mbedtls

Author	SHA1	Message	Date
Jerry Yu	2124d05e06	Add sha384 and sha512 case Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	d66409ae92	Add non support sig alg check and test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	562a0fddf0	Add client version check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	6c3d821ff1	update ssl-opt test cases Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	46b53b9920	remove duplicate test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	4bfa22aeb3	remove useless config option Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	42ea733fdc	remove RSA not found test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	7db5b8f68c	add rsa_pss_rsae_sha256 write support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	37987ddd0f	Add test cases Add test cases for different sig algs. Known issue is rsa_pss_rsae_sha256 fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	ca133a34c5	Change state machine Skip CertificateVerfiy if empty certificate or no CertificateRequest received. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	22abd06cd0	Add rsa key check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	aa6214a571	add empty client certificate tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	c19884f487	change expect exit value Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	25e0ddcf47	Add client certificate file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	200b47b8f5	Add more tests for CertificateRequest Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	960bc28bcc	Add tests for no middlebox mode Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:57 +08:00
Gilles Peskine	860429f8af	Add version number debug check to the GnuTLS interop test as well Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:02 +01:00
Gilles Peskine	c63a1e0e15	Fix mbedtls_ssl_get_version() for TLSv1.3 Test it in ssl-opt.sh. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Jerry Yu	baa4934e7b	Add check tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	ab08290c09	tls13_only: skip tls12 tests. TLS1.2 test depends on MBEDTLS_SSL_PROTO_TLS1_2. Skip them if it is not set Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	8a497205cc	tls13_only: tls 1.3 suite pass Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c10f6b4735	tls13_only: simple test pass Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard	3d1f8b9c00	Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO	2022-02-16 17:33:47 +01:00
Ronald Cron	a7a1deabf8	Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix Fix test suite name reporting of opt-testcases/tls13-compat.sh	2022-02-15 13:53:10 +01:00
lhuang04	86cacac91a	Port ALPN support for tls13 client from tls13-prototype Summary: Port ALPN implementation of tls13 client from [tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124). Test Plan: Reviewers: Subscribers: Tasks: Tags: Signed-off-by: lhuang04 <lhuang04@fb.com>	2022-02-14 08:03:32 -08:00
Ronald Cron	135427cb35	Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-02-11 16:10:44 +01:00
Glenn Strauss	e328245618	Add test case use of mbedtls_ssl_ticket_rotate Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 14:33:16 -05:00
Ronald Cron	6ca6faa67e	Merge pull request #5080 from xffbai/add-tls13-read-certificate-request add tls1_3 read certificate request	2022-02-09 09:51:55 +01:00
Manuel Pégourié-Gonnard	45c5768a74	Merge pull request #5434 from mprse/tls_use_psa TLS Cipher: use PSA crypto	2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard	6f20595b6e	Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity Clarify key types message from ssl_client2 and ssl_server2	2022-02-03 11:33:03 +01:00
Przemyslaw Stekiel	2cb59df939	ssl-opt.sh: remove cipher context assertions (redundant when psa crypto is enabled) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
XiaokangQian	a909061c2a	Refine HRR parse successfully message in test cases Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 03:48:27 +00:00
XiaokangQian	7bae3b616c	Add more ciphersuites into test cases for hrr Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	355e09ae9d	Change code base on comments Change functions name Change some comments Improve hrr test case for gnutls Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	78b1fa7e81	Update code base on comments Move reset transcript for hrr to generic Reset SHA256 or SHA384 other than both Rename message layer reset Add check log for hrr parse successfully Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	6db08dd2cb	Change ssl-opt.sh to make hrr tests pass Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	0b56a8f85c	Replace curve_list with group_list and add update test scripts Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
Xiaofei Bai	69fcd39774	Update CertificateRequest tests and the parsing function Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:32:29 +00:00
