Add a test case that would fail if all line comments were parsed before
block comments, and a test case that would fail if all block comments were
parsed before line comments.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Restore compatibiltiy testing against OpenSSL for
(D)TLS versions smaller that 1.2.
. Fix the check for support in OpenSSL for these versions
. For test cases for (D)TLS version smaller than 1.2,
restore the configuration of OpenSSL client/server
with the given TLS version, as it was before #5660
that broke it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
OpenSSL may be configured to support features such as cipher suites or
protocol versions that are disabled by default. Enable them all: we're
testing, we don't care about enabling insecure stuff. This is not needed
with the builds of OpenSSL that we're currently using on the Jenkins CI, but
it's needed with more recent versions such as typically found on developer
machines, and with future CI additions.
The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we
don't need to do anything special with earlier versions.
With OpenSSL 1.1.1f on Ubuntu 20.04, this is needed to enable TLS 1.0, TLS
1.1 and DTLS 1.0. This also allows SHA-1 in certificates, which is still
needed for a few test cases in ssl-opt.sh. Curiously, this is also needed
for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and no other,
including other DHE-PSK or ARIA cipher suites).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Restore compatibiltiy testing against OpenSSL for
(D)TLS versions smaller that 1.2.
. Fix the check for support in OpenSSL for these versions
. For test cases for (D)TLS version smaller than 1.2,
restore the configuration of OpenSSL client/server
with the given TLS version, as it was before #5660
that broke it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to
a null pointer when the cipher does not use an IV. This is undefined
behavior, although it works as naively expected on most platforms. This
can cause a crash with modern Clang+ASan (depending on compiler optimizations).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Looking for the .data file doesn't work in out-of-tree builds. Use the
.datax file instead. `make clean` removes all .datax files, so this resolves
the issue of executables not present on the current branch being left behind
after a branch change followed by a `make clean`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The already existing "x509_csr_check()" function is extended in order
to support/test also CSR's extensions. The test is performed by
adding an extended key usage.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This macro is expected to be defined out of the library, and there
is no definition in the library. Thus it needs to be excluded from
typo check.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Typos of PSA macro and enum names are not checked by check_names.py.
This commit extend the check list to include PSA_XXX references.
The words should be macro/enum names defined as public_macros,
internal_macros, private_macros and enums. This commit also extend
the scope of enums to include those are defined in library/*.c.
A new type of macros "private", which are defined in library/*.c was
also added.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Although negative zero is officially unsupported, we've had bugs related to
it in the past. So do test functions with a negative zero input.
There will likely be cases where we don't want to accept negative zero as if
it was valid, because it's too hard to handle. We'll add exceptions on a
case by case basis.
For the functions that are currently tested by the generated tests, the new
test cases pass.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The bignum module does not officially support "negative zero" (an
mbedtls_mpi object with s=-1 and all limbs zero). However, we have a
history of bugs where a function that should produce an official
zero (with s=1), produces a negative zero in some circumstances. So it's
good to check that the bignum functions are robust when passed a negative
zero as input. And for that, we need a way to construct a negative zero
from test case arguments.
There are checks that functions don't produce negative zeros as output in
the test suite. Skip those checks if there's a negative zero input: we
don't want functions to _create_ negative zeros, but we don't mind if
they _propagate_ negative zeros.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This exposes a bug in mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi() which
will be fixed in a subsequent commit.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Although our build scripts support that, it's annoying, because it makes
"test_suite_XXX" ambiguous between "all the data for
test_suite_XXX.function" and "just test_suite_XXX.data".
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
It just got renamed, and it's also not the most canonical example since it's
a somewhat deprecated interface in the development branch. Make a different
module the example.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Align the name of the bignum test suite with the source module (which was
renamed from mpi.c to bignum.c in the PolarSSL 1.x days). This also brings
it into line with the test suites for the low-level bignum interfaces.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Looking for executables causes problems with leftover compiled test
suites from other branches when we forget to run make clean before
switching branches. Using the .data files is more robust as most of them
are tracked, so will be removed when switching branches.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
For the benefit of auto-formatting tools, move from the '$placeholder'
templating syntax to a new syntax of the form:
__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER
This change allows the test code template to be almost entirely valid C.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
component_build_psa_accel_alg_ecdsa is subsumed by
component_test_psa_crypto_config_accel_ecdsa, which has the same
configuration and additionally runs the unit tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
