Commit graph

8138 commits

Author SHA1 Message Date
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
Manuel Pégourié-Gonnard
f5e2331f8a Use TEST_EQUAL when applicable in test_suite_md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:51:03 +01:00
Manuel Pégourié-Gonnard
b707bedca4 Avoid unnecessary copy in test_suite_md
Also avoids buffer with an arbitrary size while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:32:41 +01:00
Manuel Pégourié-Gonnard
4ba98f5350 Use MBEDTLS_MD_MAX_SIZE in test_suite_md
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:25:53 +01:00
Manuel Pégourié-Gonnard
c90514ee11 Use MD type not string to in MD test data
For all test that want to use a hash, identify it by its numerical type
rather than a string. The motivation is that when we isolate the
MD-light subset from the larger MD, it won't have support for string
identifiers. Do the change for all tests, not just those that will
exercise functions in MD-light, for the sake of uniformity and because
numerical identifiers just feel better.

Note: mbedtls_md_info_from_string is still tested in md_info().

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:13:10 +01:00
Gilles Peskine
753ad17a41
Merge pull request #6982 from aditya-deshpande-arm/check-files-characters
check_files.py: Allow specific Box Drawing characters to be used
2023-02-03 11:46:06 +01:00
Gilles Peskine
e2db23d741
Merge pull request #6902 from yanrayw/6651-enable-cipher-suite-names-consistent
compat.sh: report and filter cipher suite names consistently
2023-02-03 11:38:31 +01:00
Manuel Pégourié-Gonnard
bae8d2ae13
Merge pull request #7028 from daverodgman/sizeof-brackets
Fix use of sizeof without brackets
2023-02-03 10:29:56 +01:00
Manuel Pégourié-Gonnard
d56def5c30
Merge pull request #6946 from valeriosetti/issue6856
driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal
2023-02-03 08:51:04 +01:00
Yanray Wang
131ec931eb Remove the additional dot in output of compat.sh
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-03 12:13:04 +08:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Valerio Setti
00c1ccb08c depends.py: fix typo and slightly reorganized code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-02 11:33:31 +01:00
Aditya Deshpande
ebb2269f68 Allow whole Box Drawings range
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-01 13:30:26 +00:00
Pengyu Lv
c92df3ba59 all.sh: test_m32_xx is not supported on arm64 host
test_m32_xxx tests are x86 specific, but the support
function only identifies a 64-bit system. So the tests
will be run on arm64 host and cause a test failure.
This change restricts those tests to amd64/x86_64
only.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-01 10:50:50 +08:00
Gilles Peskine
470f10cfc5
Merge pull request #6941 from gabor-mezei-arm/6375_quasi-reduction_function
Add function to fix quasi-reduction
2023-01-31 11:25:25 +01:00
Nick Child
a0c15d0fec pkcs7/test: Add test cases for pkcs7 with 3 signers
Previously, a loop in pkcs7_get_signers_info_set was not
getting covered by tests. This was because when there are
two or less signers, the loop will not execute.
Therefore, add new data files for another signer and use
three signers to generate a new pkcs7 DER file. Add a test
case to make sure that verification is still successfula and
use the test script to create ASN1 errors throoughout the
stucture:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der

This results in the loop being executed.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 19:30:38 +00:00
Nick Child
951f700909 pkcs7/test: Allocate hash dynamically
Rather than using a static array, use the md_info
size to allocate dynamically.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:45:04 +00:00
Nick Child
c547447deb pkcs7/test: Let verify take dynamic number of certs
Previously there were two test functions for verify.
One allowed for the verification of one certificate and
the other allowed for verification of two certificates.

Merge these two functions into one function that can take
any number of certificates as an argument.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:45:04 +00:00
Nick Child
ec81709516 pkcs7: Ensure all data in asn1 structure is accounted for
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:44:58 +00:00
Nick Child
4983ddf747 test/pkcs7: Add more tests for better coverage
Add test calls to raw asn1 data with slight syntatical errors
Increases %branches covered from 70.4% to 87.7%.
Add a script which serves as documentation for how these new test
cases were generated:
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Nick Child
b781770b3e test/pkcs7: Add helper function
In the future, tests will be added which take in a char buffer
and buflen. Rather than duplicate code, have tests which
read from file and from buffer use the same helper function