Xiaofei Bai	5d8598e090	update certificate request tests Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Gilles Peskine	05bf89da34	Clarify key types message from ssl_client2 and ssl_server2 If no key is loaded in a slot, say "none", not "invalid PK". When listing two key types, use punctuation that's visibly a sequence separator (","). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-25 17:50:25 +01:00
Manuel Pégourié-Gonnard	24479b3185	Merge pull request #5395 from gilles-peskine-arm/ssl-opt-self-signed-positive Add positive test case with self-signed certificates	2022-01-25 12:53:56 +01:00
Manuel Pégourié-Gonnard	fcca7cfa97	Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite Add accessors for ciphersuite info	2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard	ff743a7f38	Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets TLS Cipher 1a: extend testing of tickets	2022-01-24 10:25:29 +01:00
Glenn Strauss	6eef56392a	Add tests for accessors for ciphersuite info Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-01-23 08:37:02 -05:00
Gabor Mezei	6e5aae63f8	Add tests for ticket_aead option Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-01-12 16:29:58 +01:00
Gilles Peskine	e1cc60eca9	Add positive test case with self-signed certificates Add a positive test case where both the client and the server require authentication and both use a non-CA self-signed certificate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-07 23:10:56 +01:00
Gilles Peskine	5eb2b02862	Report correct test suite names for opt-testcases/* in outcome file In the outcome file, report each test case in the file it's in, rather than reporting them all from ssl-opt. This is more informative and matches what check_test_cases.py does. This fixes a bug whereby test cases from opt-testcases/* were not detected as having run on the CI, because analyze_outcomes.py (which uses check_test_cases.py) expects them in the containing file whereas they were reported in ssl-opt. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-07 18:34:12 +01:00
Gilles Peskine	2baaf60c5d	Don't error out if no opt-testcases/*.sh is found This can happen in an insufficiently populated out-of-tree build. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-07 15:46:12 +01:00
Jerry Yu	136320ba0b	fix ci fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-21 17:09:00 +08:00
paul-elliott-arm	f434994d83	Merge pull request #5303 from yuhaoth/pr/add_list_config_function Add list config function	2021-12-10 18:30:06 +00:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Jerry Yu	2e8b00172b	Beauty source code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 20:29:02 +08:00
Dave Rodgman	76a2b306ac	Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated Add debug helpers generated	2021-12-10 11:56:55 +00:00
Jerry Yu	d0fcf7f6a0	fix ci fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 18:45:51 +08:00
Ronald Cron	9eab5a6f11	tests: TLS 1.3: Remove unnecessary test requirement Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 10:27:25 +01:00
Jerry Yu	d04fd35c06	Replace configs_enabled check with query_compile_time_config Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 16:31:04 +08:00
Jerry Yu	bc8b22ecc8	fix tls13 test fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 15:54:38 +08:00
Jerry Yu	cdcc55f46f	update test check strings Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:47:02 +08:00
Jerry Yu	e3b3412bc4	Add tests for enum helper Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:45:52 +08:00
Ronald Cron	a55c5a1152	ssl-opt.sh: TLS 1.3: Add middlebox compatibility tests with GnuTLS Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	7c0185fa5f	ssl-opt.sh: TLS 1.3: Add some missing test dependencies Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	fdb0e3f381	ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled Run tests with middlebox compatibility enabled but tests dedicated to middlebox compatibility disabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Jerry Yu	52a6e7ea00	Replace tls1_3 with tls13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:42:47 +08:00
Jerry Yu	c502dff71c	fix TLS1.3 name issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:22:51 +08:00
Jerry Yu	cdcb683568	Update generate scripts and tls13 test cases Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:20:43 +08:00
Jerry Yu	31018adb81	Add tls13 compat tests with bash scripts Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:20:43 +08:00
Jerry Yu	c4aa1520a2	tls13_compat_tests:Add generate all option Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:20:43 +08:00
Jerry Yu	26fa7dcc4a	Remove rsa_pss_rsae_sha256 test from ssl-opt.sh It has been covered by tls13 compat tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:20:43 +08:00
Jerry Yu	305bfc3dfd	Add tls13 compat tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:30 +08:00
Jerry Yu	8c5559d700	Add HelloRetryRequst tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:30 +08:00
Jerry Yu	936dffd77e	Add certificate request check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:30 +08:00
Jerry Yu	8f9d7dbfd0	Add unsupported version check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:29 +08:00
