Commit graph

1727 commits

Author SHA1 Message Date
Werner Lewis
6c70d745d1 Convert bools to int before arithmetic
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:29:18 +01:00
Werner Lewis
92c876aaa9 Remove unneeded list concatenation
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:29:18 +01:00
Werner Lewis
55e638ca57 Remove abbreviations and clarify attributes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:29:08 +01:00
Werner Lewis
fbb75e3fc5 Separate common test generation classes/functions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 15:08:56 +01:00
Janos Follath
645ff5b8ff
Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures
Add the new modulus and the residue structures with low level I/O operations
2022-08-23 09:02:43 +01:00
Andrzej Kurek
180b6b9608 Enable TLS 1.2 tests without MD and with USE_PSA in all.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Gilles Peskine
e5018c97f9
Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake
Driver-only hashes: EC J-PAKE
2022-08-22 17:28:15 +02:00
Neil Armstrong
7b044c1bbf Enable ECJPAKE in test_crypto_full_no_md () & test_psa_crypto_config_accel_hash_use_psa () components
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 11:49:22 +02:00
Przemek Stekiel
b792cfd423 component_test_psa_crypto_config_accel_hash_use_psa: stop removing all X.509 modules from the build
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Dave Rodgman
92cd8642fa
Merge pull request #6090 from hanno-arm/fix_bnmul_arm_v7a
Remove encoding width suffix from Arm bignum assembly
2022-08-18 08:48:03 +01:00
Dave Rodgman
03f7a6e086 Add armcc plain armv7-m target; tidy up arg order
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 14:35:29 +01:00
Manuel Pégourié-Gonnard
7a27e85f5c Fix failure of RSA accel test
Previously MD_C was auto-enabled based on the fact that ALG_RSA_PSS was
requested, but that's no longer the case since the previous commit.

We can fix this in one of two ways: either enable MD_C, or enable all
the PSA_WANT_ALG_SHA_xxx that are needed for test. Go for MD_C because
it's a single line and avoids having to enumerate a list that might grow
in the future.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
077ba8489d PKCS#1 v2.1 now builds with PSA if no MD_C
Test coverage not there yet, as the entire test_suite_pkcs1_v21 is
skipped so far - dependencies to be adjusted in a future commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Janos Follath
8d59c86f61 Make pylint happy
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 15:35:35 +01:00
Janos Follath
9938719a05 Allow internal macros without prefix
Internal macros are not present as symbols, visible or usable outside
the compilation unit and it is safe to allow them to have a name without
namespace prefix.

We also allow them to start with lower case letters as some of our
internal macros already have names like that.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 12:06:31 +01:00
Neil Armstrong
d86b8ac111 Fix test_psa_crypto_config_accel_hash_use_psa build when including libtestdriver1 PSA headers from programs
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-08 13:56:13 +02:00
Werner Lewis
6a31396a13 Fix incorrect indentation
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 11:58:21 +01:00
Werner Lewis
265e051d06 Remove is None from if statement
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 11:58:21 +01:00
Werner Lewis
c442f6a3d6 Fix type issues
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 11:58:21 +01:00
Werner Lewis
b17ca8ad80 Remove set() to preserve test case order
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 11:58:21 +01:00
Werner Lewis
a51fe2b27e Sort tests when generating cases
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 11:58:21 +01:00
Werner Lewis
86caf85ed2 Add test case generation for bignum add
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 11:58:21 +01:00
Werner Lewis
69a92ce497 Add test generation for bignum cmp variant
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 11:58:21 +01:00
Werner Lewis
8b2df74b12 Add bignum test generation framework
Adds python script for generation of bignum test cases, with initial
classes for mpi_cmp_mpi test cases. Build scripts are updated to
generate test data.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 11:58:21 +01:00
Hanno Becker
f0762e929e Enable inline assembly in armcc all.sh component
The test script all.sh contains the component

   component_build_armcc

testing that Mbed TLS builds using Arm Compiler 5 and 6,
on a variety of platforms.

However, the component does not exercise inline assembly
for Arm, since
- MBEDTLS_HAVE_ASM is unset, and
- Some Arm inline assembly is only used if the level of
  optimization is not 0.

This commit changes the test component to ensure that
inline assembly is built by setting MBEDTLS_HAVE_ASM
as well as enabling optimization level 1 (-O1).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-07-15 12:08:19 +01:00
Manuel Pégourié-Gonnard
7b0825d180 Build with SHA-256 accelerated too
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
f0f63bc1b6 Test without MD_C
test_suite_pk still passes, with the same number of skipped tests as in
the default config minus PKCS#1v2.1

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
525add631e Add component with accelerated hashes and USE_PSA
Currently the test suites are passing because a lot of tests
functions/cases explicitly depend on SHAxxx_C, resulting in them being
skipped in this build. The goal of the next few commits is going to make
them pass and achieve test parity with a non-accelerated build for
selected modules.