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Nick Child
e8a811650b test/pkcs7: Add test for expired cert
PKCS7 verification should fail if the signing cert is expired.
Add test case for this condition.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Nick Child
ff2746fa56 test/pkcs7: Add test for wrong hash alg
Add a test to verify a hash which uses a different digest
algorithm than the one specified in the pkcs7.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Aditya Deshpande
15b6dd0fb4 Modify comments to make them more inclusive
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:46:58 +00:00
Aditya Deshpande
ea637081dd Allow specific Box Drawing UTF characters that are used in Markdown trees in check_files.py
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:19:32 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Manuel Pégourié-Gonnard
e28397a376
Merge pull request #6938 from aditya-deshpande-arm/check-names-exclusions
check_names.py: Compare identifiers in excluded files against symbols parsed by nm
2023-01-30 09:21:58 +01:00
Valerio Setti
18b9b035ad test: add test for a full length serial of 0xFF
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:47:57 +01:00
Valerio Setti
a87f839113 test: improve error handling in x509_set_serial_check()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-27 11:29:42 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Przemek Stekiel
59f4a18b6f Fix test dependency SHA1 -> SHA256
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-27 07:14:14 +01:00
Gilles Peskine
b82977a429
Merge pull request #6962 from davidhorstmann-arm/fix-check-python-errors
Fix check python errors
2023-01-26 21:54:25 +01:00
Gilles Peskine
81505e4a16
Merge pull request #6917 from yanrayw/6658-not-print-Terminated-ubuntu-22.04
Fix the problem of printing "Terminated" in compat.sh under Ubuntu-22.04
2023-01-26 21:53:33 +01:00
Gilles Peskine
b20028b3a3 Avoid using external programs in inner loops
Don't use external programs for string manipulation that the shell can do.
This makes the script a little faster (~10% when testing PSK).

For this commit, I only looked at code run in the innermost loop.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-26 21:45:45 +01:00
Gilles Peskine
47aab850da Batch cipher translations to go faster
Python has a high startup cost, so go back to invoking it only once per
server start, rather than once per client start. This is a measurable
performance improvement (running time ~*0.5 with PSK, less dramatic with
asymmetric crypto).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-26 21:45:45 +01:00
Gilles Peskine
292cd6f4e5 Don't use the cipher suite in check_openssl_server_bug
We can detect PSK based on $TYPE. This allows more flexibility in how cipher
suites are spelled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-26 21:44:26 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Przemek Stekiel
d7992df529 Use input files to parse CSR instead of bytes
Additionally fix the generation of test_csr_v3_all_malformed_extension_ns_cert_bitstream_tag.csr.der which was incorectly malformed.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 16:19:50 +01:00
Valerio Setti
9cb0f7a423 test: driver-only: fix disparities in random
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:49:11 +01:00
Valerio Setti
3002c99247 test: extend analyze_outcomes.py in order to skip only some test in a suite
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:49:00 +01:00
Valerio Setti
7e57920511 test: driver-only: fix disparities in psa_crypto_se_driver_hal
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:30:46 +01:00
Valerio Setti
4682948c1e test: driver-only: fix disparities in ECP
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:30:31 +01:00
Przemek Stekiel
94e21e153f Skip unsupported extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 11:08:32 +01:00
Przemek Stekiel
92cce3fe6d Use extension .csr.der to indicate format
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 10:33:26 +01:00
Przemek Stekiel
f0e25c72d9 Add missing dependencies for negative tests, remove PEM dependency
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-25 09:38:01 +01:00
David Horstmann
f0c75796be Fix a missing type hint warning
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-24 18:53:15 +00:00
Gabor Mezei
86c90fca3e
Rename variables to follow the naming convention
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-24 14:21:10 +01:00
Gabor Mezei
ee2aff2093
Add check for test input
The input for fix_quasi_reduction must be in range 0 <= X < 2N.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-24 14:21:05 +01:00
Manuel Pégourié-Gonnard
00d3e96042
Merge pull request #6855 from mpg/driver-only-ecdsa-starter
Driver-only ECDSA starter
2023-01-24 13:06:17 +01:00
Przemek Stekiel
160968586b Add negative test cases and use DER format for CSRs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
3f948c96e2 Fix typo in test dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
685d472db3 Adapt expected output of existing tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
46a4a4987e Add tests to very parsing of CSR v3 extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Przemek Stekiel
e7fbbb3fbd Generate csr files to test v3 extensions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-01-24 10:57:19 +01:00
Manuel Pégourié-Gonnard
4455fd2449
Merge pull request #6531 from AndrzejKurek/depends-py-kex-fixes
Depends.py - add exclusive domain tests to key exchange testing
2023-01-24 09:32:05 +01:00
Gabor Mezei
9073f7dd3b
Remove unneeded check
The fix_quasi_reduction function changed to static so checking the
invalid arguments are not needed anymore.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 19:05:37 +01:00
Gabor Mezei
e81a2b85c9
Change the fix_quasi_reduction function to static
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:58:20 +01:00
Gabor Mezei
aaa1d2a276
Move the quasi reduction fixing function to bignum_mod_raw
Rename the function to 'fix_quasi_reduction' to better suite its functionality.
Also changed the name prefix to suite for the new module.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-23 18:55:57 +01:00
Manuel Pégourié-Gonnard
d84902f4ef Add issue numbers to TODO comments
In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.

