Commit graph

2592 commits

Author SHA1 Message Date
Jerry Yu
ea96ac3da9 fix various issues
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:37 +08:00
Jerry Yu
3c2b21ed0e Enable multi max_early_data_size value for connections
For test purpose, we set different value for each
session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:56 +08:00
Janos Follath
c6f1637f8c
Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction
Make mutex abstraction and tests thread safe
2023-11-29 13:26:23 +00:00
Tom Cosgrove
12d8b8eaba
Merge pull request #8539 from tom-daubney-arm/add_test_script_psa_hash
Add Demo Script for PSA Hash Program
2023-11-27 12:13:18 +00:00
Paul Elliott
f25d831123 Ensure mutex test mutex gets free'd
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-23 18:49:43 +00:00
Dave Rodgman
8cd4bc4ac2
Merge pull request #8124 from yanrayw/support_cipher_encrypt_only
Support the negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
2023-11-23 17:43:00 +00:00
Paul Elliott
2e3f6902ed
Merge pull request #8549 from gilles-peskine-arm/metatest-gcc-12
Fix metatest.c with gcc-12 -Wuse-after-free
2023-11-23 11:09:41 +00:00
Yanray Wang
690ee81533 Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only 2023-11-23 10:31:26 +08:00
Gilles Peskine
7a715c4537 Fix the build with gcc-12 -Wuse-after-free
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-21 13:42:40 +01:00
Jerry Yu
713ce1f889 various improvement
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:25 +08:00
Jerry Yu
cf9135100e fix various issues
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef rename ticket_creation to ticket_creation_time
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
3ff0b1fda3 Cleanup ticket negative tests.
- improve comments
- case 3/4 is for server age check.
- case 5/6 is for client age check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d Replace start with ticket_creation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d fix various issues
- Add comments for ticket test hooks
- improve code style.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446 change time unit of ticket to milliseconds
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Gilles Peskine
6267dd59c8
Merge pull request #8463 from gilles-peskine-arm/metatest-create
Create a metatest program
2023-11-20 14:07:08 +00:00
Thomas Daubney
dd2a09a22b Introduce demo script for PSA hash program
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-16 18:45:55 +00:00
Gilles Peskine
2f40cc05f0 Improve explanations of what bad thing a metatest does
Especially clarify the situation with respect to mutex usage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-16 15:13:38 +01:00
Gilles Peskine
ad2a17eb60 Uniformly use MBEDTLS_THREADING_C guards
Since the code compiles with MBEDTLS_THREADING_C, not just with
MBEDTLS_THREADING_PTHREAD, use MBEDTLS_THREADING_C as the guard. The runtime
behavior is only as desired under certain conditions that imply
MBEDTLS_THREADING_PTHREAD, but that's fine: no metatest is expected to pass
in all scenarios, only under specific build- and run-time conditions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-16 15:09:48 +01:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
2023-11-14 11:39:06 +00:00
Gilles Peskine
cce0012463 Add documentation
Explain the goals of metatests, how to write them, and how to read their
output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-10 15:36:15 +01:00
Gilles Peskine
ccb121500d Uninitialized read: make the pointer non-volatile rather than the buffer
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-10 11:35:36 +01:00
Gilles Peskine
da6e7a2ac2 More consistent usage of volatile
Fix MSVC warning C4090.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-10 10:09:27 +01:00
Valerio Setti
38e75fb1a7 ssl_server2: remove usage of mbedtls_cipher_info_from_string()
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:27:39 +01:00
Gilles Peskine
d2fa698155 Strengthen against possible compiler optimizations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-09 21:46:24 +01:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Gilles Peskine
a1023e2bd6 programs/test/metatest indirectly includes library/common.h
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
4bc873f0a1 Add missing program to .gitignore
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
102aea2ba8 Add metatests for mutex usage
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
f0d5cf9a0c Don't use %llx in printf
We still do MinGW builds on our CI whose printf doesn't support it!

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
a1dfa14c06 Fix cast from pointer to integer of different size
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
ee8109541a Don't cast a function pointer to a data pointer
That's nonstandard. Instead, convert to an integer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
6aa9f32124 Use casts when doing nonstandard pointer conversions
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
69e8db0366 Strengthen against Clang optimizations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
b0f0a64de0 Metatests for basic Asan and Msan features
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
80ba832be6 Metatests for null pointer dereference
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:09 +01:00
Gilles Peskine
f309fbf0d5 Validate that test_fail causes a test failure
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:09 +01:00
Gilles Peskine
33406b645d Add a metatest program
This program can be used to validate that things that should be detected as
test failures are indeed caught, either by setting the test result to
MBEDTLS_TEST_RESULT_FAILED or by aborting the program.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:09 +01:00
Yanray Wang
f24bbd987a dh_client.c: modify prompt message
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-06 10:02:10 +08:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
Dave Rodgman
f8be5f6ade Fix overlooked files
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 20:43:00 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Valerio Setti
74d48c89fa ssl_server2: small improvement of code readability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-02 16:43:55 +01:00
Yanray Wang
b67b47425e Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-10-31 17:22:06 +08:00
Paul Elliott
afc6a992c5
Merge pull request #8381 from gilles-peskine-arm/20231017-misc-cleanup
Cleanups in test code
2023-10-30 18:08:01 +00:00
Valerio Setti
dc55470341 ssl_context_info: add guards for CIPHER_C
mbedtls_cipher_info_from_type() is only available when CIPHER_C is
defined. So when it is not we just print the cipher type decimal
value on the output instead of the cipher's name.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
bdf04e840a ssl_server2: support ticket_aead only when CIPHER_C is defined
Cipher parsing requires mbedtls_cipher_info_from_string() which
depends on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Gilles Peskine
5d055f8206
Merge pull request #7844 from mpg/ssl-progs-usage
Fix usage & error reporting in SSL programs
2023-10-26 08:19:25 +00:00