1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-05 19:35:48 +03:00

ssl-opt: Introduce --list-test-cases option

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
This commit is contained in:
Tomás González
2023-09-13 11:47:13 +01:00
parent f38e2fe97b
commit cbb2e45e96

View File

@@ -112,6 +112,7 @@ FILTER='.*'
EXCLUDE='^$' EXCLUDE='^$'
SHOW_TEST_NUMBER=0 SHOW_TEST_NUMBER=0
LIST_TESTS=0
RUN_TEST_NUMBER='' RUN_TEST_NUMBER=''
PRESERVE_LOGS=0 PRESERVE_LOGS=0
@@ -131,6 +132,7 @@ print_usage() {
printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n"
printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
printf " --list-test-cases\tList all potential test cases (No Execution)\n"
printf " --outcome-file\tFile where test outcomes are written\n" printf " --outcome-file\tFile where test outcomes are written\n"
printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n" printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n"
@@ -156,6 +158,9 @@ get_options() {
-s|--show-numbers) -s|--show-numbers)
SHOW_TEST_NUMBER=1 SHOW_TEST_NUMBER=1
;; ;;
-l|--list-test-cases)
LIST_TESTS=1
;;
-p|--preserve-logs) -p|--preserve-logs)
PRESERVE_LOGS=1 PRESERVE_LOGS=1
;; ;;
@@ -185,11 +190,18 @@ get_options() {
done done
} }
get_options "$@"
# Read boolean configuration options from config.h for easy and quick # Read boolean configuration options from config.h for easy and quick
# testing. Skip non-boolean options (with something other than spaces # testing. Skip non-boolean options (with something other than spaces
# and a comment after "#define SYMBOL"). The variable contains a # and a comment after "#define SYMBOL"). The variable contains a
# space-separated list of symbols. # space-separated list of symbols.
CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )" if [ "$LIST_TESTS" -eq 0 ];then
CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )"
else
P_QUERY=":"
CONFIGS_ENABLED=""
fi
# Skip next test; use this macro to skip tests which are legitimate # Skip next test; use this macro to skip tests which are legitimate
# in theory and expected to be re-introduced at some point, but # in theory and expected to be re-introduced at some point, but
# aren't expected to succeed at the moment due to problems outside # aren't expected to succeed at the moment due to problems outside
@@ -221,7 +233,12 @@ get_config_value_or_default() {
# #
# Note that if the configuration is not defined or is defined to nothing, # Note that if the configuration is not defined or is defined to nothing,
# the output of this function will be an empty string. # the output of this function will be an empty string.
${P_SRV} "query_config=${1}" if [ "$LIST_TESTS" -eq 0 ];then
${P_SRV} "query_config=${1}"
else
echo "1"
fi
} }
requires_config_value_at_least() { requires_config_value_at_least() {
@@ -496,19 +513,18 @@ requires_not_i686() {
fi fi
} }
# Calculate the input & output maximum content lengths set in the config
MAX_CONTENT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_MAX_CONTENT_LEN" ) MAX_CONTENT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_MAX_CONTENT_LEN" )
MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" ) MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" )
MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" ) MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" )
if [ "$LIST_TESTS" -eq 0 ];then
# Calculate the maximum content length that fits both # Calculate the input & output maximum content lengths set in the config
if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
MAX_CONTENT_LEN="$MAX_IN_LEN" MAX_CONTENT_LEN="$MAX_IN_LEN"
fi
if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
MAX_CONTENT_LEN="$MAX_OUT_LEN"
fi
fi fi
if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
MAX_CONTENT_LEN="$MAX_OUT_LEN"
fi
# skip the next test if the SSL output buffer is less than 16KB # skip the next test if the SSL output buffer is less than 16KB
requires_full_size_output_buffer() { requires_full_size_output_buffer() {
if [ "$MAX_OUT_LEN" -ne 16384 ]; then if [ "$MAX_OUT_LEN" -ne 16384 ]; then
@@ -550,6 +566,7 @@ print_name() {
fi fi
LINE="$LINE$1" LINE="$LINE$1"
printf "%s " "$LINE" printf "%s " "$LINE"
LEN=$(( 72 - `echo "$LINE" | wc -c` )) LEN=$(( 72 - `echo "$LINE" | wc -c` ))
for i in `seq 1 $LEN`; do printf '.'; done for i in `seq 1 $LEN`; do printf '.'; done
@@ -1164,6 +1181,11 @@ run_test() {
return return
fi fi
if [ "$LIST_TESTS" -gt 0 ]; then
printf "%s\n" "$NAME"
return
fi
print_name "$NAME" print_name "$NAME"