Note: compared to the previous component, I'm using 'make tests' not
'make' (ie not building program) because I'm betting build failures
(some header not found) in programs which are not my interest atm.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
97ab2a3ae2 Clean up two accel tests in all.sh
- TLS versions earlier than 1.2 have been removed
- fix a copy-paste typo

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
46a295422d Build and test RSA PKCS#1v1.5 without MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
b86279fc63 Build and test PK without MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
Gilles Peskine
6497b5a1d1 Add setbuf platform function
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:01:40 +02:00
Ronald Cron
e3dac4aaa1 tls13: Add Certificate msg parsing tests with invalid vector lengths
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:42 +02:00
Jerry Yu
b7c12a466f Refactor compat scripts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-12 20:53:02 +08:00
XiaokangQian
9b938b7c37 Share code with base class in generate_tls13_compat_tests.py
Change-Id: I4540bdff7072cdb9bcc9fdb0799c4165ca381b2a
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 07:06:32 +00:00
XiaokangQian
fb1a3fe7f3 Address comments about python syntax
CustomizedGitHooks: yes
Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 02:27:52 +00:00
XiaokangQian
b1847a234e Re-structure to share more common code
Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-09 02:53:23 +00:00
XiaokangQian
d5d5b60c07 Add comprehensive test cases for TLS1.3 server side
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 02:51:26 +00:00
Gilles Peskine
42ed963c72 Update PSA compliance test branch
Update to a branch with a fix for the test case
"expected error for psa_raw_key_agreement - Small buffer size"
since we just fixed the corresponding bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-17 17:23:09 +02:00
Przemek Stekiel
da5f483ad8 all.sh: Fix order of CIPHER dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
179d74831f all.sh: add build/test config crypto_full minus CIPHER
Dependency list:

- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_USE_PSA_CRYPTO']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Przemek Stekiel
10f3a601b4 all.sh: add build/test config full minus CIPHER
Dependency list:
- ['MBEDTLS_CIPHER_C']
- ['MBEDTLS_CMAC_C', 'MBEDTLS_NIST_KW_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_CCM_C', 'MBEDTLS_GCM_C', 'MBEDTLS_PSA_CRYPTO_C', 'MBEDTLS_SSL_TLS_C', 'MBEDTLS_SSL_TICKET_C']
- ['MBEDTLS_PSA_CRYPTO_SE_C', 'MBEDTLS_PSA_CRYPTO_STORAGE_C', 'MBEDTLS_SSL_PROTO_TLS1_3', 'MBEDTLS_SSL_CLI_C', 'MBEDTLS_SSL_SRV_C', 'MBEDTLS_SSL_DTLS_ANTI_REPLAY', 'MBEDTLS_SSL_DTLS_CONNECTION_ID', 'MBEDTLS_USE_PSA_CRYPTO']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-12 10:42:20 +02:00
Dave Rodgman
3009a97e00 Minor spelling / grammar improvements
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:54 +01:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Manuel Pégourié-Gonnard
42650260a9
Merge pull request #5783 from mprse/md_dep_v3
Fix undeclared dependencies: MD
2022-05-10 10:41:32 +02:00
Przemek Stekiel
d3ba7367c9 component_test_crypto_full_no_md: fix order of disabled features
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 11:41:56 +02:00
Przemek Stekiel
fe2367af26 all.sh: add build/test config crypto_full minus MD
Dependeny list:
- ['MBEDTLS_MD_C']
- ['MBEDTLS_ECJPAKE_C', 'MBEDTLS_PKCS5_C', 'MBEDTLS_PKCS12_C', 'MBEDTLS_PKCS1_V15', 'MBEDTLS_PKCS1_V21', 'MBEDTLS_HKDF_C', 'MBEDTLS_HMAC_DRBG_C', 'MBEDTLS_PK_C']
- ['MBEDTLS_ECDSA_DETERMINISTIC', 'MBEDTLS_PK_PARSE_C', 'MBEDTLS_PK_WRITE_C', 'MBEDTLS_RSA_C']

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Przemek Stekiel
1068c224a4 Adapt generated psa no_supported tests for HMAC
Remove no_supported HMAC generate/import tests when !PSA_KEY_TYPE_HMAC as HMAC key creation works regardless of PSA_WANT_KEY_TYPE_HMAC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 12:09:03 +02:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:50 +02:00
Manuel Pégourié-Gonnard
ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa
Fixup or re-enable tests with Use PSA
2022-04-28 09:57:13 +02:00
Neil Armstrong
98136b14e0 Fixup and update comment of disabled USE_PSA_CRYPTO test check in all.sh
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-27 10:00:42 +02:00
Neil Armstrong
882e02ea7a Move and fixup check_test_requires_psa_disabled() into check_test_cases()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 16:53:07 +02:00
Gilles Peskine
9d8716c5aa
Merge pull request #5739 from gilles-peskine-arm/depends-curves-positive-only
Don't test with all-but-one elliptic curves
2022-04-21 12:34:44 +02:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
Neil Armstrong
09030a345c Refine component_check_test_requires_psa_disabled change grep options order for better compatibility
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-21 11:17:43 +02:00
Ronald Cron
9d0a3e8296 generate_tls13_compat_tests.py: Fix/Unify parameter ordering
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
df5f8681cc ssl-opt.sh: Fix/Unify TLS 1.3 test descriptions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Gilles Peskine
a841c2a20f test_cmake_out_of_source: run an ssl-opt test case that exists
component_test_cmake_out_of_source was running the ssl-opt.sh test case
"Fallback SCSV: beginning of list", but this test case was removed in Mbed
TLS 3.0, so ssl-opt.sh was running nothing, which is not an effective test.
In 2.x, the test case was chosen because it uses an additional auxiliary
program tests/scripts/tcp_client.pl. This auxiliary program is no longer
used. So instead, run at least one test case that's sure to exist.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:31:25 +02:00
Gilles Peskine
7393ec5ccf test_cmake_out_of_source: validate that ssl-opt passed
If the ssl-opt test case was skipped, the test was ineffective.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:30:24 +02:00
Neil Armstrong
4ad82e4b33 Add component_check_test_requires_psa_disabled used to check if some tests requiring PSA to be disabled are presemt
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-15 13:27:17 +02:00
Gilles Peskine
17e350b12a Short-tag AEAD with the nominal length are encoded as nominal AEAD
`PSA_ALG_AEAD_WITH_SHORTENED_TAG(aead_alg, len) == aead_alg` when
`len == PSA_AEAD_TAG_LENGTH(aead_alg)`. So skip this case when testing
the printing of constants.

