In Mbed TLS 3.6 we still need to manually configure the RNG for TLS. Add
this to the testcase for default verify_result.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
With e.g. `CLOCK_BOOTTIME`, it's plausible that less than 1 second has
passed since the boot reference time.
Only assert that the returned time is nonzero (because all-bits-zero is
highly implausible as an actual clock value, but likely indicates that the
intended value was not copied out correctly).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MinGW uses a legacy printf by default which doesn't support the `z` modifier
for `size_t`. Skip these test cases on MinGW.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In particular, test `"%zu"` for `size_t` and `"%lld"` for `long long`, which
older Windows runtimes do not support, but which Mbed TLS uses.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The goal isn't to do any functional testing, but to have a simple diagnostic
if some Unix platform function isn't available, and to have a record of
success in the outcome file.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses
`mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of
testing `mbedtls_snprintf()`, which might be subtly different (older
Windows runtimes had slightly different behavior for vsnprintf() vs
snprintf(); TF-PSA-Crypto might pick up a different function if the
platform configuration is different in TF-PSA-Crypto and Mbed TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In DTLS fragmenting tests, do not check for
ServerKeyExchange message fragmentation as
depending on the configuration and consequently
the chosen ciphersuite the server may not
send the message.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
As done in component_test_tls1_2_ccm_psk_dtls_legacy
enable MBEDTLS_HAVE_TIME in
component_test_tls1_2_ccm_psk_dtls_psa.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Relax the dependencies of the tests about handshake
message defragmentation/reassembly on server side.
TLS 1.3 does not need to be enable anymore for this
to work for TLS 1.2 handshake messages.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This is not only convenient, but now necessary, because if the content of
the generated files changes due to changes in Python files in the framework,
`all.sh check_generated_files` will fail in the framework CI.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Initialize the verify_result field in mbedtls_ssl_session_free().
Previously we were just zeroising the entire session object, which would
yield a default 'success' value if the same object were reused.
Test that this initialisation is actually happening by setting
verify_result manually to zero and calling mbedtls_ssl_session_free() on
the session before checking its value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since we explicitly document the value 0xFFFFFFFF or -1u as representing
'result not available', we can use it as a sensible default value
without creating an API change. Use this value instead of introducing a
new verification result value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Write a testcase to get verify_result before we have performed a
handshake and make sure that it is initialised to a failure value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This is meant to test a bug found on:
- Little endian platforms other than x86 or ARM (these have specific
optimizations available);
- GCC versions from 10 to 14.2 (below and above are fine);
- Optimization level "-O3" (lower levels are fine).
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