Xiaofei Bai	8b5c3824ee	Fix (d)tls1_2 into (d)tls12 in version options Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 13:22:18 +00:00
Xiaofei Bai	d25fab6f79	Update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 06:36:27 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
XiaokangQian	30f556059a	Reverse the cert file Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-24 01:54:50 +00:00
XiaokangQian	f9fca8a791	Add back cipher suite information in ssh-opt.sh Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 23:21:27 +00:00
XiaokangQian	25476a48b9	Change code based on review Remove useless component in all.sh Remove use server logs in ssh-opt.sh Remove useless guards in ssl_client2.c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 14:01:21 +00:00
XiaokangQian	07c554748a	Change cert file to server2-sha256.crt Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 08:30:14 +00:00
XiaokangQian	a27b3526bf	Disable PSA_CRYPTO in tls1.3 tests Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 02:27:07 +00:00
XiaokangQian	bdf26de384	Fix test failure and remove useless code Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 09:52:56 +00:00
XiaokangQian	3887ab5bcc	Use O_NEXT_SRV to support ciphersuite option Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 07:14:39 +00:00
XiaokangQian	22dd68c2b5	Rebase code and run through the whole test flow Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:54:50 +00:00
XiaokangQian	d15018972c	Change script to solve G_NEXT_SRV_RSA not set issue Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:50:13 +00:00
XiaokangQian	4b82ca1b70	Refine test code and test scripts Change client test code to support rsa pss signatures Add test cases for rsa pss signature in ssl-opt.sh Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:50:12 +00:00
XiaokangQian	d940e641ed	Add test script for RSA signature Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:50:12 +00:00
Jerry Yu	6d38c19582	Add http connection pass check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-17 16:03:06 +08:00
Jerry Yu	e1b1e2de65	Add minimal feature sets test Replace original negative test with work test. Now, we can work with the simple test. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-17 16:03:06 +08:00
XiaokangQian	3306284776	Change code base on comments Remove client certificate verify in tests. Change the layout of structure to fix abi_api check issues. Add comments of Finished. Align with the coding styles. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-11 03:37:45 +00:00
XiaokangQian	d0aa3e9307	Inprove code base on review comments Change debug messag for server finished. Change name of generate_application_keys. Remove the client vertificate tests from ssl-opt.sh. Add test strings for server finished in ssl-opt.sh. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-10 06:17:40 +00:00
Jerry Yu	5398c10b89	Add return value check for cerificate verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-05 13:32:38 +08:00
Jerry Yu	834886d211	Add certificate verify check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-30 13:26:15 +08:00
Jerry Yu	daac359331	Change check condition order Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 20:01:42 +08:00
Jerry Yu	1df3db0467	Add certificate success check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-29 10:18:50 +08:00
Jerry Yu	937ac673fa	Disable client cert for gnutls tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-28 21:28:46 +08:00
XiaokangQian	ab7f50d638	Change macro names and add test script for extensions Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-10-28 01:54:39 +00:00
Ronald Cron	5893246066	Merge pull request #4919 from yuhaoth/pr/add-tls13-server-hello-parser TLS1.3:ServerHello:Add parse server hello function	2021-10-27 18:27:27 +02:00
paul-elliott-arm	cbe4a056bd	Merge pull request #5090 from gilles-peskine-arm/ssl-opt-resend-retry-3.0 Retry a test case if it fails due to an unexpected resend	2021-10-27 16:24:54 +01:00
Manuel Pégourié-Gonnard	9317e09d15	Merge pull request #5007 from mprse/pk_opaque Add key_opaque option to ssl_server2.c + test	2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel	bb5d483073	ssl-opt.sh: adapt paramteters of key opaque cases Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-26 12:55:34 +02:00
Jerry Yu	745bb616a4	Fix format issue and enhance test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:29 +08:00
Jerry Yu	42920ec5a5	tls1_3:skip handshake msg test with PSA_CRYPTO tls1_3 hasn't implemented PSA version get transcript Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Jerry Yu	4ae2d62cce	Improve tls13 handshake test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-25 10:41:28 +08:00
Paul Elliott	e05e126933	Remove bash specific code Use case pattern matching instead of multiline split, given there is only the well formatted PIDs to match on this should be safe. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-10-21 17:25:46 +01:00
Przemyslaw Stekiel	8132c2ff46	Address review comments Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-21 12:26:58 +02:00
