yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-22 18:15:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #628 from hanno-arm/hardcoding_tests-baremetal

Browse source 
[Baremetal] Add all.sh tests for hardcoded SSL configuration options
This commit is contained in:
Manuel Pégourié-Gonnard 2019-08-01 10:53:51 +02:00 committed by GitHub
parent 6852e95c2a 2b29a37c91
commit 646a466ae2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 202 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -22,6 +22,9 @@ Coverage
# generated by scripts/memory.sh
massif-*
# scripts/baremetal.sh --ram build artefacts:
*.su
# MSVC build artifacts:
*.exe
*.pdb

4
library/Makefile
View file

@ -200,7 +200,7 @@ libmbedcrypto.dll: $(OBJS_CRYPTO)
clean:
ifndef WINDOWS
rm -f *.o libmbed*
rm -f *.o *.su libmbed*
else
del /Q /F *.o libmbed*
del /Q /F *.o *.su libmbed*
endif

5
library/ssl_srv.c
View file

@ -1098,10 +1098,15 @@ static int ssl_parse_client_hello_v2( mbedtls_ssl_context *ssl )
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
#if !defined(MBEDTLS_SSL_CONF_FIXED_MAJOR_VER)
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
#endif
#if !defined(MBEDTLS_SSL_CONF_FIXED_MINOR_VER)
ssl->minor_ver =
( buf[4] <= mbedtls_ssl_conf_get_max_minor_ver( ssl->conf ) )
? buf[4] : mbedtls_ssl_conf_get_max_minor_ver( ssl->conf );
#endif
if( mbedtls_ssl_get_minor_ver( ssl ) < mbedtls_ssl_conf_get_min_minor_ver( ssl->conf ) )
{

9
library/x509_crt.c
View file

@ -743,11 +743,8 @@ static int x509_skip_dates( unsigned char **p,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
end = *p + len;
if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_DATE +
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
/* skip contents of the sequence */
*p += len;
return( 0 );
}
@ -2975,10 +2972,10 @@ check_signature:
#if !defined(MBEDTLS_X509_CRT_REMOVE_TIME)
if( !mbedtls_x509_time_is_past( &parent->valid_to ) &&
!mbedtls_x509_time_is_future( &parent->valid_from ) )
#endif /* !MBEDTLS_X509_CRT_REMOVE_TIME */
{
parent_valid = 1;
}
#endif /* !MBEDTLS_X509_CRT_REMOVE_TIME */
/* basic parenting skills (name, CA bit, key usage) */
if( x509_crt_check_parent( child_sig, parent, top ) == 0 )

3
programs/Makefile
View file

@ -298,8 +298,9 @@ ifndef WINDOWS
rm -f $(APPS)
-rm -f ssl/ssl_pthread_server$(EXEXT)
-rm -f test/cpp_dummy_build$(EXEXT)
-rm -f *.su
else
del /S /Q /F *.o *.exe
del /S /Q /F *.o *.su *.exe
endif
list:

9
programs/ssl/dtls_server.c
View file

@ -305,8 +305,15 @@ reset:
goto exit;
}
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &client_fd,
mbedtls_net_send, mbedtls_net_recv, mbedtls_net_recv_timeout );
mbedtls_net_send, mbedtls_net_recv,
mbedtls_net_recv_timeout );
#else
mbedtls_ssl_set_bio_ctx( &ssl, &client_fd );
#endif
printf( " ok\n" );

9
programs/ssl/ssl_client1.c
View file

@ -196,7 +196,14 @@ int main( void )
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, NULL );
#else
mbedtls_ssl_set_bio_ctx( &ssl, &server_fd );
#endif
/*
* 4. Handshake