# Do we only run numbered tests? # Do we only run numbered tests?
@@ -1363,8 +1385,6 @@ cleanup() {
# MAIN # MAIN
# #
get_options "$@"
# Make the outcome file path relative to the original directory, not # Make the outcome file path relative to the original directory, not
# to .../tests # to .../tests
case "$MBEDTLS_TEST_OUTCOME_FILE" in case "$MBEDTLS_TEST_OUTCOME_FILE" in
@@ -1413,104 +1433,106 @@ else
} }
fi fi
# sanity checks, avoid an avalanche of errors if [ "$LIST_TESTS" -eq 0 ];then
P_SRV_BIN="${P_SRV%%[ ]*}"
P_CLI_BIN="${P_CLI%%[ ]*}" # sanity checks, avoid an avalanche of errors
P_PXY_BIN="${P_PXY%%[ ]*}" P_SRV_BIN="${P_SRV%%[ ]*}"
if [ ! -x "$P_SRV_BIN" ]; then P_CLI_BIN="${P_CLI%%[ ]*}"
echo "Command '$P_SRV_BIN' is not an executable file" P_PXY_BIN="${P_PXY%%[ ]*}"
exit 1 if [ ! -x "$P_SRV_BIN" ]; then
fi echo "Command '$P_SRV_BIN' is not an executable file"
if [ ! -x "$P_CLI_BIN" ]; then
echo "Command '$P_CLI_BIN' is not an executable file"
exit 1
fi
if [ ! -x "$P_PXY_BIN" ]; then
echo "Command '$P_PXY_BIN' is not an executable file"
exit 1
fi
if [ "$MEMCHECK" -gt 0 ]; then
if which valgrind >/dev/null 2>&1; then :; else
echo "Memcheck not possible. Valgrind not found"
exit 1 exit 1
fi fi
if [ ! -x "$P_CLI_BIN" ]; then
echo "Command '$P_CLI_BIN' is not an executable file"
exit 1
fi
if [ ! -x "$P_PXY_BIN" ]; then
echo "Command '$P_PXY_BIN' is not an executable file"
exit 1
fi
if [ "$MEMCHECK" -gt 0 ]; then
if which valgrind >/dev/null 2>&1; then :; else
echo "Memcheck not possible. Valgrind not found"
exit 1
fi
fi
if which $OPENSSL >/dev/null 2>&1; then :; else
echo "Command '$OPENSSL' not found"
exit 1
fi
# used by watchdog
MAIN_PID="$$"
