Commit Graph

1033 Commits

Author SHA1 Message Date
Jaeden Amero
5d4c2a0fd0 Merge remote-tracking branch 'upstream-public/pr/1289' into mbedtls-1.3 2018-01-29 12:50:18 +00:00
Ron Eldor
08a1936031 Support verbose output of the test suites
generate add ctest test-suites, with the --verbose argument to be given
to the test suites.
The verbose output will be shown **only** if ctest is run with `-v` parameter
The verbose argument is to the test-suites, only when run through `ctest`
2018-01-25 18:30:55 +00:00
Gilles Peskine
0870c21fdd wait_server_start: warn if lsof is not available
If lsof is not available, wait_server_start uses a fixed timeout,
which can trigger a race condition if the timeout turns out to be too
short. Emit a warning so that we know this is going on from the test
logs.
2018-01-22 11:41:01 +01:00
Manuel Pégourié-Gonnard
1bca5ef096 Increase waiting times compat.sh and ssl-opt.sh
- Some of the CI machines don't have lsof installed yet, so rely on an sleeping
an arbitrary number of seconds while the server starts. We're seeing
occasional failures with the current delay because the CI machines are highly
loaded, which seems to indicate the current delay is not quite enough, but
hopefully not to far either, so double it.

- While at it, also double the watchdog delay: while I don't remember seeing
  much failures due to client timeout, this change doesn't impact normal
running time of the script, so better err on the safe side.

These changes don't affect the test and should only affect the false positive
rate coming from the test framework in those scripts.
2018-01-22 11:40:46 +01:00
Micha Kraus
f78adc5d90 fix bug in get_one_and_zeros_padding()
add test case (“0000000082”) which fails with the old implementation.
2018-01-18 00:01:42 +01:00
Hanno Becker
175668a8fd Address issues found by coverity
1) The MPI test for prime generation missed a return value
   check for a call to `mpi_shift_r`. This is neither
   critical nor new but should be fixed.

2) The RSA keygeneration example program contained code
   initializing an RSA context after a potentially failing
   call to CTR DRBG initialization, leaving the corresponding
   RSA context free call in the cleanup section orphaned.
   The commit fixes this by moving the initializtion of the
   RSA context prior to the first potentially failing call.
2018-01-10 11:24:43 +00:00
Manuel Pégourié-Gonnard
465c8b7827 Merge remote-tracking branch 'public/pr/1222' into mbedtls-1.3
* public/pr/1222:
  all.sh: add some documentation
  all.sh: new option --no-armcc
  all.sh: --keep-going mode
  all.sh: cleaned up usage output
  all.sh: indent
2017-12-26 10:59:35 +01:00
Gilles Peskine
e8be5e2571 all.sh: add some documentation 2017-12-22 11:02:13 +01:00
Manuel Pégourié-Gonnard
a15a41ce48 Merge remote-tracking branch 'public/pr/1217' into mbedtls-1.3
* public/pr/1217:
  compat.sh: use wait_server_start
  wait_server_start: minor efficiency improvement
2017-12-21 11:13:43 +01:00
Gilles Peskine
273ac90383 all.sh: new option --no-armcc
With this option, don't run anything that requires armcc, so
the script can run offline.
2017-12-20 15:32:01 +01:00
Gilles Peskine
ded50da458 all.sh: --keep-going mode
Add --keep-going mode to all.sh. In this mode, if a test fails, keep
running the subsequent tests. If a build fails, skip any tests of this
build and move on to the next tests. Errors in infrastructure, such as
git or cmake runs, remain fatal. Print an error summary at the end of
the run, and return a nonzero code if there was any failure.

In known terminal types, use color to highlight errors.

