In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.
I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:
% sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
DHE-PSK
DHE-RSA
ECDH-ECDSA
ECDHE-ECDSA
ECDHE-PSK
ECDHE-RSA
ECJPAKE
PSK
RSA
RSA-PSK
(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
These tests are not run in development because of the
overlapping !TLS_1_3 requirement and usage of full config.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This PR needs some change logs but there is a follow-up PR (issue #6935) that would change the change logs we would had here thus we will do them all while working on #6935.
Some of the tests use mbedtls_test_cli_key_rsa_der and
mbedtls_test_cli_crt_rsa_der, and these can be used with
specific ciphersuites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Under Ubuntu-22.04, wait command prints out Terminated message.
Therefore server process is handled with identical ways like other
processes in compat.sh. In addition, PROCESS_ID is renamed as
SRV_PID to improve code readability.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Under Ubuntu-22.04, wait command prints out Terminated message
if the process has been killed by kill command. This messes up
the output in compat.sh
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Now the config dependencies used for ticket_flags
test cases are TLS 1.2 specified. Correct them to
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.
From test result of #6712, this can improve the fail rate from 4%
to 92%.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Reject "weird" characters in text files, especially control characters that
might be escape sequences or that might cause other text to appear garbled
(as in https://trojansource.codes/).
Also reject byte sequences that aren't valid UTF-8.
Accept only ASCII (except most control characters), letters, some non-ASCII
punctuation and some mathematical and technical symbols. This covers
everything that's currently present in Mbed TLS ( §áèéëñóöüłŽ–—’“”…≥).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The part "driver: skipped/failed, reference: passed" didn't add any
information, but used up space on the screen and made the output
slightly harder to parse.
OTOH, now that we have multiple analyze_vs_reference tasks, we
should print out which one we're doing, so that that output makes sense
in case of a failure on the CI (which runs all tasks).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
It's a bit strange for tests/Makefile to clean up in library, but OTOH
it's also tests/Makefile that copies this file there.
Regardless, there was no place that cleaned up this file, and it needs to
be removed somewhere.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
For now, ignore test suites that don't have parity even is they should.
The purpose is just to prepare the infrastructure and map the work.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is the basis for future work, we'll want to make sure everything
passes in this component.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
