Commit graph

2282 commits

Author SHA1 Message Date
Simon Butcher 3ad2efdc82 Remove Yotta support from the docs, tests and build scripts
Yotta is no longer supported by Mbed TLS, so has been removed. Specifically, the
following changes have been made:
 * references to yotta have been removed from the main readme and build
   instructions
 * the yotta module directory and build script has been removed
 * yotta has been removed from test scripts such as all.sh and check-names.sh
 * yotta has been removed from other files that that referenced it such as the
   doxyfile and the bn_mul.h header
 * yotta specific configurations and references have been removed from config.h
2018-09-26 17:55:09 +01:00
Gilles Peskine 487cdf5516 In keep-going mode, don't hard-fail on some auxiliary script
Add record_status in front of the invocation of several scripts where
it was missing.
2018-09-26 16:50:38 +02:00
Gilles Peskine 2561a50ea4 Fix "make WINDOWS_BUILD=1 clean" on non-Windows hosts
The clean rule was not using the correct names for the compiled
executable files.
2018-09-26 16:50:31 +02:00
Janos Follath 7c025a9f50 Generalize dh_flag in mbedtls_mpi_gen_prime
Setting the dh_flag to 1 used to indicate that the caller requests safe
primes from mbedtls_mpi_gen_prime. We generalize the functionality to
make room for more flags in that parameter.
2018-09-21 16:30:07 +01:00
Manuel Pégourié-Gonnard 125af948c3 Merge branch 'development-restricted' into iotssl-1260-non-blocking-ecc-restricted
* development-restricted: (578 commits)
  Update library version number to 2.13.1
  Don't define _POSIX_C_SOURCE in header file
  Don't declare and define gmtime()-mutex on Windows platforms
  Correct preprocessor guards determining use of gmtime()
  Correct documentation of mbedtls_platform_gmtime_r()
  Correct typo in documentation of mbedtls_platform_gmtime_r()
  Correct POSIX version check to determine presence of gmtime_r()
  Improve documentation of mbedtls_platform_gmtime_r()
  platform_utils.{c/h} -> platform_util.{c/h}
  Don't include platform_time.h if !MBEDTLS_HAVE_TIME
  Improve wording of documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Fix typo in documentation of MBEDTLS_PLATFORM_GMTIME_R_ALT
  Replace 'thread safe' by 'thread-safe' in the documentation
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  ChangeLog: Add missing renamings gmtime -> gmtime_r
  Improve documentation of MBEDTLS_HAVE_TIME_DATE
  Minor documentation improvements
  Style: Add missing period in documentation in threading.h
  Rename mbedtls_platform_gmtime() to mbedtls_platform_gmtime_r()
  Guard decl and use of gmtime mutex by HAVE_TIME_DATE and !GMTIME_ALT
  ...
2018-09-11 12:39:14 +02:00
Simon Butcher 53546ea099 Update library version number to 2.13.1 2018-09-06 19:10:26 +01:00
Manuel Pégourié-Gonnard 82986c1015 Disable 3d test with no good openssl version
While these tests and the issue with it are pre-existing:
- we previously didn't understand that the issue was an openssl bug
- failures seem to have become more frequent since the recent changes

So let's disable these fragile tests in order to get a clean CI. We still have
the tests against gnutls-serv for interop testing.
2018-09-03 10:50:21 +02:00
Manuel Pégourié-Gonnard c1eda67fac Disable fragmentation tests with openssl bugs
While making the initial commit, I thought $OPENSSL_LEGACY was not affect by
this bug, but it turns out I was wrong. All versions of OpenSSL installed on
the CI are. Therefore, the corresponding tests are disabled for the same
reason as the gnutls-cli tests above it.

This commit is only about the tests that were added in the recent
fragmentation work. One of those two tests had a particularly
annoying mode of failure: it failed consistently with seed=1 (use in the
release version of all.sh), once #1951 was applied. This has nothing
particular to do with #1951, except that by changing retransmission behaviour
1951 made the proxy run into a path that triggered the OpenSSL bug with this
seed, while it previously did that only with other seeds.

