yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add ssl-opt functions to check openssl with ffdh support and openssl ephemeral key exchange

Browse source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel 2023-06-26 12:59:45 +02:00
parent 98d79335d1
commit 8bfe897ab0
4 changed files with 237 additions and 345 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

342
tests/opt-testcases/tls13-compat.sh
View file

File diff suppressed because it is too large Load diff

86
tests/opt-testcases/tls13-kex-modes.sh
View file

@ -972,7 +972,7 @@ run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
@ -990,7 +990,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
@ -1007,7 +1007,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
@ -1024,7 +1024,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mism
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
@ -1042,7 +1042,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
@ -1059,7 +1059,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
@ -1076,7 +1076,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1095,7 +1095,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1113,7 +1113,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1131,7 +1131,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch"
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1150,7 +1150,7 @@ run_test "TLS 1.3: O->m: all/psk_all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1168,7 +1168,7 @@ run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1186,7 +1186,7 @@ run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1205,7 +1205,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1223,7 +1223,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch,
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1241,7 +1241,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mism
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1260,7 +1260,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1278,7 +1278,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@ -1296,7 +1296,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -1316,7 +1316,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -1335,7 +1335,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -1354,7 +1354,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -1374,7 +1374,7 @@ run_test "TLS 1.3: O->m: all/all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -1393,7 +1393,7 @@ run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -1412,7 +1412,7 @@ run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -1431,7 +1431,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -1450,7 +1450,7 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -1468,7 +1468,7 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
@ -1481,7 +1481,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
@ -1494,7 +1494,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
@ -1507,7 +1507,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
@ -1520,7 +1520,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
@ -1534,7 +1534,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
-S "key exchange mode: ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
@ -2757,7 +2757,7 @@ run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \
-c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
#OPENSSL-SERVER psk_all mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@ -2776,7 +2776,7 @@ run_test "TLS 1.3: m->O: psk_all/all, good" \
-c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@ -2796,7 +2796,7 @@ run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \
-c "HTTP/1.0 200 ok"
#OPENSSL-SERVER psk_ephemeral mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@ -2814,7 +2814,7 @@ run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \
-c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@ -2833,7 +2833,7 @@ run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \
-c "HTTP/1.0 200 ok"
#OPENSSL-SERVER ephemeral mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@ -2846,7 +2846,7 @@ run_test "TLS 1.3: m->O: ephemeral/all, good" \
-c "Selected key exchange mode: ephemeral" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@ -2860,7 +2860,7 @@ run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \
-c "HTTP/1.0 200 ok"
#OPENSSL-SERVER ephemeral_all mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@ -2879,7 +2879,7 @@ run_test "TLS 1.3: m->O: ephemeral_all/all, good" \
-c "<= write client hello" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@ -2899,7 +2899,7 @@ run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \
-c "HTTP/1.0 200 ok"
#OPENSSL-SERVER all mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@ -2919,7 +2919,7 @@ run_test "TLS 1.3: m->O: all/all, good" \
-c "<= write client hello" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C

2
tests/scripts/generate_tls13_compat_tests.py
View file

@ -183,7 +183,7 @@ class OpenSSLBase(TLSProgram):
ffdh_groups = ['ffdhe2048', 'ffdhe8192']
if any(x in ffdh_groups for x in self._named_groups):
ret.append('requires_openssl_3_x')
ret = ["requires_openssl_tls1_3_with_ffdh"]
# ffdhe8192 has very long keys and requires intensive computation.
# The test may fail on CI when executor is just very loaded. Give a second chance.

