Commit graph

1996 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 51e24946d5 Add all.sh components with ZLIB enabled
ZLIB support is deprecated, but until it's removed it should still be tested.
2020-01-06 09:52:27 +01:00
Jaeden Amero db649896e6
Merge pull request #2895 from gilles-peskine-arm/drbg-set_entropy_len-2.7
Backport 2.7: Allow xxx_drbg_set_entropy_len before xxx_drbg_seed
2019-11-29 16:17:08 +00:00
Gilles Peskine 02fbc08d2e Enable more test cases without MBEDTLS_MEMORY_DEBUG
None of the test cases in tests_suite_memory_buffer_alloc actually
need MBEDTLS_MEMORY_DEBUG. Some have additional checks when
MBEDTLS_MEMORY_DEBUG but all are useful even without it. So enable
them all and #ifdef out the parts that require DEBUG.
2019-11-26 18:48:08 +01:00
Gilles Peskine 786f068ec0 More accurate test case description 2019-11-26 18:47:14 +01:00
Gilles Peskine 04d45c98e8 Clarify that the "FATAL" message is expected
The test case "Memory buffer small buffer" emits a message
"FATAL: verification of first header failed". In this test case, it's
actually expected, but it looks weird to see this message from a
passing test. Add a comment that states this explicitly, and modify
the test description to indicate that the failure is expected, and
change the test function name to be more accurate.

Fix #309
2019-11-26 18:47:14 +01:00
Gilles Peskine b729e1b9ba CTR_DRBG: support set_entropy_len() before seed()
mbedtls_ctr_drbg_seed() always set the entropy length to the default,
so a call to mbedtls_ctr_drbg_set_entropy_len() before seed() had no
effect. Change this to the more intuitive behavior that
set_entropy_len() sets the entropy length and seed() respects that and
only uses the default entropy length if there was no call to
set_entropy_len().

The former test-only function mbedtls_ctr_drbg_seed_entropy_len() is
no longer used, but keep it for strict ABI compatibility.
2019-10-23 18:01:25 +02:00
Jaeden Amero c87a54683b
Merge pull request #2900 from gilles-peskine-arm/asan-test-fail-2.7
Backport 2.7: Make sure Asan failures are detected in 'make test'
2019-10-22 16:30:37 +01:00
Jaeden Amero cc656ac96b
Merge pull request #2872 from gilles-peskine-arm/test_malloc_0_null-2.7
Backport 2.7: Test the library when malloc(0) returns NULL
2019-10-22 13:41:37 +01:00
Gilles Peskine 5ee14d70d2 'make test' must fail if Asan fails
When running 'make test' with GNU make, if a test suite program
displays "PASSED", this was automatically counted as a pass. This
would in particular count as passing:
* A test suite with the substring "PASSED" in a test description.
* A test suite where all the test cases succeeded, but the final
  cleanup failed, in particular if a sanitizer reported a memory leak.

Use the test executable's return status instead to determine whether
the test suite passed. It's always 0 on PASSED unless the executable's
cleanup code fails, and it's never 0 on any failure.

Fix ARMmbed/mbed-crypto#303
2019-10-21 20:48:51 +02:00
Gilles Peskine 4c2697f43f Asan make builds: avoid sanitizer recovery
Some sanitizers default to displaying an error message and recovering.
This could result in a test being recorded as passing despite a
complaint from the sanitizer. Turn off sanitizer recovery to avoid
this risk.
2019-10-21 20:48:51 +02:00
Gilles Peskine 260921d3f2 Use UBsan in addition to Asan with 'make test'
When building with make with the address sanitizer enabled, also
enable the undefined behavior sanitizer.
2019-10-21 20:48:51 +02:00
Gilles Peskine c20a4053c3 Unify ASan options in make builds
Use a common set of options when building with Asan without CMake.
2019-10-21 20:48:51 +02:00
Jaeden Amero 5cc748e58f Merge remote-tracking branch 'origin/pr/2866' into mbedtls-2.7
* origin/pr/2866:
  Reduce stack usage of test_suite_pkcs1_v15
  Reduce stack usage of test_suite_pkcs1_v21
  Reduce stack usage of test_suite_rsa
  Reduce stack usage of test_suite_pk
2019-10-02 18:00:13 +01:00
Jaeden Amero 2fc6cf5da7 Merge remote-tracking branch 'origin/pr/2704' into mbedtls-2.7
* origin/pr/2704:
  Adapt auth_crypt_tv usage to 2.7
  Add missing dependencies in test_suite_cipher.gcm
  Adapt ChangeLog
  Add NIST AES GCM test vectors to single-step cipher API test suite
2019-10-02 17:56:38 +01:00
Ron Eldor 0ab4092e2d Reduce stack usage of test_suite_pkcs1_v15
Reduce the stack usage of the `test_suite_pkcs1_v15` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-10-02 14:34:24 +03:00
Ron Eldor dd4277f70d Reduce stack usage of test_suite_pkcs1_v21
Reduce the stack usage of the `test_suite_pkcs1_v21` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the size sent to the API to sizeof output.
2019-10-02 14:34:24 +03:00
Ron Eldor b3d3973264 Reduce stack usage of test_suite_rsa
Reduce the stack usage of the `test_suite_rsa` by reducing the
size of the buffers used in the tests, to a reasonable big enough size,
and change the data size to decrypt in the data file.
2019-10-02 14:34:24 +03:00
Ron Eldor 6827d1c588 Reduce stack usage of test_suite_pk
Reduce the stack usage of the `test_suite_pk` by reducing the
size of the buffers used in the tests, to a reasonable big enough size.
2019-10-02 14:34:17 +03:00
Gilles Peskine 0981a5d7ab Add a test component with malloc(0) returning NULL
Exercise the library functions with calloc returning NULL for a size
of 0. Make this a separate job with UBSan (and ASan) to detect
places where we try to dereference the result of calloc(0) or to do
things like