# We use somewhat arbitrary delays for tests:
# - how long do we wait for the server to start (when lsof not available)?
# - how long do we allow for the client to finish?
# (not to check performance, just to avoid waiting indefinitely)
# Things are slower with valgrind, so give extra time here.
#
# Note: without lsof, there is a trade-off between the running time of this
# script and the risk of spurious errors because we didn't wait long enough.
# The watchdog delay on the other hand doesn't affect normal running time of
# the script, only the case where a client or server gets stuck.
if [ "$MEMCHECK" -gt 0 ]; then
START_DELAY=6
DOG_DELAY=60
else
START_DELAY=2
DOG_DELAY=20
fi
# some particular tests need more time:
# - for the client, we multiply the usual watchdog limit by a factor
# - for the server, we sleep for a number of seconds after the client exits
# see client_need_more_time() and server_needs_more_time()
CLI_DELAY_FACTOR=1
SRV_DELAY_SECONDS=0
# fix commands to use this port, force IPv4 while at it
# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
# machines that will resolve to ::1, and we don't want ipv6 here.
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
O_SRV="$O_SRV -accept $SRV_PORT"
O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT"
# Newer versions of OpenSSL have a syntax to enable all "ciphers", even
# low-security ones. This covers not just cipher suites but also protocol
# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
# a way to discover it from -help, so check the openssl version.
case $($OPENSSL version) in
"OpenSSL 0"*|"OpenSSL 1.0"*) :;;
*)
O_CLI="$O_CLI -cipher ALL@SECLEVEL=0"
O_SRV="$O_SRV -cipher ALL@SECLEVEL=0"
;;
esac
if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
fi
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
fi
# Allow SHA-1, because many of our test certificates use it
P_SRV="$P_SRV allow_sha1=1"
P_CLI="$P_CLI allow_sha1=1"
fi fi
if which $OPENSSL >/dev/null 2>&1; then :; else
echo "Command '$OPENSSL' not found"
exit 1
fi
# used by watchdog
MAIN_PID="$$"
# We use somewhat arbitrary delays for tests:
# - how long do we wait for the server to start (when lsof not available)?
# - how long do we allow for the client to finish?
# (not to check performance, just to avoid waiting indefinitely)
# Things are slower with valgrind, so give extra time here.
#
# Note: without lsof, there is a trade-off between the running time of this
# script and the risk of spurious errors because we didn't wait long enough.
# The watchdog delay on the other hand doesn't affect normal running time of
# the script, only the case where a client or server gets stuck.
if [ "$MEMCHECK" -gt 0 ]; then
START_DELAY=6
DOG_DELAY=60
else
START_DELAY=2
DOG_DELAY=20
fi
# some particular tests need more time:
# - for the client, we multiply the usual watchdog limit by a factor
# - for the server, we sleep for a number of seconds after the client exits
# see client_need_more_time() and server_needs_more_time()
CLI_DELAY_FACTOR=1
SRV_DELAY_SECONDS=0
# fix commands to use this port, force IPv4 while at it
# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
# machines that will resolve to ::1, and we don't want ipv6 here.
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
O_SRV="$O_SRV -accept $SRV_PORT"
O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT"
# Newer versions of OpenSSL have a syntax to enable all "ciphers", even
# low-security ones. This covers not just cipher suites but also protocol
# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
# a way to discover it from -help, so check the openssl version.
case $($OPENSSL version) in
"OpenSSL 0"*|"OpenSSL 1.0"*) :;;
*)
O_CLI="$O_CLI -cipher ALL@SECLEVEL=0"
O_SRV="$O_SRV -cipher ALL@SECLEVEL=0"
;;
esac
if [ -n "${OPENSSL_NEXT:-}" ]; then
O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
fi
if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
fi
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
fi
# Allow SHA-1, because many of our test certificates use it
P_SRV="$P_SRV allow_sha1=1"
P_CLI="$P_CLI allow_sha1=1"
# Also pick a unique name for intermediate files # Also pick a unique name for intermediate files
SRV_OUT="srv_out.$$" SRV_OUT="srv_out.$$"
CLI_OUT="cli_out.$$" CLI_OUT="cli_out.$$"
@@ -10540,17 +10562,19 @@ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
requires_max_content_len 16384 requires_max_content_len 16384
run_tests_memory_after_hanshake run_tests_memory_after_hanshake
# Final report if [ "$LIST_TESTS" -eq 0 ]; then
# Final report
echo "------------------------------------------------------------------------" echo "------------------------------------------------------------------------"
if [ $FAILS = 0 ]; then if [ $FAILS = 0 ]; then
printf "PASSED" printf "PASSED"
else else
printf "FAILED" printf "FAILED"
fi
PASSES=$(( $TESTS - $FAILS ))
echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
fi fi
PASSES=$(( $TESTS - $FAILS ))
echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
if [ $FAILS -gt 255 ]; then if [ $FAILS -gt 255 ]; then
# Clamp at 255 as caller gets exit code & 0xFF # Clamp at 255 as caller gets exit code & 0xFF