Other 3d interop test are also susceptible to triggering this OpenSSL bug or
others (or bugs in GnuTLS), but they are left untouched by this commit as:
- they were pre-existing to the recent DTLS branches;
- they don't seem to have the particularly annoying seed=1 mode of failure.
However it's probably desirable to do something about them at some point in
the future.
2018-09-03 10:49:35 +02:00
Simon Butcher 4d075cd7d0 Update library version number to 2.13.0 2018-08-31 15:59:10 +01:00
Simon Butcher 552754a6ee Merge remote-tracking branch 'public/pr/1988' into development 2018-08-30 00:57:28 +01:00
Simon Butcher 68dbc94720 Merge remote-tracking branch 'public/pr/1951' into development 2018-08-30 00:56:56 +01:00
Simon Butcher e50128a692 Merge remote-tracking branch 'public/pr/1994' into development 2018-08-30 00:56:18 +01:00
Nir Sonnenschein acedc91f8f Fix build issue on clang 2018-08-29 23:57:45 +03:00
Nir Sonnenschein 85fcb58997 Refactor test code for CTR DRBG to clarify test functions
previously a single function was used for most test cases (ctr_drbg_validate) making it harder to understand what the exact scenario is as a result it was split into easier to understand functions.
2018-08-29 23:38:57 +03:00
Hanno Becker 108992e776 Add MTU auto-reduction test with valgrind 2018-08-29 17:19:09 +01:00
Hanno Becker 37029ebc63 Skip MTU auto-reduction test when running valgrind 2018-08-29 17:19:06 +01:00
Nir Sonnenschein 6275be3483 Re-factor test functions and add support for data_t parameters
the testing functions were re-factored so that the common code was extracted to a single static function (removing the need for unclear goto statements).
As part of the re-factor the test functions now use data_t for parameters (support for this was introduced in previous rebase),
2018-08-29 10:25:30 +03:00
Nir Sonnenschein ce266e4ca2 use single define for 128bit key for ctr_drbg and update test dependencies
the change is designed to make configuring 128bit keys for ctr_drbg more similar to other configuration options. Tests have been updated accordingly.
also clarified test naming.
2018-08-29 10:11:46 +03:00
Hanno Becker 39b8bc9aef Change wording of debug message 2018-08-28 17:52:49 +01:00
Hanno Becker 7c48dd11db ssl-opt.sh: Add function extracting val or default val from config.h 2018-08-28 16:09:22 +01:00
Hanno Becker dc1e950170 DTLS reordering: Add test for buffering a proper fragment
This commit adds a test to ssl-opt.sh which exercises the behavior
of the library in the situation where a single proper fragment
of a future handshake message is received prior to the next
expected handshake message (concretely, the client receives
the first fragment of the server's Certificate message prior
to the server's ServerHello).
2018-08-28 16:02:33 +01:00
Simon Butcher 14dac0953e Merge remote-tracking branch 'public/pr/1918' into development 2018-08-28 12:21:41 +01:00
Simon Butcher 1846e406c8 Merge remote-tracking branch 'public/pr/1939' into development 2018-08-28 12:19:56 +01:00
Simon Butcher 9598845d11 Merge remote-tracking branch 'public/pr/1955' into development 2018-08-28 12:00:18 +01:00
Hanno Becker e604556feb ssl-opt.sh: Don't hardcode varname in requires_config_value_xxx() 2018-08-28 11:24:55 +01:00
Hanno Becker b841b4f107 ssl-opt.sh: Remove reference to Github issue 2018-08-28 10:25:51 +01:00
Hanno Becker 3b8b40c16d ssl-opt.sh: Add function to skip next test 2018-08-28 10:25:41 +01:00
Simon Butcher 6f032a60c9 Merge remote-tracking branch 'public/pr/1963' into development 2018-08-28 10:21:06 +01:00
Simon Butcher badeb07872 Merge remote-tracking branch 'public/pr/1967' into development 2018-08-28 10:20:23 +01:00
Hanno Becker b9a0086975 ssl-opt.sh: Explain use of --insecure in GnuTLS client tests 2018-08-28 10:20:22 +01:00
Andrzej Kurek 6a4f224ac3 ssl-opt.sh: change expected output for large srv packet test with SSLv3
This test also exercises a protection against BEAST
and should expect message splitting.
2018-08-27 08:00:13 -04:00
Hanno Becker 2f5aa4c64e all.sh: Add builds allowing to test dropping buffered messages
This commit adds two builds to all.sh which use a value of
MBEDTLS_SSL_DTLS_MAX_BUFFERING that allows to run the
reordering tests in ssl-opt.sh introduced in the last commit.
2018-08-24 14:48:11 +01:00
Hanno Becker a1adcca1da ssl-opt.sh: Add tests exercising freeing of buffered messages
This commit adds tests to ssl-opt.sh which trigger code-paths
responsible for freeing future buffered messages when the buffering
limitations set by MBEDTLS_SSL_DTLS_MAX_BUFFERING don't allow the
next expected message to be reassembled.