Gilles Peskine	788ad339b8	Move is-it-resend logic into a function Improve the code structure in case we want to add other similar conditions later. Document better what we're doing, and document why we're doing it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-20 16:07:07 +02:00
Paul Elliott	58ed8a7594	Remove use of -p with lsof On machines with more modern kernels (>5.4 from testing so far) the useage of -b seems to conflict with the usage of -p. Whilst the usage of -b seems like a good idea to avoid blocks as we are tight looping on it, the usage of -p seems to require the usage of stat() (specifically in /proc) which -b forbids. All you get is a load of warnings (suppressable by -w) but never a positive result, which means that all servers are reported as "Failed to start". We are not keen on losing -b, so instead parse the output of lsof (using -F to format it) to check the if PIDs that it outputs match that we are looking for. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-10-19 18:23:47 +01:00
Gilles Peskine	f11d30ecda	Retry if a test case fails because of an unexpected resend Palliative for https://github.com/ARMmbed/mbedtls/issues/3377. If a test case fails due to an unexpected resend, allow retrying, like in the case of a client timeout. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-19 18:00:10 +02:00
Gilles Peskine	0e3534c67b	Move retry logic into check_test_failure This will allow having other retry conditions, in particular based on run_test options. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-19 17:23:25 +02:00
Gilles Peskine	196d73bc1b	Move the core loop of run_test into an auxiliary function No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-19 16:45:29 +02:00
Gilles Peskine	236bf98cfd	Move some code of run_test into auxiliary functions No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-10-19 16:45:29 +02:00
Gilles Peskine	6210320215	Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on	2021-10-18 17:53:56 +02:00
Paul Elliott	0421715ade	Use 127.0.0.1 rather than localhost This was causing some tests using the openssl s_client to not connect - I suspect this was due to localhost (at least on my machine) resolving to ::1 rather than 127.0.0.1. Note that the error seen would have been that the session file specified with -sess_out did not get created. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-10-13 16:14:47 +01:00
Paul Elliott	1428f252ad	Fix incorrect check for DTLS Missing wildcards meant that some servers were not identified as DTLS, which lead to port checking on TCP rather than UDP, and thus mistakenly cancelling tests as the server had not come up. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-10-13 16:14:40 +01:00
Paul Elliott	09cfa18976	Spelling fix Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-10-13 16:13:44 +01:00
Manuel Pégourié-Gonnard	d60950c2d0	Use newer OpenSSL for tests failing with the old Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-10-13 13:12:47 +02:00
Przemyslaw Stekiel	575f23c3d5	add client/server opaque test Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-06 14:36:41 +02:00
Przemyslaw Stekiel	0483e3d652	Add key_opaque option to ssl_server2.c + test Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-04 11:28:22 +02:00
Andrzej Kurek	5902cd64e2	Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on This option only gated an ability to set a callback, but was deemed unnecessary as it was yet another define to remember when writing tests, or test configurations. Fixes #4653. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-09-29 10:15:42 -04:00
Jerry Yu	6e81b27003	Add client state number check It is temporary check. If any change on `mbedtls_ssl_states`, please double check those tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:05 +08:00
Jerry Yu	3523a3bee7	Improve dispatch tests Test base on return value is not good enough. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:05 +08:00
Jerry Yu	76e31ec169	Add gnutls version test for client hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-22 21:16:27 +08:00
Jerry Yu	ed2ef2d9e0	add client hello msg test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-08 10:37:20 +08:00
Jerry Yu	75261df2e3	fix comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-02 17:56:20 +08:00
Jerry Yu	b12d81d1a3	Add feature tests for gnutls-next Test NO_TICKETS and DISABLE_TLS13_COMPAT_MODE Change-Id: Idf21b36bd64c7eefe4e0e6fb875b2e06ebb0aa07 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-02 17:31:10 +08:00
Manuel Pégourié-Gonnard	e45ee40f7e	Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api Add TLS 1.3 ciphersuite and key exchange identifiers and API	2021-08-30 09:47:46 +02:00
Jerry Yu	31c01d303e	Rename available values for tls13_kex_modes Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-25 18:13:53 +08:00
Hanno Becker	932064d660	Add ssl-opt.sh tests for ssl_client/server TLS 1.3 kex parameters Those tests are so far only checking that ssl_client2/ssl_server2 recognize the arguments, nothing more. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-12 06:31:14 +01:00