On a fatal signal, interrupt the run and report the errors so far.
2017-12-20 15:24:51 +01:00
Gilles Peskine
4d4872ae20 all.sh: cleaned up usage output 2017-12-20 14:00:38 +01:00
Gilles Peskine
fb18b6ccd2 all.sh: indent 2017-12-20 14:00:06 +01:00
Gilles Peskine
605c2284bc Merge branch 'pr_998' into mbedtls-1.3 2017-12-19 18:10:51 +01:00
Gilles Peskine
103299edb7 compat.sh: use wait_server_start
Port wait_server_start from ssl-opt.sh to compat.sh, instead of just
using "sleep 1". This solves the problem that on a heavily loaded
machine, sleep 1 is sometimes not enough (we had CI failures because
of this). This is also faster on a lightly-loaded machine.
2017-12-19 13:37:41 +01:00
Gilles Peskine
80f6be76e0 wait_server_start: minor efficiency improvement
In wait_server_start, fork less. When lsof is present, call it on the
expected process. This saves a few percent of execution time on a
lightly loaded machine. Also, sleep for a short duration rather than
using a tight loop.
2017-12-19 13:35:10 +01:00
Manuel Pégourié-Gonnard
b9c40b3157 Merge remote-tracking branch 'public/pr/1119' into mbedtls-1.3
* public/pr/1119:
  Allow comments in test data files
2017-12-19 12:21:07 +01:00
Gilles Peskine
6e206364d9 Merge remote-tracking branch 'upstream-public/pr/1175' into mbedtls-1.3 2017-12-04 17:21:09 +01:00
Gilles Peskine
3a3228cf90 Merge remote-tracking branch 'upstream-public/pr/1155' into mbedtls-1.3 2017-11-29 20:55:11 +01:00
Gilles Peskine
8c946113ba Merge branch 'pr_1083' into mbedtls-1.3
Merge PR #1083 plus ChangeLog entry.
2017-11-28 18:42:21 +01:00
Gilles Peskine
f15cbdab67 Merge remote-tracking branch 'upstream-public/pr/1109' into mbedtls-1.3 2017-11-28 18:41:31 +01:00
Gilles Peskine
f945a2245e Merge remote-tracking branch 'upstream-public/pr/944' into mbedtls-1.3 2017-11-28 18:38:17 +01:00
Nicholas Wilson
25f762d248 Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2017-11-28 13:43:06 +00:00
Gilles Peskine
e298532394 Merge remote-tracking branch 'upstream-public/pr/1113' into mbedtls-1.3 2017-11-24 15:38:42 +01:00
Darryl Green
851111dc16 Add tests for invalid private parameters in ecdsa_sign() 2017-11-20 15:54:05 +00:00
Hanno Becker
be812f68c5 Add build and ssl-opt.sh run for SSL_DISABLE_RENEGOTIATION to all.sh 2017-10-25 09:51:30 +01:00
Hanno Becker
e8f3d933e9 Add dep'n on !DISABLE_RENEGOTIATION to renego tests in ssl-opt.sh 2017-10-25 09:51:13 +01:00
Andres Amaya Garcia
8a6ba0b495 Improve leap year test names in x509parse.data 2017-10-12 21:18:21 +01:00
Andres AG
7c02d13746 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:08:46 +01:00
Janos Follath
ea111c5501 Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 14:06:40 +01:00
Hanno Becker
c143653a19 Add tests for encrypted 2048 and 4096-bit RSA keys
This commit adds multiple RSA keys of various sizes and unifies their naming scheme.
2017-10-06 14:31:51 +01:00
Hanno Becker
ef4acc569d Minor style and typo corrections 2017-10-05 08:37:56 +01:00
Hanno Becker
524f255c5b Extend x509write_crt suite by RSA_ALT signing test 2017-10-05 08:37:56 +01:00
Hanno Becker
3c89dca09e Omit version from X.509 v1 certificates
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-10-05 07:39:45 +01:00
Gilles Peskine
f1cc6a4ae8 Allow comments in test data files 2017-10-02 11:20:39 +02:00
Hanno Becker
3674a4865c Guard some tests by presence of default entropy 2017-09-08 10:56:19 +01:00
Hanno Becker
adb9bd23d9 Add internal macro ENTROPY_HAVE_DEFAULT indicating default entropy
This commit adds the macro ENTROPY_HAVE_DEFAULT to the helper test file tests/suites/helpers.function to be able to make
tests depend on the presence of a default entropy source.
2017-09-08 10:53:30 +01:00
Hanno Becker
cffe2daf25 Support negative dependencies in test cases
The entropy test suite uses a negative dependency "depends_on:!CONFIG_FLAG" for one of its tests. This kind of
dependency (running a test only if some configuration flag is not defined) is currently not supported and instead
results in the respective test case being dropped.

This commit adds support for negative dependencies in test cases.
2017-09-08 10:39:07 +01:00
Hanno Becker
65382c38e8 Fix typos in entropy test data 2017-09-08 10:36:26 +01:00
Hanno Becker
8cd5d43639 Initialize RSA context in RSA test suite before first potentially failing operation
The function `rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after
seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context,
potentially resulting in a segmentation fault. Fixes one aspect of #1023.
2017-09-08 10:35:32 +01:00
Simon Butcher
03bd0229ab Update version to 1.3.21 2017-08-10 11:52:14 +01:00
Simon Butcher
e513cf7f26 Remove the check in ssl-opt.sh for MAX_INTERMEDIATE_CA
The check uses grep, not config.pl, on the x509 headers - not where it should
be configured - config.h. grep syntax isn't very portable. Without config.pl
it's quite hard to do this check properly so removing this check.
2017-07-28 13:16:50 +01:00
Simon Butcher
4c338d539a Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 13:16:50 +01:00
Hanno Becker
88252333e2 Fix typo 2017-07-28 13:15:57 +01:00
Hanno Becker
63ee8c1b73 Check threshold for POLARSSL_X509_MAX_INTERMEDIATE_CA in X509 tests
The X509 test suite assumes that POLARSSL_X509_MAX_INTERMEDIATE_CA is below
the hardcoded threshold 20 used in the long certificate chain generating
script tests/data_files/dir-max/long.sh. This commit adds a compile-time
check for that.
2017-07-28 13:15:57 +01:00
Hanno Becker
806c680eba Improve Readme for long test certificate chains 2017-07-28 13:15:57 +01:00
Hanno Becker
5a0ea97cfb Check value of POLARSSL_X509_MAX_INTERMEDIATE_CA in ssl-opt.sh
Some tests in ssl-opt.sh assumes the value 8 for the maximal number
POLARSSL_X509_MAX_INTERMEDIATE_CA of intermediate CA's. This commit
adds a check before conducting the respective tests.
2017-07-28 13:15:57 +01:00
Janos Follath
1fbc5fb027 Fix typos 2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
33e8d34e95 Fix filtering bug in ssl-opt.sh
If the first test to be run according to -e and -f options is just after a
test that would have been skipped due to a require_xxx instruction, then it
would be incorrectly skipped.
2017-07-28 13:15:57 +01:00
Manuel Pégourié-Gonnard
e23f7b312d Make test script more portable
seq isn't POSIX and isn't present by default on BSDs
2017-07-28 13:15:57 +01:00