This fixes one test case due to the way arguments of
`PSA_ALG_AEAD_WITH_SHORTENED_TAG` are enumerated (all algorithms are tested
for a value of `len` which isn't problematic, and all values of `len` are
tested for one algorithm).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
61548d1035 Only exercise Brainpool curve keys on one algorithm
There's nothing wrong with ECC keys on Brainpool curves,
but operations with them are very slow. So we only exercise them
with a single algorithm, not with all possible hashes. We do
exercise other curves with all algorithms so test coverage is
perfectly adequate like this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
4bd90dc6b1 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e6b85b4d42 Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.

This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
16b2506e3d Abbreviate descriptions of generated PSA storage tests
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e8e058c9d4 Unify the code to shorten expressions
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
564fae8328 Refactor usage flag formatting and implication
When generating storage format tests, pass usage flags around as a list, and
format them as the last thing.

In Storagekey(), simplify the addition of implicit usage flags: this no
longer requires parsing.

The output is unchanged.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
7de7c1020c Storage format tests: cover algorithms for each key type
In the generated storage format test cases, cover all supported
algorithms for each key type. This is a step towards exercising
the key with all the algorithms it supports; a subsequent commit
will generate a policy that permits the specified algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
fa70ced195 Remove ad hoc is_valid_for_signature method
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Gilles Peskine
e2c342b9bf Don't test with all-but-one elliptic curves
`curves.pl` (invoked by `all.sh test_depends_curves`, and
`all.sh test_depends_curves_psa`) currently runs two series of tests:
* For each curve, test with only that curve enabled.
* For each curve, test with all curves but that one.

Originally this script was introduced to validate test dependencies, and for
that all-but-one gives better results because it handles test cases that
require multiple curves. Then we extended the script to also test with a
single curve, which matches many real-world setups and catches some product
bugs. Single-curve testing also validates test dependencies in a more
limited way.

Remove all-but-one curve testing, because it doesn't add much to the test
coverage. Mainly, this means that we now won't detect if a test case
declares two curve dependencies but actually also depends on a third. This
is an acceptable loss.

The trigger for removing all-but-one curve testing is that this will make
the job take only about half as long, and the length of the job was a bit of
a problem. Resolves #5729.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 12:00:17 +02:00
Manuel Pégourié-Gonnard
9473229996 Fix compat.sh invocation in basic-built-test.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:21:38 +02:00
Gilles Peskine
45e680e651 Explain why we check that a certain feature is enabled
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:23:21 +02:00
Gilles Peskine
5417d48044 Remove mostly-redundant test build
component_test_CID_no_debug was added specifically to be a non-regression
test for https://github.com/Mbed-TLS/mbedtls/issues/3998. Running compat.sh
in the newly introduced config-ccm-psk-dtls1_2.h is also a non-regression
test for that bug. Therefore component_test_CID_no_debug is redundant for
its primary purpose.

Of course every configuration is different, but the additional coverage from
component_test_CID_no_debug is minimal, unlike config-ccm-psk-dtls1_2.h
which is a plausible real-world configuration.

In mbedtls-2.28, component_test_CID_no_debug was never added, and running
the unit tests in that configuration does not trigger the #3998 bug, only
compat.sh does. So, rather than backport component_test_CID_no_debug to
2.28.2, I am removing it from 3.2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 22:47:17 +02:00
Manuel Pégourié-Gonnard
296787f75c Rm DES from invocations of compat.sh
It no longer makes sense, either in -e or -f: those ciphersuites have
been removed anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-13 10:45:10 +02:00
Gilles Peskine
7d904e7127 Test MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
e10df779b7 Test MBEDTLS_USER_CONFIG_FILE as such
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
f4798279c0 Remove obsolete comment
mbedtls/mbedtls_config.h (formerly mbedtls/config.h) used to be included
directly in many places, so we wanted to test that all of these places
allowed the MBEDTLS_CONFIG_FILE override. Now mbedtls/mbedtls_config.h is
only included via build_info.h, so this is not relevant anymore.

