The goal of testing with GCC 15 is to validate fixes for
https://github.com/Mbed-TLS/mbedtls/issues/9814 . The bug is present in
multiple places, and some of them affect third-party drivers but not our
built-in implementation. (The bug is that driver contexts might not be
zero-initialized, but some of our built-in implementations happen not to
care about this.) Thus, enable the test drivers in the test component that
uses GCC 15, to gain the extra checks performed in the driver wrappers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is a new warning in GCC 15 that our code base triggers in many places.
Silence it for the time being.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Reassemble handshake fragments incrementally instead of all at the end. That
is, every time we receive a non-initial handshake fragment, append it to the
initial fragment. Since we only have to deal with at most two handshake
fragments at the same time, this simplifies the code (no re-parsing of a
record) and is a little more memory-efficient (no need to store one record
header per record).
This commit also fixes a bug. The previous code did not calculate offsets
correctly when records use an explicit IV, which is the case in TLS 1.2 with
CBC (encrypt-then-MAC or not), GCM and CCM encryption (i.e. all but null and
ChachaPoly). This led to the wrong data when an encrypted handshake message
was fragmented (Finished or renegotiation). The new code handles this
correctly.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In particular, run the test case
"Authentication: hostname unset, client required, secure config, CA callback"
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit updates the path for the moved test_zeroize.gdb script which
has been moved to MbedTLS-Framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit updates the paths for dlopen_demo.sh in
components-build-system.sh as the file has been moved to the framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit moves demo_common.sh, dlopen_demo.sh, metatest.c
query_compile_time_config.c, query_config.h, query_included_headers.c,
zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
The following files are moved to the framework repo (deleted here):
tests/scripts/test_psa_compliance.py
tests/scripts/test_psa_constant_names.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
These tests are about EC curves/groups, not DH ones, so the description
should be updated accordingly.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The following files are moved to the framework repo (deleted here):
tests/scripts/pkgconfig.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The following files are moved to the framework repo (deleted here):
tests/scripts/check_names.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The following files are moved to the framework repo (deleted here):
scripts/assemble_changelog.py
tests/scripts/check-doxy-blocks.pl
tests/scripts/check-python-files.sh
tests/scripts/doxygen.sh
scripts/apidoc_full.sh
tests/scripts/recursion.pl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit removes tcp_client.pl and removes it from ssl-opt.sh as it
has been replaced by test_suite_ssl.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes obsolete Travis CI scripts that are no longer
required due to the transition to a publically available CI image.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes Docker CI scripts from the repository as they are no
longer necessary with CI images being publically available.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.
In this commit:
* Add manually written not-supported test cases for the signature
operation when exactly one variant is supported.
* Add manually written positive test cases for the verification
operation when exactly one variant is supported.
* Register that !ECDSA but DETERMINISTIC_ECDSA is not tested yet
(https://github.com/Mbed-TLS/mbedtls/issues/9592).
A commit in the framework will take care of automatically generated test cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The function mbedtls_test_hook_error_add() is declared in the library
but supplied by test helpers in framework/tests/src, so it is undefined
in library-only builds. This messes up our checks for missing symbols,
so disable MBEDTLS_TEST_HOOKS when we are building to check missing
symbols.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
These are not moving to the framework, so their paths are fine to stay
as they are, undo the update done through global search-replace.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
