Those are adaptations of the already existing
TLS 1.2 tests. It is not really possible to just
remove the TLS 1.2 dependency of the existing tests
because of the following:
. in TLS 1.3 the ciphersuite selection on server
side is not related to the server certificate
. for tests involving OpenSSL the OpenSSL command line
as to be adapted to TLS 1.3
. server authentication is mandatory in TLS 1.3
. a key with KeyEncipherment and not DigitalSignature
usage is never acceptable
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In asn1_write tests, when there's a parsing function corresponding to the
write function, call it and check that it can parse what we wrote.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Test with the output buffer size up to *and including* the expected output
size plus one. `... < expected->len + 1` was evidently a mistake.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
mbedtls_asn1_write_mpi() correctly handles the sign bit, so there's no
reason not to test that it's handled correctly.
Fix copypasta in test data that was commented out.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
That way the concerned tests are also run in the
TLS 1.3 only configuration where a TLS 1.3
handshake is performed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C
is a test dependency and so is declared in this commit.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