These tests only work for very specific ranges of
MBEDTLS_SSL_DTLS_MAX_BUFFERING and will therefore be skipped
on a run of ssl-opt.sh in ordinary configurations.
2018-08-24 14:48:11 +01:00
Hanno Becker 5cd017f931 ssl-opt.sh: Allow numerical constraints for tests
This commit adds functions requires_config_value_at_most()
and requires_config_value_at_least() which can be used to
only run tests when a numerical value from config.h
(e.g. MBEDTLS_SSL_IN_CONTENT_LEN) is within a certain range.
2018-08-24 14:48:11 +01:00
Hanno Becker 0e96585bdd Merge branch 'datagram_packing' into message_reordering 2018-08-24 12:16:41 +01:00
Hanno Becker 69ca0ad5c4 ssl-opt.sh: Remove wrong test exercising MTU implications of MFL
The negotiated MFL is always the one suggested by the client, even
if the server has a smaller MFL configured locally. Hence, in the test
where the client asks for an MFL of 4096 bytes while the server locally
has an MFL of 512 bytes configured, the client will still send datagrams
of up to ~4K size.
2018-08-24 12:14:00 +01:00
Hanno Becker 6b6f602174 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-24 11:55:03 +01:00
Hanno Becker c92b5c8a0d ssl-opt.sh: Add tests checking that MFL implies bounds on MTU
This commit introduces some tests to ssl-opt.sh checking that
setting the MFL limits the MTU to MFL + { Maximum Record Expansion }.
2018-08-24 11:48:01 +01:00
Manuel Pégourié-Gonnard 34aa187df6 Force IPv4 for gnutls-cli DTLS tests
Depending on the settings of the local machine, gnutls-cli will either try
IPv4 or IPv6 when trying to connect to localhost. With TLS, whatever it tries
first, it will notice if any failure happens and try the other protocol if
necessary. With DTLS it can't do that. Unfortunately for now there isn't
really any good way to specify an address and hostname independently, though
that might come soon: https://gitlab.com/gnutls/gnutls/issues/344

A work around is to specify an address directly and then use --insecure to
ignore certificate hostname mismatch; that is OK for tests that are completely
unrelated to certificate verification (such as the recent fragmenting tests)
but unacceptable for others.

For that reason, don't specify a default hostname for gnutls-cli, but instead
let each test choose between `--insecure 127.0.0.1` and `localhost` (or
`--insecure '::1'` if desired).

