
TEST_EQUAL( cipher_info, mbedtls_cipher_info_from_string( cipher_string ) );
/* Initialise enc and dec contexts */
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );

4
third_party/mbedtls/test/test_suite_cipher.des.c vendored
View file

@ -692,8 +692,8 @@ void test_cipher_special_behaviours( )
size_t olen = 0;
mbedtls_cipher_init( &ctx );
memset( input, 0, sizeof( input ) );
memset( output, 0, sizeof( output ) );
mbedtls_platform_zeroize( input, sizeof( input ) );
mbedtls_platform_zeroize( output, sizeof( output ) );
#if defined(MBEDTLS_CIPHER_MODE_CBC)
memset( iv, 0, sizeof( iv ) );

10
third_party/mbedtls/test/test_suite_ecdh.c vendored
View file

@ -244,9 +244,9 @@ void test_ecdh_primitive_random( int id )
TEST_ASSERT( mbedtls_ecp_group_load( &grp, id ) == 0 );
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
TEST_EQUAL( 0, mbedtls_ecdh_gen_public( &grp, &dA, &qA,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) );
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
&mbedtls_test_rnd_pseudo_rand,
&rnd_info ) == 0 );
@ -321,7 +321,7 @@ void test_ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dA, &qA,
mbedtls_test_rnd_buffer_rand,
&rnd_info_A ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qA ) );
TEST_ASSERT( !mbedtls_ecp_is_zero( &qA ) );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xA_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qA.X, &check ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yA_str ) == 0 );
@ -330,7 +330,7 @@ void test_ecdh_primitive_testvec( int id, data_t * rnd_buf_A, char * xA_str,
TEST_ASSERT( mbedtls_ecdh_gen_public( &grp, &dB, &qB,
mbedtls_test_rnd_buffer_rand,
&rnd_info_B ) == 0 );
TEST_ASSERT( ! mbedtls_ecp_is_zero( &qB ) );
TEST_ASSERT( !mbedtls_ecp_is_zero( &qB ) );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, xB_str ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &qB.X, &check ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &check, 16, yB_str ) == 0 );