Jerry Yu	0402979ed3	Add openssl/gnutls tls1.3 feature tests. Add functions and test cases to make sure tls1.3 is available in openssl/gnutls Change-Id: I797d15117a8de96614f392e6bb2ed16b6d71ba69 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-11 18:09:49 +08:00
Jerry Yu	b9930e7d70	Add dummy tls1.3 handshake dispatch functions Base on version config, `handshack_{clinet,server}_step` will call different step function. TLS1.3 features will be gradully added base on it. And a new test cases is added to make sure it reports `feature is not available`. Change-Id: I4f0e36cb610f5aa59f97910fb8204bfbf2825949 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-10 13:34:32 +08:00
Jerry Yu	c46e9b4091	tests: Add negative version config tests. tls1.3 and tls1.2 can not be enabled at same time before #4832 resolved. And the test won't run into `handshake` stage, add `skip_handshak_check` function to skip it. Change-Id: I13f3b06b2f33b9c9beb8cac90f5fda41a4ed53f3 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-10 13:34:32 +08:00
Gilles Peskine	78f6f05778	Merge pull request #4695 from yutotakano/fix-ssl-opt.sh-hard-abort ssl-opt.sh: Skip tests instead of conditional hard abort	2021-08-04 10:16:19 +02:00
Manuel Pégourié-Gonnard	06672ef771	Merge pull request #4776 from gilles-peskine-arm/generate_psa_tests-robutness-202107 Fix bugs around generate_psa_tests.py invocation from tests/Makefile	2021-07-29 09:58:19 +02:00
Manuel Pégourié-Gonnard	b637150dfe	Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1 Remove all TLS 1.0 and 1.1 instances and add some compatibility tests	2021-07-27 09:42:53 +02:00
Gilles Peskine	6ee3bc09ed	Fix typo in test dependencies Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-07-13 20:34:55 +02:00
TRodziewicz	c3366a4185	Added mis-removed test and removed unneeded tests Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-07-09 16:57:20 +02:00
Yuto Takano	3fa1673cf6	Fix grammar suggesting an upper bound on MAX_CONTENT_LEN Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-09 11:23:40 +01:00
Yuto Takano	9c09d5513e	Raise max_content_len constraint by one in Connection ID tests Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-08 16:03:44 +01:00
Yuto Takano	bc87b1ddf3	Add content length constraint to tests that use max_frag_len Includes: - handshake memory tests - Connection ID (MFL) tests - DTLS fragmenting tests Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-08 15:56:33 +01:00
Yuto Takano	6f6574381e	Move repetitive equality check to `requires_config_value_equals` Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-02 15:37:19 +01:00
Yuto Takano	0248582033	Reword and add explanatory comments for MAX_IM_CA tests - Reword the comment on config.h to suggest that `MAX_INTERMEDIATE_CA` may not exist in the config. - Add a comment explaining why the tests are more restrictive than necessary. Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-02 15:37:19 +01:00
Yuto Takano	b0a1c5b021	Use `requires_max_content_len`, add check in Renegotiation - Abstract out repetitive checks for IN and OUT content lens - Remove unclear comment and redundant echo - Add content length constraints in Renegotiation with fragment length test Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-02 15:37:19 +01:00
Yuto Takano	2be6f1ac5b	Add space between command substitution braces and content Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-02 15:37:19 +01:00
Yuto Takano	73e7dcbdfc	Add MAX_IM_CA requirement to int_max+1 chain as well Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-02 15:37:19 +01:00
Yuto Takano	e43556b6bf	Remove hard exit with MAX_INTERMEDIATE_CA in ssl-opt.sh - Replace last remaining dependency on config.py with query_config - Replace hard exit with `requires_config_value_at_least` and `requires_config_value_at_most` to maintain the same effect Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-02 15:37:19 +01:00
Yuto Takano	0509fea3b2	Remove hard exit in ssh-opt.sh, replace with `requires` functions - Replace calls to config.py for MAX_IN_LEN and MAX_OUT_LEN with `get_config_value_or_default` - Remove hard exit when MAX_IN/OUT_LEN < 4096, replace with `requires_config_value_at_least` Signed-off-by: Yuto Takano <yuto.takano@arm.com>	2021-07-02 15:37:19 +01:00
Dave Rodgman	dc1a3b2d70	Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 Cleanup SSL error code space	2021-06-30 09:02:55 +01:00
Dave Rodgman	c42409820b	Change exceptional case for running negative tests Update maybe_requires_ciphersuite_enabled so that it will not skip the ciphersuite requirement when running a test case where the test expects a ciphersuite mismatch Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 19:53:16 +01:00
Dave Rodgman	e5b828cb32	Fix error string checked for by ssl-opt.sh negative tests Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 19:37:52 +01:00
Dave Rodgman	bec7cafbe1	Correct required config flag in ECJPAKE tests Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 19:10:46 +01:00

1 2 3 4 5 ...

838 commits