Alternatives include:
- having test certificates with 127.0.0.1 as the hostname, but having an IP as
  the CN is unusual, and we would need to change our test certs;
- have our server open two sockets under the hood and listen on both IPv4 and
  IPv6 (that's what gnutls-serv does, and IMO it's a good thing) but that
obviously requires development and testing (esp. for windows compatibility)
- wait for a newer version of GnuTLS to be released, install it on the CI and
  developer machines, and use that in all tests - quite satisfying but can't
be done now (and puts stronger requirements on test environment).
2018-08-23 19:07:15 +02:00
Hanno Becker 3546201dbc Merge branch 'datagram_packing' into message_reordering 2018-08-22 10:25:40 +01:00
Hanno Becker a67dee256d Merge branch 'iotssl-2402-basic-pmtu-adaptation' into datagram_packing 2018-08-22 10:06:38 +01:00
Manuel Pégourié-Gonnard b8eec192f6 Implement PMTU auto-reduction in handshake 2018-08-22 10:50:30 +02:00
Hanno Becker 170e2d89da Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-22 09:44:54 +01:00
Manuel Pégourié-Gonnard c1d54b74ec Add tests with non-blocking I/O
Make sure we behave properly when f_send() or f_recv() return
MBEDTLS_ERR_SSL_WANT_{WRITE,READ}.
2018-08-22 10:02:59 +02:00
Manuel Pégourié-Gonnard 3d183cefb5 Allow client-side resend in proxy MTU tests
From Hanno:
When a server replies to a cookieless ClientHello with a HelloVerifyRequest,
it is supposed to reset the connection and wait for a subsequent ClientHello
which includes the cookie from the HelloVerifyRequest.
In testing environments, it might happen that the reset of the server
takes longer than for the client to replying to the HelloVerifyRequest
with the ClientHello+Cookie. In this case, the ClientHello gets lost
and the client will need retransmit. This may happen even if the underlying
datagram transport is reliable.
2018-08-22 09:56:22 +02:00
Hanno Becker 1d7399351e ssl-opt.sh: Add DTLS session resumption tests
Fixes #1969.
2018-08-21 17:48:42 +01:00
Hanno Becker 903ee3d363 Merge branch 'datagram_packing' into message_reordering 2018-08-21 17:24:17 +01:00
Hanno Becker 175cb8fc69 ssl-opt.sh: Allow resend in DTLS session resumption tests, cont'd
This commit continues commit 47db877 by removing resend guards in the
ssl-opt.sh tests 'DTLS fragmenting: proxy MTU, XXX' which sometimes made
the tests fail in case the log showed a resend from the client.

See 47db877 for more information.
2018-08-21 17:00:10 +01:00
Hanno Becker e35670528b ssl-opt.sh: Add test for reassembly after reordering 2018-08-21 16:50:43 +01:00
Nir Sonnenschein aecf8c941a adding more ctr_drbg test vectors (CAVP 14.3)
addtional test vectors add tests for both AES-256
and AES-128 variants of ctr_drbg
2018-08-21 18:05:13 +03:00
Gilles Peskine e4b77b9639 ctr_drbg: add a few test vectors from CAVP 14.3
These test vectors are from
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/drbg/drbgtestvectors.zip
2018-08-21 18:05:08 +03:00
Gilles Peskine cfc1de766b ctr_drbg: sample vectors from NIST
Test vectors from
https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/CTR_DRBG_withDF.pdf
2018-08-21 18:05:02 +03:00
Gilles Peskine 5ef5a9aeb4 ctr_drbg tests: unify validate functions
Unify the three existing validation functions (with prediction
resistance, with manual reseeding between generations, and with no
reseeding) into a single function that supports these three scenarios
plus a fourth one (reseed before the first generation).

The four supported scenarios cover the three scenarios from the
current CAVP test vectors (no reseed, reseed before generating,
prediction resistance) plus a fourth scenario used by the existing
test vectors (reseed after generating).

(cherry picked from commit cee9bedee6bc1a8e2b22fa8a31647b62ebb8a0a4)
2018-08-21 18:04:45 +03:00
Gilles Peskine 4c78665ccd ctr_drbg tests: new validation function that doesn't reseed
This is one of the test scenarios from the CAVP test vectors.
2018-08-21 18:03:31 +03:00
Gilles Peskine ef0624f791 ctr_drbg tests: make input sizes flexible
The ctr_drbg_validate_xxx test functions had hard-coded sizes for the
entropy and the output size. Generalize the sizes.

Keep track of the current entropy size.

