Don't add a certificate requirement when PSK is enabled.
Do command line requirement detection after the injection of PSK into the
command line in PSK-only mode. Otherwise certificate requirements would be
added even in PSK-only mode.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When requiring a cryptographic mechanism for the sake of certificate
authentication, also require that certificate authentication is enabled.
Setting auth_mode explicitly means that we're testing something related to
how certificate-based authentication is handled, so require a key exchange
with certificate-based authentication.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add a test that does some basic validation of the pkg-config files.
Example run:
./tests/scripts/all.sh test_cmake_as_package
<snip>
******************************************************************
* test_cmake_as_package: build: cmake 'as-package' build
* Wed Sep 11 16:17:41 UTC 2024
******************************************************************
cmake .
make
Built against Mbed TLS 3.6.0
testing package config file: mbedtls ... passed
testing package config file: mbedx509 ... passed
testing package config file: mbedcrypto ... passed
make clean
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
Running test suites from another directory only works when the auto-chdir
code in host_test.function is enabled, which is platform-dependent and
configuration-dependent.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Before this commit, `make test` stopped after running the TLS tests if there
was a failure.
Have `run-test-suites.pl` take care of looking in all the directories, so
that the last line of output from `make test` is an accurate report of all
the test suites, not just the test suites from the last run of
`run-test-suites.pl`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In preparation of MBEDTLS_PSA_CRYPTO_CONFIG
being always on, enable MBEDTLS_PSA_CRYPTO_CONFIG
in build_aes_variations.
While enabling MBEDTLS_PSA_CRYPTO_CONFIG, disable
some PSA_WANT_ so that the configuration
remain the same for the modified component.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of MBEDTLS_PSA_CRYPTO_CONFIG
being always on, enable MBEDTLS_PSA_CRYPTO_CONFIG
in some TLS 1.3 all.sh test components.
While enabling MBEDTLS_PSA_CRYPTO_CONFIG, disable
some PSA_WANT_ so that the configurations
remain the same for the modified components.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Without this, it's not at all obvious that turning on MBEDTLS_TEST_HOOKS
doesn't change the functional behavior of the code.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The tests above are required then optional then none. Follow the same
pattern here.
Just moving things around (see git's --color-moved option).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.
In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>