It is no longer particularly useful to test MBEDTLS_CONFIG_FILE with the
full config, but it isn't harmful either, so keep it that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
2003c2f455 Simplify build_mbedtls_config_file
$CONFIG_H no longer includes check_config.h since Mbed TLS 3.0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:40:25 +02:00
Gilles Peskine
ebfee6e315 check-generated-files.sh -u: don't update file timestamps
When running check-generated-files in update mode, all generated files were
regenerated. As a consequence,
```
tests/scripts/check-generated-files.sh -u && make
```
always caused most of the code to be rebuilt. Now, if a file hasn't changed,
preserve its original modification time (and other metadata), so the command
above doesn't rebuild anything that has actually not changed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:29:38 +02:00
Gilles Peskine
e6300959df Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:02:44 +02:00
Gilles Peskine
a401386f82 A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:10 +02:00
Gilles Peskine
d79e3b92fa In NOT_SUPPORTED test case descriptions, show what is not supported
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:56:58 +02:00
Gilles Peskine
c82f62e3a5
Merge pull request #4907 from gilles-peskine-arm/config-baremetal-size-3.0
Disable debugging features in the primary code size measurement job
2022-04-04 16:12:58 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Ronald Cron
a1b8f6e914 ssl-opt.sh: Do not force TLS 1.3 on client
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
de1adee51a Rename ssl_cli/srv.c
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
XiaokangQian
5c252620c5 Move MAC-ALL to self._ciphs in ssl-opt.sh
Change-Id: I60d29560f8937a0001ab4a30086bac255fc4b1eb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 08:53:45 +00:00
XiaokangQian
2e17fb8c93 Change code base on comments
Add all of the group pairs for hrr cases
Re-order some parameters

Change-Id: Id7e131d1ed4279bbd586613800df7bd87dfa4c54
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 03:30:05 +00:00
XiaokangQian
a1931448f0 Update hrr test cases generation code without change class
Change-Id: I38f620213bf5349d33ecad080538294633f85566
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 11:58:22 +00:00
XiaokangQian
eff93f947d Rebase code to latest and solve conflicts
Change-Id: Id89af63e5d63347f6365c87b2aed419cc31fe0d4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 10:47:55 +00:00
XiaokangQian
8031ba7fbf Update code base on comments
Change run title
Remove dedicate ciphersuite and sig alg
Update test cases

Change-Id: Ic0e9adf56062e744f7bafbc6bb562baeaafd89f0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 09:27:53 +00:00
XiaokangQian
68a87e4606 Remove the option r in generate_tls13_compat_tests.py
Integrate two options into one
Use one dedicate cipher suite TLS_AES_256_GCM_SHA384
Use on dedicate signature algorithm ecdsa_secp384r1_sha384

Change-Id: Icbe39b985e1942edc4b1e37ce3352eed4f316ab7
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
20438976f9 Change comments and styles base on review
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
af56fd3b9d Disable some reported warnings in pylint
Change-Id: Ia01e4a425f8b8d83be53d02885cf8ae4cbb20c98
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:08:01 +00:00
XiaokangQian
b9cd73f640 Fix errors from pylint
Change-Id: I6cbbf8a0b0acedf651fada6ab54fa03dc4ad9cf5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:57 +00:00
XiaokangQian
7069cbc8d5 generate all tls13 hrr test cases for compatible mode
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:08 +00:00
Jerry Yu
72d81e56b6 Add cert_sig_algs into offered list
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 22:13:57 +08:00
Jerry Yu
7de79850c9 Add cert_sig_algs for compat generate script
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 20:09:00 +08:00
Tom Cosgrove
226aca195f Fix running of all.sh on macOS
Was getting 'dd: unknown operand status'

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:56 +00:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Manuel Pégourié-Gonnard
f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac
TLS record HMAC
2022-03-21 11:36:44 +01:00
Neil Armstrong
0ab7a232b5 Add non-PSA and PSA variant of test_XXXX_constant_flow all.sh tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:10:09 +01:00
Gilles Peskine
cba28a7d40 Systematically generate test cases for operation setup failure
The test suite test_suite_psa_crypto_op_fail now runs a large number
of automatically generated test cases which attempt to perform a
one-shot operation or to set up a multi-part operation with invalid
parameters. The following cases are fully covered (based on the
enumeration of valid algorithms and key types):
* An algorithm is not supported.
* The key type is not compatible with the algorithm (for operations
  that use a key).
* The algorithm is not compatible for the operation.

Some test functions allow the library to return PSA_ERROR_NOT_SUPPORTED
where the test code generator expects PSA_ERROR_INVALID_ARGUMENT or vice
versa. This may be refined in the future.

Some corner cases with algorithms combining a key agreement with a key
derivation are not handled properly. This will be fixed in follow-up
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
8b4a38176a Generate test cases for hash operation failure
Test that hash operation functions fail when given a hash algorithm
that is not supported or an algorithm that is not a hash.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
c7e1ea074a New test suite for systematically generated operation failure tests
The new test suite psa_crypto_op_fail is intended for systematically
generated test cases that ensure that cryptographic operations with
invalid parameters fail as expected. I intend invalid parameters to
cover things like an invalid algorithm, an algorithm that is
incompatible with the operation, a key type that is incompatible with
the algorithm, etc.