Unhexify the expected output and compare with the actual output,
rather than hexifying the actual output and comparing the hex.
2018-08-21 18:02:03 +03:00
Gilles Peskine ed7da59798 ctr_drbg: add comments relating the code with the NIST specification 2018-08-21 17:55:46 +03:00
Nir Sonnenschein c9547cc23b add NIST test vector for 128 bit keys (not passing yet). 2018-08-21 17:53:25 +03:00
Hanno Becker 5bcf2b081f ssl-opt.sh: Allow spurious resend in DTLS session resumption test
When a server replies to a cookieless ClientHello with a HelloVerifyRequest,
it is supposed to reset the connection and wait for a subsequent ClientHello
which includes the cookie from the HelloVerifyRequest.
In testing environments, it might happen that the reset of the server
takes longer than for the client to replying to the HelloVerifyRequest
with the ClientHello+Cookie. In this case, the ClientHello gets lost
and the client will need retransmit. This may happen even if the underlying
datagram transport is reliable.

This commit removes a guard in the ssl-opt.sh test
'DTLS fragmenting: proxy MTU, resumed handshake' which made
the test fail in case the log showed a resend from the client.
2018-08-21 15:04:22 +01:00
Ron Eldor 6b13afe1a5 Fix indentation
Fix indentation in the test.
2018-08-21 16:11:13 +03:00
Manuel Pégourié-Gonnard 2f2d9020cd Add delay in test to avoid race condition
We previously observed random-looking failures from this test. I think they
were caused by a race condition where the client tries to reconnect while the
server is still closing the connection and has not yet returned to an
accepting state. In that case, the server would fail to see and reply to the
ClientHello, and the client would have to resend it.

I believe logs of failing runs are compatible with this interpretation:
- the proxy logs show the new ClientHello and the server's closing Alert are
  sent the same millisecond.
- the client logs show the server's closing Alert is received after the new
  handshake has been started (discarding message from wrong epoch).

The attempted fix is for the client to wait a bit before reconnecting, which
should vastly enhance the probability of the server reaching its accepting
state before the client tries to reconnect. The value of 1 second is arbitrary
but should be more than enough even on loaded machines.

The test was run locally 100 times in a row on a slightly loaded machine (an
instance of all.sh running in parallel) without any failure after this fix.
2018-08-21 12:17:54 +02:00
Manuel Pégourié-Gonnard 6151298395 Add missing requires_gnutls guards 2018-08-21 09:40:07 +02:00
Ron Eldor 9434713368 Move the assertion
Move the assertion for checking the heap allocatino succeeded.
2018-08-20 14:59:33 +03:00
Hanno Becker 6aeaa05a95 Merge branch 'iotssl-165-dtls-hs-fragmentation-new' into datagram_packing 2018-08-20 12:53:37 +01:00
Hanno Becker f362c297fa ssl-opt.sh Add dependency on gnutls in two fragmentation tests 2018-08-20 12:40:23 +01:00
Hanno Becker 7be2e5bb16 ssl-opt.sh: Preserve proxy log, too, if --preserve-logs is specified 2018-08-20 12:23:37 +01:00
Hanno Becker 4e1a9c17f2 ssl-opt.sh: Preserve proxy log, too, if --preserve-logs is specified 2018-08-20 12:22:09 +01:00
Manuel Pégourié-Gonnard 4532329397 Add proxy-enforcement to a MTU test 2018-08-20 11:52:24 +02:00
Hanno Becker 9829315235 Add missing dependency in ssl-opt.sh 2018-08-20 11:18:34 +02:00
Hanno Becker 58e9dc3d4b Allow GNUTLS_NEXT_CLI / GNUTLS_NEXT_SERV to be unset in ssl-opt.sh 2018-08-20 11:18:15 +02:00
Manuel Pégourié-Gonnard 02f3a8a921 Adjust timeout values for 3d test
Use the same values as other 3d tests: this makes the test hopefully a bit
faster than the default values, while not increasing the failure rate.