    buf = calloc(size, 1);
    if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY;
    memcpy(buf, source, size);

which has undefined behavior when buf is NULL at the memcpy call even
if size is 0.

This is needed because other test components jobs either use the system
malloc which returns non-NULL on Linux and FreeBSD, or the
memory_buffer_alloc malloc which returns NULL but does not give as
useful feedback with ASan (because the whole heap is a single C
object).
2019-09-30 14:01:37 +02:00
Andrzej Kurek 9b1c248209 Enable MBEDTLS_MEMORY_DEBUG in memory buffer alloc test in all.sh 2019-09-10 02:58:34 -04:00
Andrzej Kurek 7eb7f8db8b Remove unnecessary memory buffer alloc unsets
This define is turned off by default
2019-09-09 07:32:48 -04:00
Andrzej Kurek 6addfdd190 Disable DTLS proxy tests for MEMORY_BUFFER_ALLOC test 2019-09-09 07:22:13 -04:00
Andrzej Kurek 9a461a1cd7 all.sh: restructure memory allocator tests
Run basic tests and ssl-opt with memory backtrace disabled, then
run basic tests only with it enabled.
2019-09-09 07:22:03 -04:00
Hanno Becker 7aad93c9da Add missing dependency in memory buffer alloc set in all.sh 2019-09-09 07:21:52 -04:00
Hanno Becker 167ae43852 Add all.sh run with full config and ASan enabled 2019-09-09 07:15:19 -04:00
Hanno Becker f5baaaaf89 Add all.sh run with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled
With the removal of MBEDTLS_MEMORY_BUFFER_ALLOC_C from the
full config, there are no tests for it remaining in all.sh.
This commit adds a build as well as runs of `make test` and
`ssl-opt.sh` with MBEDTLS_MEMORY_BUFFER_ALLOC_C enabled to all.sh.
2019-09-09 07:15:00 -04:00
Andrzej Kurek c7f97f1c8d Adapt all.sh to removal of buffer allocator from full config
Previously, numerous all.sh tests manually disabled the buffer allocator
or memory backtracting after setting a full config as the starting point.

With the removal of MBEDTLS_MEMORY_BACKTRACE and MBEDTLS_MEMORY_BUFFER_ALLOC_C
from full configs, this is no longer necessary.
2019-09-09 07:10:39 -04:00
Jaeden Amero d7bd10dc89 Bump version to Mbed TLS 2.7.12 2019-09-06 13:28:28 +01:00
Jaeden Amero e1d93e5552 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted
* origin/mbedtls-2.7:
  ssl-opt.sh: wait for proxy to start before running the script further
2019-09-05 18:14:28 +01:00
Unknown b86bcb4f71 ssl-opt.sh: wait for proxy to start before running the script further 2019-09-04 06:09:26 -04:00
Gilles Peskine ad72522fad Merge remote-tracking branch 'upstream-restricted/mbedtls-2.7-proposed' into mbedtls-2.7-restricted 2019-08-14 16:30:13 +02:00
Gilles Peskine 3b8cf47004 Merge remote-tracking branch 'upstream-restricted/pr/508' into mbedtls-2.7-restricted 2019-08-14 16:25:10 +02:00
Gilles Peskine 298a43a77e Merge remote-tracking branch 'upstream-restricted/pr/549' into mbedtls-2.7-restricted 2019-08-14 16:24:51 +02:00
Gilles Peskine ab327dfec7 Merge remote-tracking branch 'upstream-restricted/pr/614' into mbedtls-2.7-restricted 2019-08-14 16:24:08 +02:00
Gilles Peskine 0e08fff32f Merge remote-tracking branch 'upstream-public/pr/2737' into mbedtls-2.7 2019-08-14 16:00:47 +02:00
Gilles Peskine c7ad7ed185 Merge remote-tracking branch 'upstream-public/pr/2755' into mbedtls-2.7 2019-08-14 15:59:21 +02:00
Gilles Peskine 6ad89c2a3a Exclude DTLS 1.2 only with older OpenSSL
compat.sh used to skip OpenSSL altogether for DTLS 1.2, because older
versions of OpenSSL didn't support it. But these days it is supported.

