Commit Graph

13 Commits

Author SHA1 Message Date
Raoul Strackx
2db000feb6 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 15:25:42 -05:00
Gilles Peskine
e374b95fe1 Detect and report mutex usage errors in SSL test programs
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
53dea743d5 SSL test programs: allow for test hooks init and error reports
Create utility functions to set up test hooks and report errors that
the test hooks might detect. Call them in ssl_client2 and ssl_server2.

Test hooks are potentially enabled by compiling with
MBEDTLS_TEST_HOOKS.

This commit only sets up the functions. It doesn't make them do
anything yet.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-22 19:24:03 +01:00
Gilles Peskine
8eb2943705 Support mbedtls_psa_get_random() in SSL test programs
The SSL test programs can now use mbedtls_psa_get_random() rather than
entropy+DRBG as a random generator. This happens if
the configuration option MBEDTLS_USE_PSA_CRYPTO is enabled, or if
MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is set at build time.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-16 15:39:48 +01:00
Gilles Peskine
aaedbdcfd6 Refuse reproducible mode with MBEDTLS_USE_PSA_CRYPTO
With MBEDTLS_USE_PSA_CRYPTO, some of the randomness for the TLS
connection is generated inside the PSA crypto subsystem, which has no
reproducible mode. Whether there is a nonzero amount of randomness
coming from inside the PSA subsystem rather than from the random
generator set by mbedtls_ssl_conf_rng() depends on the choice of
cipher suite and other connection parameters as well as the level of
support for MBEDTLS_USE_PSA_CRYPTO. Rather than give unreliable
results, conservatively abort with a clear error message.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-02-03 13:55:22 +01:00
Gilles Peskine
ba74904c48 SSL test programs: support HMAC_DRBG
Support HMAC_DRBG in ssl_client2 and ssl_server2, in addition to
CTR_DRBG. CTR_DRBG is still used if present, but it's now possible to
run the SSL test programs with CTR_DRBG disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:30:03 +01:00
Gilles Peskine
535fb37870 SSL test programs: abstract CTR_DRBG away
In ssl_client2 and ssl_server2, to generate random data, go through a
level of indirection provided by ssl_test_lib. This way the programs
don't depend on a particular choice of RNG implementation, and only
ssl_test_lib.{h,c} explicitly reference CTR_DRBG.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:18:32 +01:00
Gilles Peskine
f1cb75fe13 Local cleanups following the code move
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:18:27 +01:00
Gilles Peskine
daa94c4ff5 SSL test programs: move RNG common code to ssl_test_lib
This commit is deliberately arranged to minimize code changes.
Subsequent commits will clean up the resulting code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-13 20:13:47 +01:00
Gilles Peskine
504c1a361e ssl_test_lib: move common functions and variables
Move from ssl_*2.c to ssl_test_lib.c:
* Functions that have exactly identical definitions in the two
  programs, and that don't reference the global variable opt which
  has a different type in the client and in the server. Also declare
  these functions in ssl_test_lib.h.

Move from ssl_*2.c to ssl_test_common_source.c:
* Functions that have exactly identical definitions in the two
  programs, but access fields of the global variable opt which
  has a different structure type in the client and in the server.
* The array ssl_sig_hashes_for_test, because its type is incomplete.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
ab7ce96d7b ssl_test_lib: move initial includes and is-it-supported check
Move from ssl_*2.c to ssl_test_lib.h:
* The inclusion of the config header file (identical).
* The fallback definitions of platform functions (almost identical:
  server2 also had snprintf and the order and whitespace was slightly
  different).
* The compilation guards checking that required options are
  enabled (tweaked to make them common, with MBEDTLS_SSL_{CLI,SRV}_C
  separated out).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
0d980b8be8 ssl_test_common_source.c: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c, but cannot be compiled separately and instead needs
to be #include'd in each program that uses it.

This is for code that references macros or types that are defined
differently in the two programs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00
Gilles Peskine
a3ed34fed6 ssl_test_lib.[hc]: new source file for common SSL test code
Create a new source file for code that is shared between ssl_client2.c
and ssl_server2.c. This commit only creates the file; subsequent
commits will populate it.

Add it to the official build systems (make, cmake, VS).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-01-06 10:25:35 +01:00