16
programs/ssl/ssl_client2.c
View file

@ -524,9 +524,6 @@ static int delayed_send( void *ctx, const unsigned char *buf, size_t len )
first_try = 1; /* Next call will be a new operation */
return( ret );
}
#endif /* MBEDTLS_SSL_CONF_RECV &&
MBEDTLS_SSL_CONF_SEND &&
MBEDTLS_SSL_CONF_RECV_TIMEOUT */
typedef struct
{
@ -658,6 +655,9 @@ static int send_cb( void *ctx, unsigned char const *buf, size_t len )
return( mbedtls_net_send( io_ctx->net, buf, len ) );
}
#endif /* !MBEDTLS_SSL_CONF_RECV &&
!MBEDTLS_SSL_CONF_SEND &&
!MBEDTLS_SSL_CONF_RECV_TIMEOUT */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
static unsigned char peer_crt_info[1024];
@ -893,7 +893,11 @@ int main( int argc, char *argv[] )
{
int ret = 0, len, tail_len, i, written, frags, retry_left;
mbedtls_net_context server_fd;
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
io_ctx_t io_ctx;
#endif
unsigned char buf[MAX_REQUEST_SIZE + 1];
@ -2681,8 +2685,14 @@ send_request:
goto exit;
}
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
opt.nbio == 0 ? recv_timeout_cb : NULL );
#else
mbedtls_ssl_set_bio_ctx( &ssl, &server_fd );
#endif
#if defined(MBEDTLS_TIMING_C)
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \

9
programs/ssl/ssl_fork_server.c
View file

@ -300,7 +300,14 @@ int main( void )
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &client_fd,
mbedtls_net_send, mbedtls_net_recv, NULL );
#else
mbedtls_ssl_set_bio_ctx( &ssl, &client_fd );
#endif
mbedtls_printf( "pid %d: SSL setup ok\n", pid );

9
programs/ssl/ssl_mail_client.c
View file

@ -649,7 +649,14 @@ int main( int argc, char *argv[] )
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, NULL );
#else
mbedtls_ssl_set_bio_ctx( &ssl, &server_fd );
#endif
mbedtls_printf( " ok\n" );

9
programs/ssl/ssl_pthread_server.c
View file

@ -149,7 +149,14 @@ static void *handle_ssl_connection( void *data )
goto thread_exit;
}
mbedtls_ssl_set_bio( &ssl, client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &client_fd,
mbedtls_net_send, mbedtls_net_recv, NULL );
#else
mbedtls_ssl_set_bio_ctx( &ssl, &client_fd );
#endif
/*
* 5. Handshake

9
programs/ssl/ssl_server.c
View file

@ -265,7 +265,14 @@ reset:
goto exit;
}
mbedtls_ssl_set_bio( &ssl, &client_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &client_fd,
mbedtls_net_send, mbedtls_net_recv, NULL );
#else
mbedtls_ssl_set_bio_ctx( &ssl, &client_fd );
#endif
mbedtls_printf( " ok\n" );

27
programs/ssl/ssl_server2.c
View file

@ -654,9 +654,6 @@ static int delayed_send( void *ctx, const unsigned char *buf, size_t len )
first_try = 1; /* Next call will be a new operation */
return( ret );
}
#endif /* MBEDTLS_SSL_CONF_RECV &&
MBEDTLS_SSL_CONF_SEND &&
MBEDTLS_SSL_CONF_RECV_TIMEOUT */
typedef struct
{
@ -790,8 +787,11 @@ static int send_cb( void *ctx, unsigned char const *buf, size_t len )
return( mbedtls_net_send( io_ctx->net, buf, len ) );
}
#endif /* !MBEDTLS_SSL_CONF_RECV &&
!MBEDTLS_SSL_CONF_SEND &&
!MBEDTLS_SSL_CONF_RECV_TIMEOUT */
#if !defined(MBEDTLS_SSL_CONF_AUTHMODE)
#if defined(SNI_OPTION) || !defined(MBEDTLS_SSL_CONF_AUTHMODE)
/*
* Return authmode from string, or -1 on error
*/
@ -806,7 +806,7 @@ static int get_auth_mode( const char *s )
return( -1 );
}
#endif /* !MBEDTLS_SSL_CONF_AUTHMODE */
#endif /* SNI_OPTION || !MBEDTLS_SSL_CONF_AUTHMODE */
/*
* Used by sni_parse and psk_parse to handle coma-separated lists
@ -1509,7 +1509,11 @@ int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
int version_suites[4][2];
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
io_ctx_t io_ctx;
#endif
unsigned char* buf = 0;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
@ -3714,12 +3718,19 @@ data_exchange:
/*
* This illustrates the minimum amount of things you need to set
* up, however you could set up much more if desired, for example
* if you want to share your set up code between the case of
* establishing a new connection and this case.
* up: I/O and timer callbacks/contexts; however you could set up
* much more if desired, for example if you want to share your set
* up code between the case of establishing a new connection and
* this case.
*/
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &io_ctx, send_cb, recv_cb,
opt.nbio == 0 ? recv_timeout_cb : NULL );
#else
mbedtls_ssl_set_bio_ctx( &ssl, &client_fd );
#endif
#if defined(MBEDTLS_TIMING_C)
#if !defined(MBEDTLS_SSL_CONF_SET_TIMER) && \