While at it:
- adjust "needs_more_time" setting for 3d interop tests (we can't set the
  timeout values for other implementations, so the test might be slow)
- fix some supposedly DTLS 1.0 test that were using dtls1_2 on the command
  line
2018-08-20 10:54:25 +02:00
Hanno Becker 56cdfd1e29 Refine reordering tests
Now that the UDP proxy has the ability to delay specific
handshake message on the client and server side, use
this to rewrite the reordering tests and thereby make
them independent on the choice of PRNG used by the proxy
(which is not stable across platforms).
2018-08-17 16:52:08 +01:00
Hanno Becker 872730481d Disable datagram packing in reordering tests 2018-08-17 16:52:08 +01:00
Hanno Becker b34149c00f Add test for buffering of record from next epoch 2018-08-17 16:52:08 +01:00
Hanno Becker e38422107e Add test for reordering of handshake messages 2018-08-17 16:52:08 +01:00
Hanno Becker aa5d0c4493 Add test for buffering out-of-order CCS 2018-08-17 16:52:08 +01:00
Hanno Becker 4a9d006f5f Add missing dependency in ssl-opt.sh 2018-08-17 16:10:47 +01:00
Hanno Becker bc73e4a822 Allow GNUTLS_NEXT_CLI / GNUTLS_NEXT_SERV to be unset in ssl-opt.sh 2018-08-17 15:53:21 +01:00
Hanno Becker 7ae8a76ced Add tests for datagram packing option to ssl-opt.sh
This commit adds four tests to ssl-opt.sh running default
DTLS client and server with and without datagram packing
enabled, and checking that datagram packing is / is not
used by inspecting the debug output.
2018-08-17 15:51:24 +01:00
Hanno Becker 1c9a24ce8c Disable datagram packing for various UDP proxy tests
The UDP proxy does currently not dissect datagrams into records,
an hence the coverage of the reordering, package loss and duplication
tests is much smaller if datagram packing is in use.

This commit disables datagram packing for most UDP proxy tests,
in particular all 3D (drop, duplicate, delay) tests.
2018-08-17 15:51:21 +01:00
Hanno Becker c4305238b5 Re-enable delayed CCS test
Now that datagram packing can be dynamically configured,
the test exercising the behavior of Mbed TLS when facing
an out-of-order CCS message can be re-introduced, disabling
datagram packing for the sender of the delayed CCS.
2018-08-17 15:45:45 +01:00
Hanno Becker 12405e76b5 Increase max_frag_len / MTU in fragmentation ref tests
The tests "DTLS fragmenting: none (for reference)" and
"DTLS fragmenting: none (for reference) (MTU)" used a
maximum fragment length resp. MTU value of 2048 which
was meant to be large enough so that fragmentation
of the certificate message would not be necessary.
However, it is not large enough to hold the entire flight
to which the certificate belongs, and hence there will
be fragmentation as soon as datagram packing is used.

This commit increases the maximum fragment length resp.
MTU values to 4096 bytes to ensure that even with datagram
packing in place, no fragmentation is necessary.

A similar change was made in "DTLS fragmenting: client (MTU)".
2018-08-17 15:45:19 +01:00
Hanno Becker 111fa497aa TEST-ONLY: Remove delayed CCS test
The test exercising a delayed CCS message is not
expected to work when datagram packing is used,
as the current UDP proxy is not able to recognize
records which are not at the beginning of a
datagram.
2018-08-17 15:44:37 +01:00
Manuel Pégourié-Gonnard 38110dfc0e Add interop test with unreliable connection
Adds a requirement for GNUTLS_NEXT (3.5.3 or above, in practice we should
install 3.6.3) on the CI.