30
third_party/mbedtls/test/test_suite_ecp.c vendored
View file

@ -15,6 +15,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "libc/log/log.h"
#include "third_party/mbedtls/test/test.inc"
/*
* *** THIS FILE WAS MACHINE GENERATED ***
@ -428,23 +429,19 @@ void test_mbedtls_ecp_curve_info_wrapper( void ** params )
test_mbedtls_ecp_curve_info( *( (int *) params[0] ), *( (int *) params[1] ), *( (int *) params[2] ), (char *) params[3] );
}
void test_ecp_check_pub( int grp_id, char * x_hex, char * y_hex, char * z_hex,
int ret )
int ret )
{
mbedtls_ecp_group grp;
mbedtls_ecp_point P;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &P );
TEST_ASSERT( mbedtls_ecp_group_load( &grp, grp_id ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &P.X, 16, x_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &P.Y, 16, y_hex ) == 0 );
TEST_ASSERT( mbedtls_mpi_read_string( &P.Z, 16, z_hex ) == 0 );
TEST_ASSERT( mbedtls_ecp_check_pubkey( &grp, &P ) == ret );
exit:
mbedtls_ecp_group_free( &grp );
mbedtls_ecp_point_free( &P );
@ -457,9 +454,9 @@ void test_ecp_check_pub_wrapper( void ** params )
}
#if defined(MBEDTLS_ECP_RESTARTABLE)
void test_ecp_test_vect_restart( int id,
char *dA_str, char *xA_str, char *yA_str,
char *dB_str, char *xZ_str, char *yZ_str,
int max_ops, int min_restarts, int max_restarts )
char *dA_str, char *xA_str, char *yA_str,
char *dB_str, char *xZ_str, char *yZ_str,
int max_ops, int min_restarts, int max_restarts )
{
/*
* Test for early restart. Based on test vectors like ecp_test_vect(),
@ -632,6 +629,7 @@ void test_ecp_muladd_restart_wrapper( void ** params )
test_ecp_muladd_restart( *( (int *) params[0] ), (char *) params[1], (char *) params[2], (char *) params[3], (char *) params[4], (char *) params[5], (char *) params[6], *( (int *) params[7] ), *( (int *) params[8] ), *( (int *) params[9] ) );
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
void test_ecp_test_vect( int id, char * dA_str, char * xA_str, char * yA_str,
char * dB_str, char * xB_str, char * yB_str,
char * xZ_str, char * yZ_str )
@ -867,7 +865,6 @@ exit:
void test_ecp_fast_mod_wrapper( void ** params )
{
test_ecp_fast_mod( *( (int *) params[0] ), (char *) params[1] );
}
void test_ecp_write_binary( int id, char * x, char * y, char * z, int format,
@ -930,10 +927,10 @@ void test_ecp_read_binary( int id, data_t * buf, char * x, char * y, char * z,
TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P.X, &X ) == 0 );
if( mbedtls_ecp_get_type( &grp ) == MBEDTLS_ECP_TYPE_MONTGOMERY )
{
TEST_ASSERT( mbedtls_mpi_cmp_int( &Y, 0 ) == 0 );
TEST_ASSERT( mbedtls_mpi_is_zero( &Y ) );
TEST_ASSERT( P.Y.p == NULL );
TEST_ASSERT( mbedtls_mpi_cmp_int( &Z, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_cmp_int( &P.Z, 1 ) == 0 );
TEST_ASSERT( mbedtls_mpi_is_one( &Z ) );
TEST_ASSERT( mbedtls_mpi_is_one( &P.Z ) );
}
else
{
@ -1132,9 +1129,10 @@ void test_mbedtls_ecp_check_privkey_wrapper( void ** params )
test_mbedtls_ecp_check_privkey( *( (int *) params[0] ), (char *) params[1], *( (int *) params[2] ) );
}
void test_mbedtls_ecp_check_pub_priv( int id_pub, char * Qx_pub, char * Qy_pub,
int id, char * d, char * Qx, char * Qy,
int ret )
int id, char * d, char * Qx, char * Qy,
int ret )
{
mbedtls_ecp_keypair pub, prv;
@ -1896,6 +1894,8 @@ int check_test( size_t func_idx )
int main( int argc, const char *argv[] )
{
int ret;
/* ++ftrace; */
/* ftrace_install(); */
mbedtls_test_platform_setup();
ret = execute_tests( argc, argv, "zip:third_party/mbedtls/test/test_suite_ecp.datax" );
mbedtls_test_platform_teardown();

1
third_party/mbedtls/test/test_suite_hkdf.c vendored
View file

@ -39,7 +39,6 @@
#if defined(MBEDTLS_HKDF_C)
#include "third_party/mbedtls/hkdf.h"
#include "third_party/mbedtls/md_internal.h"
void test_test_hkdf( int md_alg, data_t *ikm, data_t *salt, data_t *info,
data_t *expected_okm )
{

7
third_party/mbedtls/test/test_suite_mpi.c vendored
View file

@ -466,12 +466,12 @@ exit:
void test_mbedtls_mpi_write_binary_wrapper( void ** params )
{
data_t data2 = {(uint8_t *) params[2], *( (uint32_t *) params[3] )};
test_mbedtls_mpi_write_binary( *( (int *) params[0] ), (char *) params[1], &data2, *( (int *) params[4] ), *( (int *) params[5] ) );
}
void test_mbedtls_mpi_write_binary_le( int radix_X, char * input_X,
data_t * input_A, int output_size,
int result )
data_t * input_A, int output_size,
int result )
{
mbedtls_mpi X;
unsigned char buf[1000];
@ -1115,6 +1115,7 @@ void test_mbedtls_mpi_sub_mpi_wrapper( void ** params )
test_mbedtls_mpi_sub_mpi( *( (int *) params[0] ), (char *) params[1], *( (int *) params[2] ), (char *) params[3], *( (int *) params[4] ), (char *) params[5] );
}
void test_mbedtls_mpi_sub_abs( int radix_X, char * input_X, int radix_Y,
char * input_Y, int radix_A, char * input_A,
int sub_result )