9
programs/x509/cert_app.c
View file

@ -441,7 +441,14 @@ int main( int argc, char *argv[] )
goto ssl_exit;
}
mbedtls_ssl_set_bio( &ssl, &server_fd, mbedtls_net_send, mbedtls_net_recv, NULL );
#if !defined(MBEDTLS_SSL_CONF_RECV) && \
!defined(MBEDTLS_SSL_CONF_SEND) && \
!defined(MBEDTLS_SSL_CONF_RECV_TIMEOUT)
mbedtls_ssl_set_bio( &ssl, &server_fd,
mbedtls_net_send, mbedtls_net_recv, NULL );
#else
mbedtls_ssl_set_bio_ctx( &ssl, &server_fd );
#endif
/*
* 4. Handshake

13
scripts/baremetal.sh
View file

@ -214,6 +214,9 @@ baremetal_ram_build() {
make clean
CFLAGS="$BASE_CFLAGS $CFLAGS_CONFIG $CFLAGS_USER_CONFIG"
if [ "$build_only" -eq 1 ]; then
CFLAGS="$CFLAGS -Werror"
fi
echo "Modifications: $BAREMETAL_USER_CONFIG"
cat $BAREMETAL_USER_CONFIG | grep "^#define" | awk '{print "* " $0 }'
@ -338,7 +341,7 @@ baremetal_ram_stack() {
}
show_usage() {
echo "Usage: $0 [--rom [--check] [--gcc] [--armc5] [--armc6]|--ram [--stack] [--heap]]"
echo "Usage: $0 [--rom [--check] [--gcc] [--armc5] [--armc6]|--ram [--build-only] [--stack] [--heap]]"
}
test_build=0
@ -352,7 +355,7 @@ measure_heap=0
measure_stack=0
check=0
build_only=0
debug=0
while [ $# -gt 0 ]; do
@ -362,6 +365,7 @@ while [ $# -gt 0 ]; do
--armc6) build_armc6=1;;
--ram) test_build=1;;
--rom) raw_build=1;;
--build-only) build_only=1;;
--heap) measure_heap=1;;
--stack) measure_stack=1;;
--check) check=1;;
@ -385,8 +389,9 @@ fi
if [ "$test_build" -eq 1 ]; then
if [ "$measure_heap" -eq 0 ] &&
[ "$measure_stack" -eq 0 ]; then
echo "Need to set either --heap or --stack with --ram"
[ "$measure_stack" -eq 0 ] &&
[ "$build_only" -eq 0 ]; then
echo "Need to set either --build-only, --heap or --stack with --ram"
show_usage
exit 1
fi

4
tests/Makefile
View file

@ -114,9 +114,9 @@ $(BINARIES): %$(EXEXT): %.c $(DEP)
clean:
ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax TESTS
rm -rf $(BINARIES) *.c *.su *.datax TESTS
else
del /Q /F *.c *.exe *.datax
del /Q /F *.c *.su *.exe *.datax
ifneq ($(wildcard TESTS/.*),)
rmdir /Q /S TESTS
endif