I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:

    % sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
    DHE-PSK
    DHE-RSA
    ECDH-ECDSA
    ECDHE-ECDSA
    ECDHE-PSK
    ECDHE-RSA
    ECJPAKE
    PSK
    RSA
    RSA-PSK

(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 13:03:13 +01:00
Manuel Pégourié-Gonnard
bc19a0b0d8 Fix missing SHA-224 in test driver build
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
Andrzej Kurek
98682b50a4 Remove obsolete comment from depends.py
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-23 06:16:23 -05:00
Janos Follath
3e0769b598
Merge pull request #6832 from daverodgman/fast-unaligned-ct
Improve efficiency of some constant time functions
2023-01-23 10:55:35 +00:00
Dave Rodgman
58c721e894 Add TEST_CF_SECRET to mbedtls_ct_memcpy_if_eq test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 11:13:55 +00:00
Dave Rodgman
22b0d1adbf Test memcmp with differences starting after the first byte
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-21 10:29:00 +00:00
Dave Rodgman
95ec58cc12 Remove not-needed stdio include from tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
39188c0a2a Add unit tests for mbedtls_ct_memcmp and mbedtls_ct_memcpy_if_eq
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 14:04:48 +00:00
Dave Rodgman
1a034dcc20 Add regression test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 13:18:05 +00:00
Dave Rodgman
dc3b1540cd Fix test guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 11:39:00 +00:00
Yanray Wang
60f8eaa3b4 Remove third argument passed to run_client in compat.sh
The argument passed to translate_ciphers.py is calculated from $1 in
run_client instead of passed as third argument.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-20 13:38:30 +08:00
Andrzej Kurek
723b8779f9 Add missing key exchange requirements to test_suite_ssl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:31:00 -05:00
Andrzej Kurek
a86cef32cf Add missing KEX DHE-RSA requirement for one ssl test
This specific cipher is used to test record splitting.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:27:57 -05:00
Andrzej Kurek
9113df8c8f Add missing RSA-type dependencies in test_suite_ssl
These tests are not run in development because of the
overlapping !TLS_1_3 requirement and usage of full config.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-19 18:26:31 -05:00
Gilles Peskine
2566679eb8 Add metadata test case for PSA_ALG_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:20 +01:00
Gilles Peskine
4db02f2324 Add SECRET input validation test cases for PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
763ffdd2a6 Add metadata test case for PSA_ALG_CCM_STAR_NO_TAG
The following shell command (requiring GNU grep) looks for algorithms and
key types, as well as IS and GET macros, that lack metadata tests:
```
for x in $(grep -Pho '(?<=^#define )PSA_(ALG|KEY_TYPE)_(?!CATEGORY_|NONE\b|\w+_(BASE|FLAG|MASK|CASE))\w+' include/psa/crypto_values.h include/psa/crypto_extra.h); do grep -qw $x tests/suites/test_suite_psa_crypto_metadata.* || echo $x; done
```

This may have false negatives: it only checks that the constants are
mentioned at least once, not that the tests are written correctly.