152
tests/ssl-opt.sh
View file

@ -688,9 +688,23 @@ requires_openssl_3_x() {
fi
}
# skip next test if openssl does not support ffdh keys
requires_openssl_tls1_3_with_ffdh() {
requires_openssl_3_x
}
# skip next test if it cannot handle ephemeral key exchange
requires_openssl_tls1_3_with_compatible_ephemeral() {
requires_openssl_next
if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then
requires_openssl_tls1_3_with_ffdh
fi
}
# skip next test if tls1_3 is not available
requires_openssl_tls1_3() {
requires_openssl_3_x
requires_openssl_next
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
OPENSSL_TLS1_3_AVAILABLE="NO"
fi
@ -702,17 +716,8 @@ requires_openssl_tls1_3() {
OPENSSL_TLS1_3_AVAILABLE="NO"
fi
fi
if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then
SKIP_NEXT="YES"
else
if [ "$OPENSSL_3_X_AVAILABLE" = "NO" ]; then
if is_config_enabled "MBEDTLS_ECDH_C"; then
SKIP_NEXT="NO"
else
SKIP_NEXT="YES"
fi
fi
fi
}
@ -5561,6 +5566,7 @@ run_test "Authentication: client no cert, server optional" \
requires_openssl_tls1_3
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
requires_config_enabled MBEDTLS_ECDH_C
run_test "Authentication: openssl client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -no_middlebox" \
@ -6769,7 +6775,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
-c "Ciphersuite is TLS-" \
-c "! Usage does not match the keyUsage extension"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
@ -6781,7 +6787,7 @@ run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
@ -6793,7 +6799,7 @@ run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
@ -6805,7 +6811,7 @@ run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
@ -6817,7 +6823,7 @@ run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
@ -6829,7 +6835,7 @@ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
@ -6891,7 +6897,7 @@ run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
@ -6903,7 +6909,7 @@ run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
@ -6914,7 +6920,7 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
@ -6926,7 +6932,7 @@ run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
@ -7009,7 +7015,7 @@ run_test "extKeyUsage cli: codeSign -> fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
@ -7021,7 +7027,7 @@ run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
@ -7033,7 +7039,7 @@ run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
@ -7045,7 +7051,7 @@ run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign -> fail" \
@ -7104,7 +7110,7 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
@ -7115,7 +7121,7 @@ run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
@ -7126,7 +7132,7 @@ run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
@ -7137,7 +7143,7 @@ run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
@ -11296,7 +11302,7 @@ run_test "TLS 1.3: Default" \
-s "ECDH/FFDH group: " \
-s "selected signature algorithm ecdsa_secp256r1_sha256"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -11362,7 +11368,7 @@ run_test "TLS 1.3: minimal feature sets - gnutls" \
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 OK"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
@ -11432,7 +11438,7 @@ run_test "TLS 1.3: alpn - gnutls" \
-c "HTTP/1.0 200 OK" \
-c "Application Layer Protocol is h2"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_ALPN
@ -11544,7 +11550,7 @@ run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.2" \
-S "Version: TLS1.2" \
-C "Protocol : TLSv1.2"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -11576,7 +11582,7 @@ run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -11604,7 +11610,7 @@ run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -11635,7 +11641,7 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -11666,7 +11672,7 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -11697,7 +11703,7 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@ -11730,7 +11736,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@ -11763,7 +11769,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@ -11796,7 +11802,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@ -11831,7 +11837,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - gnu
-c "no suitable signature algorithm"
# Test using an opaque private key for client authentication
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@ -11861,7 +11867,7 @@ run_test "TLS 1.3: Client authentication - opaque key, no server middlebox co
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@ -11894,7 +11900,7 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@ -11927,7 +11933,7 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@ -11960,7 +11966,7 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@ -11995,7 +12001,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 -
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@ -12030,7 +12036,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 -
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@ -12065,7 +12071,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 -
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@ -12101,7 +12107,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "no suitable signature algorithm"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12116,7 +12122,7 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12165,7 +12171,7 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 OK"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -12182,7 +12188,7 @@ run_test "TLS 1.3: Server side check - openssl" \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \
-s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@ -12340,7 +12346,7 @@ run_test "TLS 1.3: Server side check, no server certificate available" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
-s "No certificate available."
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12416,7 +12422,7 @@ run_test "TLS 1.3 m->m both with middlebox compat support" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@ -12429,7 +12435,7 @@ run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \
-C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
-C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@ -12440,7 +12446,7 @@ run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
1 \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12492,7 +12498,7 @@ run_test "TLS 1.3 m->G both with middlebox compat support" \
-c "Protocol is TLSv1.3" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -12505,7 +12511,7 @@ run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \
-S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
-C "14 03 03 00 01"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12517,7 +12523,7 @@ run_test "TLS 1.3 O->m server with middlebox compat support, not client" \
-s "Protocol is TLSv1.3" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12607,7 +12613,7 @@ run_test "TLS 1.3 m->m HRR both with middlebox compat support" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@ -12621,7 +12627,7 @@ run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility"
-C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
-C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@ -12633,7 +12639,7 @@ run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client"
-c "received HelloRetryRequest message" \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12688,7 +12694,7 @@ run_test "TLS 1.3 m->G HRR both with middlebox compat support" \
-c "Protocol is TLSv1.3" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
@ -12701,7 +12707,7 @@ run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility"
-S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
-C "14 03 03 00 01"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12713,7 +12719,7 @@ run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client"
-s "Protocol is TLSv1.3" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12774,7 +12780,7 @@ run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
-c "SSL 3.3 ChangeCipherSpec packet received"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12825,7 +12831,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->m" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12878,7 +12884,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
1 \
-S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12923,7 +12929,7 @@ run_test "TLS 1.3: Check server no suitable certificate, G->m" \
1 \
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12951,7 +12957,7 @@ run_test "TLS 1.3: Check server no suitable certificate, m->m" \
1 \
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -12994,7 +13000,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->m" \
1 \
-c "no suitable signature algorithm"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@ -13027,7 +13033,7 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
-c "HTTP/1.0 200 OK" \
-s "This is a resumed session"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
@ -13113,7 +13119,7 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \
-s "key exchange mode: psk_ephemeral" \
-s "found pre_shared_key extension"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C