mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 00:32:50 +00:00

Author	SHA1	Message	Date
Przemek Stekiel	c31a798f45	Replace MBEDTLS_ECDH_C dependency in ssl-opt tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-27 10:58:50 +02:00
Przemek Stekiel	8bfe897ab0	Add ssl-opt functions to check openssl with ffdh support and openssl ephemeral key exchange Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-26 16:33:00 +02:00
Przemek Stekiel	1f5c2ba495	Add missing ECDH dependencies in ssl-opt tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-15 17:07:16 +02:00
Przemek Stekiel	a53dca125e	Limit number ffdh test cases (ffdhe2048, ffdhe8192) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-14 20:53:09 +02:00
Przemek Stekiel	422ab1f835	Add FFDH tests to ssl-opt Add FFDH support to the test case generator script: generate_tls13_compat_tests.py. Add dependency for openssl as FFDH is supported from version 3.0. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-14 11:04:28 +02:00
Przemek Stekiel	75a5a9c205	Code cleanup Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 09:57:23 +02:00
Przemek Stekiel	316c19ef93	Adapt guards, dependencies + optimizations Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:09 +02:00
Przemek Stekiel	5e2f816c39	Fix test configs Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:08 +02:00
Przemek Stekiel	250b9fde75	ssl-opt.sh: Add FFDH tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:08 +02:00
Tom Cosgrove	ef468ea2ba	Merge pull request #6740 from xkqian/tls13_fix_unkown_pk_type Remove useless debug log of pk type from test cases	2023-05-05 16:14:59 +01:00
Valerio Setti	a9aafd4807	test: revert undesired debug change in ssl-opt Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 12:30:45 +02:00
Valerio Setti	6c496a1553	solve disparities for ECP_LIGHT between ref/accel Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-11 11:33:50 +02:00
Ronald Cron	c564938180	Add downgrade protection mechanism Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:32:05 +02:00
Ronald Cron	1a353ea4b8	ssl-opt.sh: Improve description of server negotiation tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	d120bd646c	ssl-opt.sh: Add version selection by the server tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	50ae84ed97	ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	097ba146e7	tls: srv: Set hybrid TLS 1.2/1.3 as default configuration Set hybrid TLS 1.2/1.3 as default server configuration if both TLS 1.2 and TLS 1.3 are enabled at build time. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	f95d169d60	ssl-opt.sh: Force TLS 1.2 on TLS 1.2 specific tests Force TLS 1.2 on TLS 1.2 specific tests in preparation of TLS 1.3 being the default protocol version when both TLS 1.2 and TLS 1.3 are enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:17 +02:00
Ronald Cron	fd4c6afcb4	ssl-opt.sh: Force TLS 1.2 version Force TLS 1.2 version on tests related to MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those SSL options are not supported in TLS 1.3 for the time being. Thus force TLS 1.2 version in preparation of TLS 1.3 being the default protocol version when both TLS 1.2 and TLS 1.3 are enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:17 +02:00
Ronald Cron	92dca39196	ssl-opt.sh: Extend scope of some tests to TLS 1.3 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:17 +02:00
Ronald Cron	0aa1b8843f	ssl-opt.sh: Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2 dep Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2 dependency if TLS 1.2 version is forced or a TLS 1.2 cipher suite is forced (as TLS 1.2 cipher suites are available if and only if TLS 1.2 is enabled and cipher suite availability is check automatically). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:17 +02:00
Ronald Cron	65f9029741	ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:17 +02:00
Ronald Cron	c341ad717e	ssl-opt.sh: Remove dummy TLS 1.3 kex modes tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:17 +02:00
Paul Elliott	d01a3bca05	Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback Mbed TLS 3.4.0	2023-03-27 18:09:49 +01:00
Paul Elliott	f1eb5e2a04	Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-21 15:35:17 +00:00
Valerio Setti	2f8eb62946	ssl-opt: remove leftover debug commands and fix comment Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-20 14:02:07 +01:00