This commit just creates the infrastructure. Subsequent commits will
add data generation and test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
f761427fb9 Simplify key_for_usage_flags
Generate "with implication" and "without implication" usage test cases
separately.

The set of generated test cases is unchanged. The order, and the description
of "with implication" test cases, changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-15 18:32:10 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Gilles Peskine
a266541072 test-ref-configs: clarify configuration-related traces
When doing builds with PSA enabled or with debug traces enabled, convey this
in $MBEDTLS_TEST_CONFIGURATION and in the terminal logs.

This fixes a bug that the outcome file did not distinguish entries from
test cases run in a reference configuration with or without PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Gilles Peskine
d7df877183 Simplify the logic to select configurations
User-visible changes:
* With no argument, configurations are now tested in a deterministic order.
* When given arguments, configurations are now tested in the order given.
* When given arguments, if the same configuration is passed multiple times,
  it will now be tested multiple times.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
Gilles Peskine
fdfc10b250
Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity
Check storage format tests for regressions
2022-03-07 17:02:34 +01:00
Przemek Stekiel
f25b16cadd test_psa_compliance: update tag to fix-pr-5139-3
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 14:25:09 +01:00
David Horstmann
61faf665e6 Use $PWD instead of $(pwd) for consistency
Change the new baremetal all.sh tests to use $PWD rather than
calling pwd again directly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
Daniel Axtens
814c8133c8 tests: add baremetal full config build
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
446af202f6 tests: prevent inclusion of time.h in baremetal compiles
baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is
undefined. To test this, provide an overriding include directory that
has a time.h which throws a meaningful error if included.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Gilles Peskine
254efe5f0c Make mypy unconditional
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-28 16:06:36 +01:00
Gilles Peskine
c6d197b68a ssl-opt needs debug messages
Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.

Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:22:25 +01:00
Gilles Peskine
168f17c233 New sample/test configuration: small DTLS 1.2
1. Copy config-ccm-psk-tls1_2.h
2. Add DTLS support
3. Add some TLS and DTLS features that are useful in low-bandwidth,
   low-reliability networks
4. Reduce the SSL buffer to a very small size

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:11 +01:00
Gilles Peskine
9216536415 Add storage format checks to the interface checker
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.

Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.

A known defect in this commit is that the --brief output is not brief
for storage format checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00
Przemyslaw Stekiel
ab80c0cd6c test_psa_compliance.py: checkout fix-pr-5139 tag
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-21 08:37:26 +00:00
Jerry Yu
baa4934e7b Add check tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
81d5e1feca fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
da5af22015 tls13_only: add tls13_only test component
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
2022-02-16 17:33:47 +01:00
Ronald Cron
a7a1deabf8
Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix
Fix test suite name reporting of opt-testcases/tls13-compat.sh
2022-02-15 13:53:10 +01:00
Ronald Cron
135427cb35 Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:44 +01:00
Manuel Pégourié-Gonnard
d81e774083
Merge pull request #5463 from gilles-peskine-arm/cmake-test-suite-enumeration
CMake: generate the list of test suites automatically
2022-02-07 09:48:23 +01:00
Gilles Peskine
827dbd9d35 Remove obsolete calls to if_build_succeeded
This is now a no-op.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Gilles Peskine
c1247c0cbb Remove obsolete variable restoration or unset at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Gilles Peskine
3bc3409edf Remove obsolete cd at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Gilles Peskine
a300099246 Stop CMake out of source tests running on 16.04 (continued)
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory and can presumably
happen with test_cmake_as_package and test_cmake_as_package_install as well.
So skip all of these components on Ubuntu 16.04.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Andrzej Kurek
01005b90b5 Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:41 -05:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
2022-01-18 09:16:25 +01:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-07 19:36:07 +01:00
Gilles Peskine
7e09105192 New option to list all test cases
Occasionally useful for diagnosing issues with test reports.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 18:34:12 +01:00
Gilles Peskine
686c292e8a Move collect_available_test_cases to check_test_cases.py
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 18:34:12 +01:00
Bence Szépkúti
bac671cd23 Fix the multipart AEAD compliance tests
Update the fork of the compliance test suite, and remove the multipart
AEAD tests from the expected failures list.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-06 15:46:17 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Archana
6f21e45b78
Fix Pylint errors and improve Python script
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)

check-generated-files.sh and CMakeLists.sh updated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:28:59 +05:30
Gilles Peskine
ccbc318fc5 Remove generation of ssl_debug_helpers_generated.h
It's now under version control and meant to be updated manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:55:37 +01:00
Gilles Peskine
12e27d4c5b List ssl_debug_helpers_generated.h in generated files
Running `generate_ssl_debug_helpers.py` generates both
`ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`.

List the `.h` file as well as the `.c` file in `check-generated-files.sh` so
that `check-generated-files.sh -u` will complain if it isn't up to date.