This has false positives:
* Types and algorithms that Mbed TLS does not support.
* PSA_ALG_ECDSA_IS_DETERMINISTIC, PSA_ALG_DSA_IS_DETERMINISTIC are peculiar
  auxiliary macros that only apply to very specific algorithms and aren't
  tested like the other IS macros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
cafda872f3 Fix documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00
Gilles Peskine
0e9e4422ab NotSupported is specifically about key types
Rename NotSupported to KeyTypeNotSupported, because it's only about testing
key management. For algorithms, not-supported is handled by OpFail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:17 +01:00
Gabor Mezei
7e14c66c4d
Fix lint issues
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-18 10:56:13 +01:00
Ronald Cron
340d4c80af
Merge pull request #6616 from lpy4105/6551-tls13-SessionTicket-kex-change-check
This PR needs some change logs but there is a follow-up PR (issue #6935) that would change the change logs we would had here thus we will do them all while working on #6935.
2023-01-17 16:48:27 +00:00
Andrzej Kurek
714ae6551e Add missing key exchange requirements to test_suite_ssl
Some of the tests use mbedtls_test_cli_key_rsa_der and
mbedtls_test_cli_crt_rsa_der, and these can be used with
specific ciphersuites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-17 10:38:11 -05:00
Andrzej Kurek
1ff7336e2c depends.py: enable key exchange tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-17 10:38:10 -05:00
Gabor Mezei
a38db2a55b
Add missing inlcude
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-17 16:34:49 +01:00
Gabor Mezei
308132f641
Add test generation support for the ecp module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-17 13:16:46 +01:00
Gabor Mezei
65fc9f78d4
Add tests for ecp quasi-reduction
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-17 13:16:46 +01:00
Yanray Wang
20fa2ae220 Redesign translation of cipher suite names in compat.sh
Move translation of cipher suite names after filter_ciphersuites
so that filter is based on standard cipher suite names.
Furthermore, an additional flag is passed to run_client to
determine the type of translation of cipher suite names.
Therefore, client receives cipher suite names based on
its naming convention but the reporting output is still
the standard cipher suite names.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-17 15:11:46 +08:00
Yanray Wang
ee97f05d35 Translate cipher suite names based on standard naming convention
With this commit, translate_ciphers.py would be based on standard
cipher suite names instead of MbedTLS naming convention.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-17 14:56:37 +08:00
Yanray Wang
d5f99e49e0 Change cipher suite names to standard names in compat.sh
Since there is a plan to report and filter all cipher suite names
consistently, cipher suite names in compat.sh are changed to the
standard naming convention.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-17 14:55:58 +08:00
Aditya Deshpande
0584df4131 Minor changes to account for CodeParser.parse_identifiers being used in list_internal_identifiers.py
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-16 16:36:31 +00:00
Dave Rodgman
461b8254d0
Merge pull request #6865 from scop/patch-1
Use `grep -E` instead of `egrep`
2023-01-16 15:21:24 +00:00
Aditya Deshpande
dd8ac67792 Update check_names.py so that identifiers in excluded files are still compared against the output of nm.
This fixes the issue where excluding a file containing identifiers from checks would cause check_symbols_in_header to fail.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-16 14:57:48 +00:00
Pengyu Lv
2bfd716293 simplify test case dependencies and test commands
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 13:44:10 +08:00
Tom Cosgrove
fc0e79e70f Have compat.sh and ssl-opt.sh not return success for > 255 errors
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-01-13 12:13:41 +00:00
Yanray Wang
128859725a Redirect stdout/stderr to SRV_OUT
Under Ubuntu-22.04, wait command prints out Terminated message.
Therefore server process is handled with identical ways like other
processes in compat.sh. In addition, PROCESS_ID is renamed as
SRV_PID to improve code readability.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-13 11:58:11 +08:00
Yanray Wang
05f940b255 Remove Terminated message from stdout
Under Ubuntu-22.04, wait command prints out Terminated message
if the process has been killed by kill command. This messes up
the output in compat.sh

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-13 11:54:59 +08:00
Pengyu Lv
c1334d934c correct test case dependencies
Now the config dependencies used for ticket_flags
test cases are TLS 1.2 specified. Correct them to
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:06:01 +08:00
Pengyu Lv
06cf66d2ab unroll test cases to improve coverage of check_test_cases in all.sh
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:58 +08:00
Pengyu Lv
302feb3955 add cases to test session resumption with different ticket_flags
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Valerio Setti
856cec45eb test: x509: add more tests for checking certificate serial
- added 2 new certificates: 1 for testing a serial which is full lenght
  and another one for a serial which starts with 0x80

- added also proper Makefile and openssl configuration file to generate
  these 2 new certificates

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00