34
third_party/mbedtls/test/test_suite_ssl.c vendored
View file

@ -18,6 +18,9 @@
#include "third_party/mbedtls/test/test.inc"
#include "third_party/mbedtls/ssl_invasive.h"
#include "libc/testlib/testlib.h"
#include "libc/log/log.h"
#include "libc/rand/rand.h"
#include "libc/bits/safemacros.internal.h"
#include "third_party/mbedtls/test/test.inc"
/*
* *** THIS FILE WAS MACHINE GENERATED ***
@ -1035,7 +1038,7 @@ int mbedtls_move_handshake_to_state( mbedtls_ssl_context *ssl,
enum { BUFFSIZE = 1024 };
int max_steps = 1000;
int ret = 0;
if( ssl == NULL || second_ssl == NULL )
{
return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@ -3358,8 +3361,7 @@ void test_ssl_crypt_record( int cipher_type, int hash_id,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* Decrypt record with t_dec */
ret = mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec );
TEST_ASSERT( ret == 0 );
TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) );
/* Compare results */
TEST_ASSERT( rec.type == rec_backup.type );
@ -3525,7 +3527,7 @@ void test_ssl_crypt_record_small( int cipher_type, int hash_id,
#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
/* Decrypt record with t_dec */
TEST_ASSERT( mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) == 0 );
TEST_EQUAL( 0, mbedtls_ssl_decrypt_buf( &ssl, t_dec, &rec ) );
/* Compare results */
TEST_ASSERT( rec.type == rec_backup.type );
@ -3700,19 +3702,21 @@ void test_ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
/*
* Modify each byte of the pre-encryption record before encrypting and
* decrypting it, expecting failure every time.
*
* We use RANDOMMNESS because this loop runs hundreds of times and this
* function runs hundreds of times. So it can very easily contribute to
* hundreds of milliseconds of latency, which we can't have in our pure
* testing infrastructure.
*/
for( i = block_size; i < buflen; i++ )
for( i = block_size; i < buflen; i += max( 1, rand64() & 31 ) )
{
mbedtls_test_set_step( i );
/* Restore correct pre-encryption record */
rec = rec_save;
rec.buf = buf;
memcpy( buf, buf_save, buflen );
/* Corrupt one byte of the data (could be plaintext, MAC or padding) */
rec.buf[i] ^= 0x01;
/* Encrypt */
TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
t0.iv_enc, t0.ivlen,
@ -3720,7 +3724,6 @@ void test_ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
rec.buf + rec.data_offset, &olen ) );
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
/* Decrypt and expect failure */
TEST_EQUAL( MBEDTLS_ERR_SSL_INVALID_MAC,
mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
@ -3737,19 +3740,21 @@ void test_ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
*
* (Start the loop with correct padding, just to double-check that record
* saving did work, and that we're overwriting the correct bytes.)
*
* We use RANDOMMNESS because this loop runs hundreds of times and this
* function runs hundreds of times. So it can very easily contribute to
* hundreds of milliseconds of latency, which we can't have in our pure
* testing infrastructure.
*/
for( i = padlen; i <= pad_max_len; i++ )
for( i = padlen; i <= pad_max_len; i += max( 1, rand64() & 31 ) )
{
mbedtls_test_set_step( i );
/* Restore correct pre-encryption record */
rec = rec_save;
rec.buf = buf;
memcpy( buf, buf_save, buflen );
/* Set padding bytes to new value */
memset( buf + buflen - padlen - 1, i, padlen + 1 );
/* Encrypt */
TEST_EQUAL( 0, mbedtls_cipher_crypt( &t0.cipher_ctx_enc,
t0.iv_enc, t0.ivlen,
@ -3757,7 +3762,6 @@ void test_ssl_decrypt_non_etm_cbc( int cipher_type, int hash_id, int trunc_hmac,
rec.buf + rec.data_offset, &olen ) );
rec.data_offset -= t0.ivlen;
rec.data_len += t0.ivlen;
/* Decrypt and expect failure except the first time */
exp_ret = ( i == padlen ) ? 0 : MBEDTLS_ERR_SSL_INVALID_MAC;
TEST_EQUAL( exp_ret, mbedtls_ssl_decrypt_buf( &ssl, &t1, &rec ) );
@ -4696,7 +4700,7 @@ void test_handshake_fragmentation( int mfl, int expected_srv_hs_fragmentation, i
options.dtls = 1;
options.mfl = mfl;
/* Set cipher to one using CBC so that record splitting can be tested */
options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
options.cipher = "DHE-RSA-AES256-CBC-SHA256";
options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
options.srv_log_obj = &srv_pattern;
options.cli_log_obj = &cli_pattern;