List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when
to wait until the `.h` file is present. In `Makefile`, declare the `.c` file
as depending on the `.h` file for order. This way, a dependency for either
will wait until the `.h` file is present, and since the `.h` file is
generated after the `.c` file, this guarantees that the `.c` file is
present.

This fixes random failures of `make -j` from a fresh checkout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-14 00:19:47 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix
Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:36 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Ronald Cron
0abf07ca2c Make PSA crypto mandatory for TLS 1.3
As we want to move to PSA for cryptographic operations
let's mandate PSA crypto from the start.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:22:21 +01:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated
Add debug helpers generated
2021-12-10 11:56:55 +00:00
Ronald Cron
ae93725ae8 tests: Make compat mode optional in script generating tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 10:27:07 +01:00
Jerry Yu
e78ee99624 add enum value to string helpers
Only add helpers for enum in `ssl.h`.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:43:30 +08:00
Ronald Cron
fdb0e3f381 ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard
c38c1f2411
Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0
Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:09 +01:00
Ronald Cron
1865585eab
Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
2021-12-08 14:56:39 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
2021-12-07 12:52:20 +01:00
Ronald Cron
27d47713c9 tests: psa: Remove MD2, MD4 and ARC4 related code
MD2, MD4 and ARC4 are not supported anymore in
3.x.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:54:36 +01:00
Jerry Yu
52a6e7ea00 Replace tls1_3 with tls13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:42:47 +08:00
Jerry Yu
2c315a8591 remove unused function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:22:51 +08:00
Jerry Yu
7918efe99a Refactor to avoid duplicate add_*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
882c30da17 Merge CAFILE and Certificate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
b4ac8f3c04 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
dda036d8e0 rename ecdsa_secp*sha* to ecdsa_secp*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
7f5e5adfa3 fix pylint fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
f17a60f147 Add opt-testcases into check list
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
cdcb683568 Update generate scripts and tls13 test cases
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
c4aa1520a2 tls13_compat_tests:Add generate all option
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
d64e20de7f fix wrong typo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
29deed4ddb Add rsa_pss_rsae_sha256 into tls13 compat tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Jerry Yu
305bfc3dfd Add tls13 compat tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Ronald Cron
3a8714d5d4 all.sh: psa: Add cipher acceleration test component
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
b231245ea8 all.sh: psa: Add hash acceleration test component
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
403c15cb51 all.sh: psa: Add ECDSA and RSA signature acceleration component
Add ECDSA and RSA signature acceleration testing
with signature capabilitites removed from the
Mbed TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
7975fae6bd Move to separately compiled PSA test driver library
This commit removes the test_psa_crypto_config_basic
all.sh component that can no longer work without
adapting it to the separately compiled test driver
library. This component is replaced by several
components in the following commits to test various
type of acceleration independently.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Xiaofei Bai
8b5c3824ee Fix (d)tls1_2 into (d)tls12 in version options
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 13:22:18 +00:00
Gilles Peskine
a0e57ef84f
Merge pull request #5131 from gilles-peskine-arm/dlopen-test
dlopen test
2021-11-25 22:03:27 +01:00
Gilles Peskine
f303c0ddeb Fix several bugs with multiline comments
Empty the current line if it's entirely inside a comment.

Don't incorrectly end a block comment at the second line if it doesn't
contain `*/`.

Recognize `/*` to start a multiline comment even if it isn't at the start of
the line.

When stripping off comments, consistently strip off `/*` and `*/`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:52 +01:00
Gilles Peskine
b4b18c1155 Improve comment and string stripping
Make that part of the code more readable.

Add support for // line comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:44 +01:00
Gilles Peskine
bc1e8f6a7c Fix terminology in comment
In computing, brackets are []. () are called parentheses.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:39 +01:00
Gilles Peskine
b9fc488559 Move comment and string literal processing to a new function
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:34 +01:00
Gilles Peskine
9b2fa72a43 Simplify some regex definitions
Use '|'.join([comma-separated list]) rather than r'...|' r'...|'. This way
there's less risk of forgetting a '|'. Pylint will yell if we forget a comma
between list elements.

Use match rather than search + mandatory start anchor for EXCLUSION_LINES.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:28 +01:00
Gilles Peskine
152de23518 Lift some code out of parse_identifiers
Make parse_identifiers less complex. Pylint was complaining that it had too
many local variables, and it had a point.

* Lift the constants identifier_regex and exclusion_lines to class
  constants (renamed to uppercase because they're constants).
* Lift the per-file loop into a new function parse_identifiers_in_file.

No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:07 +01:00
Gilles Peskine
c8794202e6 Fix comment parsing
Fix cases like
```
/*short comment*/ /*long
 comment */
int mbedtls_foo;
```
where the previous code thought that the second line started outside of a
comment and ended inside of a comment.

I believe that the new code strips comments correctly. It also strips string
literals, just in case.