Valerio Setti	6ba247c236	ssl-opt: solve errors in ECDH reference tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-20 14:00:51 +01:00
Dave Rodgman	0e2b06a1ce	Merge pull request #7083 from KloolK/record-size-limit/parsing Add parsing for Record Size Limit extension in TLS 1.3	2023-03-17 10:18:34 +00:00
Paul Elliott	646ee7ec2e	Fix CI build after repo merge conflict After merging the driver only ECDSA work, a conflict arose between that and the previous work re-ordering the ciphersuite preference list. We can remove the breaking requirement on this test, as this requirement is now auto-detected when the server5 crt is used in the server's command line. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-16 17:10:34 +00:00
Gilles Peskine	2a44ac245f	Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api ssl_cache: Add cache entry removal api	2023-03-15 15:38:06 +01:00
Jan Bruckner	151f64283f	Add parsing for Record Size Limit extension in TLS 1.3 Fixes #7007 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-03-14 08:41:25 +01:00
Paul Elliott	e4622a3436	Merge remote-tracking branch 'development/development' into development-restricted Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-13 17:49:32 +00:00
Valerio Setti	e7f896d73f	fix extra whitespaces Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 13:55:28 +01:00
Valerio Setti	80318d2775	ssl-opt: automatically detect requirements when using certs in dir-maxpath Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 12:26:42 +01:00
Valerio Setti	77588e9451	ssl-opt: uniformize requirements in tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-13 12:00:10 +01:00
Pengyu Lv	62ed1aa316	ssl-opt: Add test for cache entry removal Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-13 09:28:17 +08:00
valerio	f27472b128	ssl-opt: enable test and fix failures for reference ECDH + USE_PSA" Signed-off-by: valerio <valerio.setti@nordicsemi.no>	2023-03-09 16:20:38 +01:00
Valerio Setti	1470ce3eba	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 16:50:12 +01:00
Valerio Setti	ccfad9ae0e	ssl-opt: remove remaining redundant dependencies There were some dependencies that are now automatically satisfied by the detect_required_features() function. After this check there should be no redundant requirement for: - requires_pk_alg "ECDSA" - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT - requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 10:25:05 +01:00
Valerio Setti	3b2c02821e	ssl-opt: return to previous debug level in test This was a leftover from some debug activity that unfortunately ended up in previous commits. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-08 10:22:29 +01:00
Valerio Setti	213c4eae3a	ssl-opt: enhance comment for get_tls_version() function Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-07 19:29:57 +01:00
Valerio Setti	194e2bdb6a	fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-02 17:18:10 +01:00
Ronald Cron	7dc4130210	Improve GnuTLS client priority for resumption basic check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-24 12:10:09 +01:00
Valerio Setti	1af76d119d	ssl-opt: automatically detect requirements from the specified certificates This moslty focus on tests using "server5*" cerificate. Several cases are taken into account depending on: - TLS version (1.2 or 1.3) - server or client roles Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-23 16:55:59 +01:00
Valerio Setti	3f2309fea6	ssl-opt: remove redundant requires_config_enabled when force_ciphersuite is set Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-23 13:47:30 +01:00
Ronald Cron	1aa6e8d6e9	Restore same PSK length enforcement Restore same PSK length enforcement in conf_psk and set_hs_psk, whether the negotiated protocol is TLS 1.2 or TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-23 09:48:50 +01:00
Valerio Setti	d1f991c879	ssl-opt: fix required configs in ECDSA related tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-23 09:31:41 +01:00
Ronald Cron	d89360b87b	Fix and improve documentation, comments and logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-21 14:57:25 +01:00
Ronald Cron	4bb6773640	tls13: Apply same preference rules for ciphersuites as for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-20 11:42:19 +01:00
Ronald Cron	b18c67af5f	tls13: ssl-opt.sh: Add test of default crypto algo Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-20 11:42:19 +01:00

1 2 3 4 5 ...

1057 Commits