89
tests/scripts/all.sh
View file

@ -792,6 +792,84 @@ component_test_hardcoded_timer_callback_cmake_clang() {
if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$'
}
component_test_hardcoded_version_cmake_clang() {
msg "build: cmake, full config + hardcoded version, clang" # ~ 50s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl set MBEDTLS_SSL_CONF_MIN_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3
scripts/config.pl set MBEDTLS_SSL_CONF_MAX_MINOR_VER MBEDTLS_SSL_MINOR_VERSION_3
scripts/config.pl set MBEDTLS_SSL_CONF_MIN_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3
scripts/config.pl set MBEDTLS_SSL_CONF_MAX_MAJOR_VER MBEDTLS_SSL_MAJOR_VERSION_3
CC=clang cmake -D LINK_WITH_PTHREAD=1 -D CMAKE_BUILD_TYPE:String=ASanDbg -D ENABLE_TESTING=On .
make
msg "test: main suites (full config + hardcoded version)" # ~ 5s
make test
msg "test: ssl-opt.sh default (full config + hardcoded version)" # ~ 5s
if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$'
}
component_test_hardcoded_io_callbacks_cmake_clang() {
msg "build: cmake, full config + hardcoded IO callbacks, clang" # ~ 50s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl set MBEDTLS_SSL_CONF_RECV mbedtls_net_recv
scripts/config.pl set MBEDTLS_SSL_CONF_SEND mbedtls_net_send
scripts/config.pl set MBEDTLS_SSL_CONF_RECV_TIMEOUT mbedtls_net_recv_timeout
CC=clang cmake -D LINK_WITH_PTHREAD=1 -D CMAKE_BUILD_TYPE:String=ASanDbg -D ENABLE_TESTING=On .
make
msg "test: main suites (full config + hardcoded IO callbacks)" # ~ 5s
make test
msg "test: ssl-opt.sh default (full config + hardcoded IO callbacks)" # ~ 5s
if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$'
}
component_test_hardcoded_misc_options_cmake_clang() {
msg "build: cmake, full config + hardcode various SSL config options, clang" # ~ 50s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl set MBEDTLS_SSL_CONF_READ_TIMEOUT 0
scripts/config.pl set MBEDTLS_SSL_CONF_HS_TIMEOUT_MIN MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN
scripts/config.pl set MBEDTLS_SSL_CONF_HS_TIMEOUT_MAX MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX
scripts/config.pl set MBEDTLS_SSL_CONF_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
scripts/config.pl set MBEDTLS_SSL_CONF_ANTI_REPLAY MBEDTLS_SSL_ANTI_REPLAY_ENABLED
scripts/config.pl set MBEDTLS_SSL_CONF_BADMAC_LIMIT 0
scripts/config.pl set MBEDTLS_SSL_CONF_AUTHMODE MBEDTLS_SSL_VERIFY_REQUIRED
scripts/config.pl set MBEDTLS_SSL_CONF_ALLOW_LEGACY_RENEGOTIATION MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION
CC=clang cmake -D LINK_WITH_PTHREAD=1 -D CMAKE_BUILD_TYPE:String=ASanDbg -D ENABLE_TESTING=On .
make
msg "test: main suites (full config + hardcode various SSL config options)" # ~ 5s
make test
msg "test: ssl-opt.sh default (full config + hardcode various SSL config options)" # ~ 5s
if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$'
}
component_test_hardcoded_elliptic_curve_cmake_clang() {
msg "build: cmake, full config + hardcode elliptic curve, clang" # ~ 50s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_GRP_ID MBEDTLS_ECP_DP_SECP256R1
scripts/config.pl set MBEDTLS_SSL_CONF_SINGLE_EC_TLS_ID 23
CC=clang cmake -D LINK_WITH_PTHREAD=1 -D CMAKE_BUILD_TYPE:String=ASanDbg -D ENABLE_TESTING=On .
make
msg "test: main suites (full config + hardcode elliptic curve)" # ~ 5s
make test
msg "test: ssl-opt.sh default (full config + hardcode elliptic curve)" # ~ 5s
if_build_succeeded tests/ssl-opt.sh -f '^Default$\|^Default, DTLS$'
}
component_build_deprecated () {
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
scripts/config.pl full
@ -1263,11 +1341,20 @@ component_build_armcc () {
}
# need _armcc in the name for pre_check_tools()
component_build_baremetal_script_gcc_armcc () {
component_build_baremetal_raw_armcc () {
msg "build: scripts/baremetal.sh gcc/armc5/armc6"
scripts/baremetal.sh --rom --gcc --armc5 --armc6 --check
}
component_test_baremetal () {
msg "build: lib+test+programs for baremetal.h + baremetal_test.h"
record_status scripts/baremetal.sh --ram --build-only
msg "test: baremetal.h + baremetal_test.h"
if_build_succeeded make test
if_build_succeeded tests/ssl-opt.sh --filter "^Default, DTLS$"
}
component_build_armcc_tinycrypt_baremetal () {
msg "build: ARM Compiler 5, make with tinycrypt and baremetal"
scripts/config.pl baremetal