Fixes #5191.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:01 +01:00
Paul Elliott
62dc392ef8 Stop CMake out of source tests running on 16.04
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:03:50 +00:00
Bence Szépkúti
357b78e42c Indicate if we know that a nonce length is invalid
This restores the behaviour found in the previously released versions
and development_2.x.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:04 +01:00
Bence Szépkúti
1e4423b535 Remove expected failure from test_psa_compliance
Issue #5143 was fixed in PR #5180.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:42:51 +01:00
Manuel Pégourié-Gonnard
9b9fbda912
Merge pull request #5094 from bensze01/test_psa_compliance
Run the PSA Compliance test suite in all.sh
2021-11-17 14:09:57 +01:00
Gilles Peskine
f1a7ea88d1
Merge pull request #5092 from mprse/generate_key2
Generate test cases for PSA key generation
2021-11-10 20:55:35 +01:00
Gilles Peskine
ca144597e8 Run the dlopen test in shared library builds
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 19:05:20 +01:00
Bence Szépkúti
b376eac5ac Track upstreaming task in an issue
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-09 22:13:46 +01:00
Bence Szépkúti
cb28871326 Document the values in EXPECTED_FAILURES
Including the issues where the corresponding defects are tracked.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-09 21:42:15 +01:00
Bence Szépkúti
e2855c32b5 Move to an updated fork of psa-arch-tests
The new fork was rebased on top of the upstream master, removing the
need for most of the downstream patches we carried.

On the other hand, the new fork includes a couple of fixes to problems
that were not addressed by the original fork, or were introduced with the
new version of psa-arch-tests.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-09 21:42:14 +01:00
Bence Szépkúti
ef0d02ed31 Explain why support_test_psa_compliance is needed
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:17:31 +01:00
Bence Szépkúti
b3818412bc Keep local clone around even if the test succeeds
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:17:29 +01:00
Bence Szépkúti
c63d1605ab Make directory creation code more compact
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:14:40 +01:00
Bence Szépkúti
67fb3149c0 Add licence header to script
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:12:37 +01:00
Bence Szépkúti
34b5f56344 Make main() suitable to being called from python
Don't call sys.exit(), and don't clobber the working directory.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:12:02 +01:00
Bence Szépkúti
449781fda7 Fix pylint errors
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:53:11 +01:00
Bence Szépkúti
83aa604ce5 Simplify regex and use named capture groups
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:53:11 +01:00
Bence Szépkúti
c2bac00530 Use print(end='') to silence double newline
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:53:11 +01:00
Bence Szépkúti
d2ea2c0df3 Indicate errors interleaved with test suite output
Indicate whether a success or failure is unexpected, or expected and
ignored as they happen.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:51:22 +01:00
Przemyslaw Stekiel
7bc26b8c2a generate_psa_tests.py: add key generation result to test case argument list, add comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-02 10:51:49 +01:00
Bence Szépkúti
ca9236b0c5 Make the changes easier to backport
The code replaced in this patch was not compatible with the
development_2.x branch.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-29 11:37:27 +02:00
Manuel Pégourié-Gonnard
774b4422e2
Merge pull request #5116 from gilles-peskine-arm/remove-greentea-3.0
Remove on-target testing
2021-10-29 09:33:34 +02:00
Manuel Pégourié-Gonnard
da71054bbc
Merge pull request #5011 from gilles-peskine-arm/test_ssl_o2-3.0
Build with -O2 when running ssl-opt
2021-10-29 09:25:23 +02:00
Gilles Peskine
d025422c28 Remove on-target testing
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-27 11:45:57 +02:00
David Horstmann
3ee10e841e Fix unused variable in generate_psa_tests.py
Remove the newly-unused variable that became unused in
a previous commit.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
65d8c69e80 Remove unnecessary check for ';' in filenames
The Makefiles already assume that filenames don't contain
special characters anyway, so we don't need to check this
in generate_psa_tests.py.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
a8d1406107 Rename DEV_MODE to GEN_FILES
GEN_FILES is a bit clearer as it describes what the setting
does more precisely.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
d64f4b249c Fix assorted spelling and wording issues
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
e12e7f47de Get generated data file list from script
Use the generate_psa_tests.py script to generate the list
of test data files used as output files by cmake.

Do this by introducing a new option --list-for-cmake
that prints a semicolon-separated list of the data files
with no terminating newline (since this is how a cmake list
is represented).

