mbedtls

Author	SHA1	Message	Date
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Paul Elliott	6e80e09bd1	Merge pull request #5915 from AndrzejKurek/cid-resumption-clash Fix DTLS 1.2 session resumption	2022-07-06 15:03:36 +01:00
Manuel Pégourié-Gonnard	4d7af2aee0	Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection Permissions 2a: TLS 1.2 ciphersuite selection	2022-07-04 12:37:02 +02:00
Ronald Cron	0e39ece23f	Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk Refactor signature algorithm chooser	2022-07-04 09:10:08 +02:00
Paul Elliott	bae7a1a5a6	Merge pull request #5620 from gstrauss/dn_hints Add accessors to config DN hints for cert request	2022-07-01 17:23:14 +01:00
Neil Armstrong	c67e6e96f8	Depends on MBEDTLS_X509_REMOVE_INFO disable for double Opaque keys test requiring cert infos to determine selected key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-07-01 15:48:10 +02:00
Jerry Yu	7ac0d498de	remove force_version for client Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-01 19:29:30 +08:00
Jerry Yu	52b7d923fe	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-01 18:12:44 +08:00
Neil Armstrong	7999cb3896	Remove auth_mode=required and client crt_file/key_file when testing server authentication Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-07-01 09:51:33 +02:00
Neil Armstrong	4b10209568	Use different certs for double opaque keys and check certificate issuer CN Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-07-01 09:48:09 +02:00
Neil Armstrong	1948a20796	Cleanup Order & Title of Opaque TLS tests, fix RSA- test definition Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-30 18:05:57 +02:00
Neil Armstrong	167d82c4df	Add dual keys Opaque ssl-opt tests Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-30 11:32:00 +02:00
Neil Armstrong	36b022334c	Reorganize Opaque ssl-opt tests, pass key_opaque_algs=, add less wrong negative server testings Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-30 11:16:53 +02:00
Jerry Yu	aae28f178b	add tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:21:32 +08:00
Jerry Yu	f55886a217	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	a6076aa8b8	Revert temp test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	7ab7f2b184	Remove pkcs1 from certificate_verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Ronald Cron	7898fd456a	Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server TLS 1.3 server: Send dummy change_cipher_spec records The internal CI PR-merge job ran successfully thus good to go.	2022-06-29 09:47:49 +02:00
Glenn Strauss	bd10c4e2af	Test accessors to config DN hints for cert request Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-29 02:54:28 -04:00
Neil Armstrong	ed917bf548	Update description for negative key_opaque_algs tests Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	eb4390b27c	Add Cipersuite selection negative testing by using invalid algs for server-side opaque key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:10:48 +02:00
Gabor Mezei	9e4b7bd199	Do not force TLS 1.3 on client side for TLS 1.3 middlebox compatibility tests Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 16:22:14 +02:00
Gabor Mezei	f7044eaec8	Fix name Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 16:01:49 +02:00
Ronald Cron	b94854f8e3	Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests TLS 1.3: Enable and add tests	2022-06-28 09:15:17 +02:00
Ronald Cron	a8d79b9eb6	ssl-opt.sh: Remove one pattern check In "Authentication: client cert not trusted, server required" ssl-opt.sh test, depending on client and server execution speed, the handshake on the client side may complete successfully: the TLS connection is aborted by the server because it is not able to authenticate the client but at that time the client may have completed the handshake on its side. Thus, do not check that the client handshake failed. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:05:35 +02:00
Ronald Cron	c78511b59a	ssl-opt.sh: Enable some authentication tests for TLS 1.3 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Ronald Cron	1938588e80	tls13: Align some debug messages with TLS 1.2 ones Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Ronald Cron	a4417c13a1	ssl-opt.sh: Add Small/Large packets TLS 1.3 tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Ronald Cron	ba80d4d60b	ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3 The other "Event-driven I/O" tests are not relevant to TLS 1.3 yet: no ticket and session resumption support. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Ronald Cron	2cffd284bc	ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3 The other "Non-blocking I/O" tests are not relevant to TLS 1.3 yet: no ticket and session resumption support. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
XiaokangQian	95d5f549f1	Fix coding styles Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 05:42:15 +00:00
XiaokangQian	c740345c5b	Adress review comments Change Code styles Add test cases Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-23 03:24:12 +00:00
Ronald Cron	f9c13fe69f	ssl-opt.sh: Add positive check in successful "keyUsage client-auth" tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-22 17:36:21 +02:00
Ronald Cron	ba65fbbe30	Fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-22 17:36:12 +02:00
Gabor Mezei	7e2dbafe2d	Add test for dummy CCS records Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
XiaokangQian	acb3992251	Add ALPN extension to the server side CustomizedGitHooks: yes Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-22 06:34:58 +00:00
Ronald Cron	d28f5a98f1	ssl-opt.sh: Add certificate key usage tests for TLS 1.3 Those are adaptations of the already existing TLS 1.2 tests. It is not really possible to just remove the TLS 1.2 dependency of the existing tests because of the following: . in TLS 1.3 the ciphersuite selection on server side is not related to the server certificate . for tests involving OpenSSL the OpenSSL command line as to be adapted to TLS 1.3 . server authentication is mandatory in TLS 1.3 . a key with KeyEncipherment and not DigitalSignature usage is never acceptable Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-17 08:46:27 +02:00
Ronald Cron	ca3c6a5698	Merge pull request #5817 from xkqian/tls13_add_server_name Tls13 add server name	2022-06-16 08:30:09 +02:00
Ronald Cron	4ccd226cbf	Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases Tls13 add comprehensive cases	2022-06-15 09:18:11 +02:00
Andrzej Kurek	7cf872557a	Rearrange the session resumption code Previously, the transforms were populated before extension parsing, which resulted in the client rejecting a server hello that contained a connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-14 08:26:19 -04:00
XiaokangQian	3ed16231ab	Refine server side SNI test cases Change-Id: Icdc91ed382e81702e3b46645d3ce3534e62d4a13 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-14 08:24:04 +00:00
Jerry Yu	b7c12a466f	Refactor compat scripts Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-12 20:53:02 +08:00
XiaokangQian	fb1a3fe7f3	Address comments about python syntax CustomizedGitHooks: yes Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-10 02:27:52 +00:00
XiaokangQian	b1847a234e	Re-structure to share more common code Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-09 02:53:23 +00:00
XiaokangQian	96287d98d8	Remove the certificate key check against the received signature Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 08:37:53 +00:00
XiaokangQian	9850fa8e8d	Refine ssl_tls13_pick_cert() Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 07:02:41 +00:00
XiaokangQian	23c5be6b94	Enable SNI test for both tls12 and tls13 Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-07 09:43:13 +00:00
Andrzej Kurek	140b589ec6	Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell When executing eval in the background, the next "$!" gives the eval PID, not the ssl-client2 pid. This causes problems when a client times out and the script tries to kill it. Instead, it kills the parent eval call. This caused problems with subsequent proxy tests receiving old packets from a client from a previous test. Moving the "&" to inside the eval call fixes the problem. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:02:36 -04:00
XiaokangQian	129aeb9b0e	Update test cases and support sni ca override Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-02 09:29:18 +00:00
XiaokangQian	f4f0f6961a	Enable requires_openssl_tls1_3 in sni test cases Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-01 00:42:27 +00:00

1 2 3 4 5 ...

893 commits