See internal ref IOTSSL-2401 for analysis of the bugs and their impact on the
tests.
2018-08-17 12:44:54 +02:00
Hanno Becker d26bb2090f Add tests for empty CA list in CertificateRequest, TLS 1.0 & 1.1 2018-08-17 09:57:36 +01:00
Manuel Pégourié-Gonnard 0794d49566 Skip some tests with valgrind (spurious resend) 2018-08-17 10:54:24 +02:00
Manuel Pégourié-Gonnard 1218bc0f74 Add simple interop tests (reliable connection) 2018-08-17 10:51:26 +02:00
Jaeden Amero aa9f3fd6b1 Merge remote-tracking branch 'upstream-public/pr/930' into development 2018-08-16 15:29:58 +01:00
Manuel Pégourié-Gonnard 2d56f0d346 Add test with unreliable connection 2018-08-16 11:09:03 +02:00
Manuel Pégourié-Gonnard 19c62f90e4 Add test for session resumption 2018-08-16 10:50:39 +02:00
Manuel Pégourié-Gonnard 72c2707d9c Add tests for MTU with renegotiation
This exercises our computation of record expansion.
2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard b747c6cf9b Add basic first tests for MTU setting
For now, just check that it causes us to fragment. More tests are coming in
follow-up commits to ensure we respect the exact value set, including when
renegotiating.
2018-08-16 10:01:47 +02:00
Manuel Pégourié-Gonnard 2cb17e201b Make handshake fragmentation follow max_frag_len
Note: no interop tests in ssl-opt.sh for now, as some of them make us run into
bugs in (the CI's default versions of) OpenSSL and GnuTLS, so interop tests
will be added later once the situation is clarified. <- TODO
2018-08-16 10:01:10 +02:00
Mohammad Azim Khan 2c069dfad3 Fix typo in test_suite_entropy.function 2018-08-15 13:55:37 +01:00
Ron Eldor 446227a1bd Enhance nist_kw with some NULL buffers tests
Enhance the nist_kw test suite, with setting zero length input\output
buffers. Resolves #1882.
2018-08-13 14:46:45 +03:00
Jaeden Amero cac0c1a250 Merge remote-tracking branch 'upstream-public/pr/1378' into development 2018-08-10 10:59:53 +01:00
Mohammad Azim Khan 5cb7017077 Less obscure test suites template 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan d2d0112ca8 Style fixes 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan 440d8737c6 Fix macro validation regex 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan ee6529eb83 Add generate_test_code.py unit tests in all.sh 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan 21798105f6 Pylint tests in all.sh 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan 539aa06f64 Fix Python 2 & 3 compatibility in test_generate_test_code.py 2018-08-06 11:42:56 +01:00
Mohammad Azim Khan 32cbcdac8f Fix Pylint errors in Python scripts 2018-08-06 11:42:56 +01:00
Azim Khan 630281349e Replaced escaped_split() logic with regex 2018-08-06 11:42:56 +01:00
Azim Khan fcdf685302 Make test function parsing robust
This commit enhances parsing of the test function in generate_test_code.py for
cases where return type and function name are on separate lines.
2018-08-06 11:42:56 +01:00
Azim Khan 4084ec7ae5 Fixed unit tests in test_generate_test_code.py 2018-08-06 11:42:56 +01:00
Azim Khan 8d686bfdb1 Incorporated code revoew comments. 2018-08-06 11:42:56 +01:00
Azim Khan b31aa44e16 Fix style errors reported by pylint 2018-08-06 11:42:56 +01:00
Azim Khan aee05bbe70 Add test suite framework summary 2018-08-06 11:42:56 +01:00
Azim Khan 63ab501aa7 Fix generate_test_code.py argument --helpers-file in CMakeLists.txt 2018-08-06 11:42:56 +01:00
Azim Khan 27a35e7712 Wildcard possible targets and document
Test application names and function file names can be constructed
based on the followed naming convention. This commit documents the
naming convention and removes explicit listing of the test
executables and the lookup table for finding .function file.
2018-08-06 11:42:56 +01:00
Azim Khan 5fcca46a3a Rename HexParam_t -> data_t for consistent coding style 2018-08-06 11:42:06 +01:00
Azim Khan 62a5d7d65a Document status/error codes in helper.function 2018-08-06 11:42:06 +01:00
Azim Khan 951a2c8898 Improve documentation in mbedtls_test.py 2018-08-06 11:42:06 +01:00
Azim Khan e3b26af7c0 Improve documentation in generate_test_code.py 2018-08-06 11:42:06 +01:00
Azim Khan b98e6eec58 Replace asserts with exceptions in mbedtls_test.py 2018-08-06 11:42:06 +01:00
Azim Khan 040b6a2281 Wrap code to 79 character limit 2018-08-06 11:42:06 +01:00
Azim Khan 936ea9302a Strip whitespaces added by decode() function 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan 00c4b090c1 Change intermediate data file extension to .datax 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan ff560f2239 Rename makefile target gen-embedded-test - generate-target-tests 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan cfd834274b Use integer instead of string as test result 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan 53faf5c964 Widen the test app columns 2018-08-06 11:42:06 +01:00
Mohammad Azim Khan 8a3628fc86 Set PYTHON using ?= syntax 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 8f6e8cfcc7 Print line number with data file error 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 3b06f226e9 Replace asserts with exceptions in generate_test_code.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan c3521dfdd6 Fix generate_test_code.py unit tests 2018-08-06 11:40:58 +01:00
Azim Khan 0fa3504a77 Add missing MSVC typedefs 2018-08-06 11:40:58 +01:00
Gilles Peskine 667f7f8369 Fix generation of #line directives in Python 2
When using Python 2 (which is done in the Makefile), all #line
directives from the test code were generated with the line number 1.
This traces back to the change in the method name for generators in
Python 2 (next) vs Python 3 (__next__). Override both methods so that
the script remains compatible with both Python 2 and Python 3.
2018-08-06 11:40:58 +01:00
Gilles Peskine 7776141a16 Don't generate lines with only whitespace 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 9b06f37601 Give execute permissions to Python scripts 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan b73159d639 Remove white spaces caught by check-files.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan ddde34c698 Remove git conflict marker from test_suite_timing.function 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 76135345c8 Fix gcc-7 -Wformat-truncation warning
Function test_snprintf() is called by run_test_snprintf() with constant test
data. It gets inlined and is subjected to snprintf format truncation checks
introduced by -Wformat-truncation in gcc-7. -Wformat-truncation is turned
On by -Wall and other similar options. It results in error with -Werror.