Replace the hard-coded output file list with a variable
generated by the script using this option.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
9327fb33a6 Fix test_ref_config component of all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
bfe54d703d Cleanup: rm all files generated by cmake
Again, unrelated, except I kept noticing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
a9cb894168 Add --directory option to generate_psa_tests.py
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Przemyslaw Stekiel
ba20fc98b8 Fix issues pointed by CI
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-22 11:05:18 +02:00
Przemyslaw Stekiel
437da19f4f Remove unused param and duplicated test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-22 10:08:38 +02:00
Bence Szépkúti
80b31c56eb Run the PSA Compliance test suite in all.sh
This commit adds a component to all.sh which clones, builds and runs the
compliance test suite.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-21 10:17:34 +02:00
Przemyslaw Stekiel
8d468e4ee8 Remove key generation when given argument is invalid from NotSupported class
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 10:04:55 +02:00
Przemyslaw Stekiel
1b0978b803 Add test class for key generation
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 09:05:33 +02:00
Gilles Peskine
e7fc7ef38b Always set a build type for cmake when building for testing
Set the build type to Release (-O2) when running CPU-intensive tests (ssl-opt,
or unit tests with debug features). A build type of Check (-Os) would be best
when the main objective of the build is to check for build errors or warnings
and there aren't many tests to run; in this commit there are no such test
cases to change. Only use cmake with no build type (which results in not
passing a -O option, and thus missing some GCC warnings) when exercising cmake
features.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 21:33:32 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Gilles Peskine
0d4640ad90
Merge pull request #4984 from gilles-peskine-arm/check-names-files
check_names.py: more robust handling of excluded files
2021-10-15 13:33:50 +02:00
Przemyslaw Stekiel
316c4fa3ce Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00
Przemyslaw Stekiel
1ecfdea002 all.sh: add full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 13:27:34 +02:00
Przemyslaw Stekiel
b576c7b779 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 10:43:17 +02:00
Przemyslaw Stekiel
25f7063533 enerate_psa_tests.py fix format
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 15:28:45 +02:00
Przemyslaw Stekiel
d9d630cdf3 Addapt psa_generate_key() tests
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 12:26:21 +02:00
Gilles Peskine
f4d2fd4a05 Fix cmake invocation syntax
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 11:45:47 +02:00
Gilles Peskine
dbf7b7eeb5 Switch cmake -O2 builds around to where we test a lot
Use Release mode (-O2) for component_test_full_cmake_clang which runs SSL
tests.

To have some coverage with Check mode (which enables more compiler warnings
but compiles with -Os), change a few other builds that only run unit tests
at most to Check mode.

Don't add any new builds, to keep the total build volume down. We don't need
extensive coverage of all combinations, just a reasonable set.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:38:32 +02:00
Gilles Peskine
77f0535a93 Clarify a comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:27:16 +02:00
Gilles Peskine
cf52222694 Correct support function name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:25:29 +02:00
Gilles Peskine
bf3ec84b1c
Merge pull request #5003 from gilles-peskine-arm/all.sh-makeflags-nproc
Limit make parallelism to the number of CPUs in all.sh
2021-10-06 19:35:12 +02:00
Gilles Peskine
ff0aee0e7b Build with -O2 when running ssl-opt
SSL testing benefits from faster executables, so use -O2 rather than -O1.
Some builds use -O1, but that's intended for jobs that only run unit tests,
where the build takes longer than the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 09:36:03 +02:00
Gilles Peskine
050d2fc201 Limit make parallelism to the number of CPUs
Don't default to unbridled -j, which causes a load spike and isn't really
faster.

"Number of CPUs" is implemented here as a reasonable compromise between
portability, correctness and simplicity. This is just a default that can be
overridden by setting MAKEFLAGS in the environment.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:24:21 +02:00
Gilles Peskine
6b34ac7655
Merge pull request #4955 from gilles-peskine-arm/make-tests-v-development
Facilitate reproducing unit tests from all.sh
2021-09-30 16:08:53 +02:00
Andrzej Kurek
324f72ec9c Fix a bug where the ssl context is used after it's nullified
When not using DEBUG_C, but using the DTLS CID feature -
a null pointer was accessed in ssl_tls.c.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:52 -04:00
Gilles Peskine
8a83224072 Fix typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-28 10:12:49 +02:00
Gilles Peskine
89458d1420 More robust handling of excluded files
Don't try to enumerate excluded files. List included files, and remove names
from the list if they match an excluded-file pattern.

This resolves the problem that the script could get into an infinite loop
due to the use of recursive globbing. Unfortunately, Python's recursive
globs follows symbolic links to directories, which leads to an infinite loop
if a symbolic link points to an ancestor of the directory that contains it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 19:20:17 +02:00
Gilles Peskine
b19be6b5f3
Merge pull request #1638 from dgreen-arm/check-names-rewrite
Rewrite check-names.sh in python
2021-09-27 12:28:53 +02:00
Ronald Cron
27f84fc75c
Merge pull request #4813 from JoeSubbiani/TranslateCiphersuite_dev
Translate ciphersuite names
2021-09-27 08:57:52 +02:00
Yuto Takano
c3a6f63c99 Merge updates from upstream development branch into check-names-rewrite
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-09-24 18:02:56 +01:00
Gilles Peskine
3587dfdce8 Move long -D lists from all.sh to a header file
To facilitate maintenance and to make it easier to reproduce all.sh builds
manually, remove the long, repeated list of -D options from
component_test_psa_crypto_config_basic and component_test_psa_crypto_drivers
and put it in a header file instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-20 19:20:04 +02:00
Gilles Peskine
396853ad03 'make test': show failing test cases when cmake does
When building with make, `make test` runs `run-test-suites.pl` which has a
verbose mode that reports the failing test cases, but it didn't provide a
way to enable this verbose mode. With the present commit, you can run `make
test TEST_FLAGS=-v` to use verbose mode.

Base the default for verbose mode on the same environment variable that
`make test` uses when building with CMake: default off, but enabled if
`CTEST_OUTPUT_ON_FAILURE` is true. In particular, verbose mode will now be
on when building from `all.sh`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-20 18:57:55 +02:00