We don't want to use DTLS 1.2 with OpenSSL unconditionally, because we
still use legacy versions of OpenSSL to test with legacy ciphers. So
check whether the version we're using supports it.
2019-08-13 11:44:30 +02:00
Gilles Peskine 5d3be4a0f8
Merge pull request #640 from ARMmbed/mbedtls-2.7-proposed
Merge mbedtls-2.7 into mbedtls-2.7-restricted
2019-08-05 11:06:45 +02:00
Gilles Peskine ad8c9bf7e0
Merge pull request #2418 from RonEld/Backport2.7_2734
Backport 2.7: Update soon to be expired crl
2019-08-03 13:38:23 +02:00
Gilles Peskine d56ca658ab entropy_nv_seed: cope with SHA-256
This test case was only executed if the SHA-512 module was enabled and
MBEDTLS_ENTROPY_FORCE_SHA256 was not enabled, so "config.pl full"
didn't have a chance to reach it even if that enabled
MBEDTLS_PLATFORM_NV_SEED_ALT.

Now all it takes to enable this test is MBEDTLS_PLATFORM_NV_SEED_ALT
and its requirements, and the near-ubiquitous MD module.
2019-07-19 17:41:55 +02:00
Gilles Peskine 923f7f9637 entropy_nv_seed: clean up properly
Call mbedtls_entropy_free on test failure.

Restore the previous NV seed functions which the call to
mbedtls_platform_set_nv_seed() changed. This didn't break anything,
but only because the NV seed functions used for these tests happened
to work for the tests that got executed later in the .data file.
2019-07-19 17:41:55 +02:00
Jaeden Amero a115207830 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted
* origin/mbedtls-2.7:
  tests: Limit each log to 10 GiB
2019-07-12 10:16:03 +01:00
Ron Eldor 4f928c0f37 Create certificates with correct string formatting
For conformity, create the certificates using `cert_write` so
so they will all be `printableString`.
2019-07-10 17:23:06 +03:00
Ron Eldor 3936a0296d Update certificates to expire in 2029
Update certificates that expire on 2021, to prolong their validity,
to make tests pass three years ahead.
2019-07-10 17:23:06 +03:00
Ron Eldor ea6149ad43 Update soon to be expired crl
Update crl.pem, as it will expire on November 25 2019.
Resolves #2357.
2019-07-10 16:58:56 +03:00
Jaeden Amero 347309141f tests: Limit each log to 10 GiB
Limit log output in compat.sh and ssl-opt.sh, in case of failures with
these scripts where they may output seemingly unlimited length error
logs.

Note that ulimit -f uses units of 512 bytes, so we use 10 * 1024 * 1024
* 2 to get 10 GiB.
2019-07-10 08:50:52 +01:00
Jaeden Amero c455be6574 Merge remote-tracking branch 'origin/mbedtls-2.7' into mbedtls-2.7-restricted
* origin/mbedtls-2.7:
  Split _abi_compliance_command into smaller functions
  Record the commits that were compared
  Document how to build the typical argument for -s
  Allow running /somewhere/else/path/to/abi_check.py
  Allow TODO in code
  Use the docstring in the command line help
2019-07-10 08:47:27 +01:00
k-stachowiak 0f16adace4 Add a test for mlaformed ECJPAKE context 2019-07-09 10:22:13 +02:00
Gilles Peskine 950de1e331 Test that a shared library build produces a dynamically linked executable 2019-07-05 15:48:52 +02:00
Gilles Peskine 17ecb24cb8 Test that the shared library build with CMake works 2019-07-05 15:48:36 +02:00