-Wformat-truncation makes tests performed by run_test_snprintf() redundant
on gcc. But they are still relevant for other compilers. This commit prevents
inlining of test_snprintf() to avoid gcc compile time checks.
2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 1ec7e6f3d9 Python3 compatible generate_test_code.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 78befd9019 Rename generate_code.py -> generate_test_code.py 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 7eb55687c4 Set OS specific python executable name 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan b522929666 Add support for per test suite helper functions 2018-08-06 11:40:58 +01:00
Azim Khan 05d83fa406 Put parentheses around macro arguments 2018-08-06 11:40:58 +01:00
Azim Khan 36e5fac0fb Rephrase confusing function description 2018-08-06 11:40:58 +01:00
Azim Khan 317efe85e1 Adapt new test gcm_bad_parameters() to on target testing changes 2018-08-06 11:40:58 +01:00
Azim Khan f0e42fbd1f Add missing documentation and fix file doc strings 2018-08-06 11:40:58 +01:00
Mohammad Azim Khan 9540261a76 Incorporated code review comments 2018-08-06 11:40:58 +01:00
Azim Khan d61b837fac Update unit tests for change in test suites code generator
Code generator has been modified to generate case statements for dependency checks and expression checks.
This commit updates the unit tests accordingly.
2018-08-06 11:40:58 +01:00
Azim Khan b1c2d0f946 Use switch instead if if-else for dependency and expression checks. 2018-08-06 11:40:58 +01:00
Azim Khan d61a4384d8 incorporate code review comment in embedded_test.function 2018-08-06 11:40:58 +01:00
Azim Khan 663d4702c5 Incorporate code review suggestions in mbedtls_test.py 2018-08-06 11:40:58 +01:00
Azim Khan 599cd247e6 Update unit tests for code generator and make code generator more testable. 2018-08-06 11:40:58 +01:00
Azim Khan acc5473ac9 Use FileWrapper class in place of file where line number is required 2018-08-06 11:40:57 +01:00
Azim Khan 5e2ac1fb29 Updated generate_code.py unit tests 2018-08-06 11:40:57 +01:00
Azim Khan 4b54323bcb Unit test generate_copy.py 2018-08-06 11:40:57 +01:00
Azim Khan 13c6bfbc2a Gaurd test suite headers with suite dependency
Test suite header code was not gaurded with test suite dependency.
But some test suites have additional code in the headers section.
Variables in that section become unused if suite functions are
gaurded. Hence gaurded the headers section.
But this changed cuased missing types in get_expression() function
that was originally accessing types defined through suite headers.
Hence had to gaurd expressions code as well.
Gaurding expressions does not allow parsing the parameters when
some types or hash defs are gaurded. Hence added function
check_test() to check if test is allowed or not before parsing the
parameters.
2018-08-06 11:40:57 +01:00