1008
third_party/mbedtls/test/test_suite_ssl.datax vendored
View file

File diff suppressed because it is too large Load diff

28
third_party/mbedtls/test/test_suite_x509parse.c vendored
View file

@ -465,7 +465,7 @@ void test_x509_parse_san( char * crt_file, char * result_str )
}
}
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
TEST_ASSERT_STREQ( buf, result_str );
exit:
@ -497,7 +497,7 @@ void test_x509_cert_info( char * crt_file, char * result_str )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
TEST_ASSERT_STREQ( buf, result_str );
exit:
mbedtls_x509_crt_free( &crt );
@ -527,7 +527,7 @@ void test_mbedtls_x509_crl_info( char * crl_file, char * result_str )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
TEST_ASSERT_STREQ( buf, result_str );
exit:
mbedtls_x509_crl_free( &crl );
@ -580,7 +580,7 @@ void test_mbedtls_x509_csr_info( char * csr_file, char * result_str )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
TEST_ASSERT_STREQ( buf, result_str );
exit:
mbedtls_x509_csr_free( &csr );
@ -605,7 +605,7 @@ void test_x509_verify_info( int flags, char * prefix, char * result_str )
TEST_ASSERT( res >= 0 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
TEST_ASSERT_STREQ( buf, result_str );
exit:
;
}
@ -739,7 +739,7 @@ void test_x509_verify( char *crt_file, char *ca_file, char *crl_file,
res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
TEST_ASSERT( res == ( result ) );
TEST_EQUAL( res, result );
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
@ -879,7 +879,7 @@ void test_mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_st
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( buf, result_str ) == 0 );
TEST_ASSERT_STREQ( buf, result_str );
exit:
mbedtls_x509_crt_free( &crt );
@ -987,7 +987,7 @@ void test_x509parse_crt( data_t * buf, char * result_str, int result )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
TEST_ASSERT_STREQ( (char *) output, result_str );
}
mbedtls_x509_crt_free( &crt );
@ -1002,7 +1002,7 @@ void test_x509parse_crt( data_t * buf, char * result_str, int result )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
TEST_ASSERT_STREQ( (char *) output, result_str );
}
mbedtls_x509_crt_free( &crt );
@ -1017,7 +1017,7 @@ void test_x509parse_crt( data_t * buf, char * result_str, int result )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
TEST_ASSERT_STREQ( (char *) output, result_str );
}
mbedtls_x509_crt_free( &crt );
@ -1032,7 +1032,7 @@ void test_x509parse_crt( data_t * buf, char * result_str, int result )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
TEST_ASSERT_STREQ( (char *) output, result_str );
}
exit:
@ -1069,7 +1069,7 @@ void test_x509parse_crt_cb( data_t * buf, char * result_str, int result )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
TEST_ASSERT_STREQ( (char *) output, result_str );
}
mbedtls_x509_crt_free( &crt );
@ -1084,7 +1084,7 @@ void test_x509parse_crt_cb( data_t * buf, char * result_str, int result )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
TEST_ASSERT_STREQ( (char *) output, result_str );
}
exit:
@ -1117,7 +1117,7 @@ void test_x509parse_crl( data_t * buf, char * result_str, int result )
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
TEST_ASSERT_STREQ( (char *) output, result_str );
}
exit:

22
third_party/mbedtls/test/test_suite_x509parse.datax vendored
View file

@ -128,35 +128,35 @@ depends_on:0:1:2
X509 CRT information, RSA Certificate Policy any
depends_on:0:1:6
1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncert policies \: Any Policy\n"
X509 CRT information, ECDSA Certificate Policy any
depends_on:0:10:12:6
1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncert policies \: Any Policy\n"
X509 CRT information, RSA Certificate Policy any with qualifier
depends_on:0:1:6
1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_with_qualifier.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_with_qualifier.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncert policies \: Any Policy\n"
X509 CRT information, ECDSA Certificate Policy any with qualifier
depends_on:0:10:12:6
1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_with_qualifier_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
1:char*:"zip:third_party/mbedtls/test/data/test-ca-any_policy_with_qualifier_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncert policies \: Any Policy\n"
X509 CRT information, RSA Certificate multiple Policies
depends_on:0:1:6
1:char*:"zip:third_party/mbedtls/test/data/test-ca-multi_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
1:char*:"zip:third_party/mbedtls/test/data/test-ca-multi_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncert policies \: 1.2.3.4, Any Policy\n"
X509 CRT information, ECDSA Certificate multiple Policies
depends_on:0:10:12:6
1:char*:"zip:third_party/mbedtls/test/data/test-ca-multi_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
1:char*:"zip:third_party/mbedtls/test/data/test-ca-multi_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncert policies \: 1.2.3.4, Any Policy\n"
X509 CRT information, RSA Certificate unsupported policy
depends_on:0:1:6
1:char*:"zip:third_party/mbedtls/test/data/test-ca-unsupported_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
1:char*:"zip:third_party/mbedtls/test/data/test-ca-unsupported_policy.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncert policies \: 1.2.3.4\n"
X509 CRT information, ECDSA Certificate unsupported policy
depends_on:0:10:12:6
1:char*:"zip:third_party/mbedtls/test/data/test-ca-unsupported_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
1:char*:"zip:third_party/mbedtls/test/data/test-ca-unsupported_policy_ec.crt":char*:"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncert policies \: 1.2.3.4\n"
X509 CRT information, Key Usage + Extended Key Usage
depends_on:0:1:6
@ -2038,7 +2038,7 @@ depends_on:1:6
X509 CRT ASN1 (Unsupported critical policy recognized by callback)
depends_on:1:6
15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":int:0
15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010101040730053003060101300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncert policies \: 0.1\n":int:0
X509 CRT ASN1 (Unsupported critical policy not recognized by callback)
depends_on:1:6
@ -2046,11 +2046,11 @@ depends_on:1:6
X509 CRT ASN1 (Unsupported non critical policy recognized by callback)
depends_on:1:6
15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":int:0
15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060101300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncert policies \: 0.1\n":int:0
X509 CRT ASN1 (Unsupported non critical policy not recognized by callback)
depends_on:1:6
15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncertificate policies \: ???\n":int:0
15:hex:"3081b130819ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a315301330110603551d20010100040730053003060100300d06092a864886f70d01010b0500030200ff":char*:"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\ncert policies \: 0.0\n":int:0
X509 CRL ASN1 (Incorrect first tag)
16:hex:"":char*:"":exp:28