mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-09 12:40:57 +00:00

Author	SHA1	Message	Date
Gilles Peskine	d2d90af7d9	Make mbedtls_ssl_get_bytes_avail tests more independent Don't depend on the default sizes in the test programs: pass explicit request and buffer sizes. Don't depend on MAX_CONTENT_LEN (other than it not being extremely small: this commit assumes that it will never be less than 101). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 23:39:06 +02:00
Gilles Peskine	c8d242f625	set_maybe_calc_verify: $1 is intended to be auth_mode Document that this is what it is. Don't allow made-up numerical values. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 22:23:45 +02:00
Gilles Peskine	1438e1620a	Add requirements of "Default" The log checks require a specific hash and a specific curve. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 22:00:32 +02:00
Gilles Peskine	59601d76ad	Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 22:00:17 +02:00
Andrzej Kurek	8db7c0e9ac	Fix an off-by-one error in ssl-opt.sh Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-01 08:55:40 -04:00
Ronald Cron	0e980e8e84	Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 TLS 1.2/1.3 version negotiation - 2	2022-04-01 12:29:06 +02:00
Ronald Cron	cbd7bfd30e	ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests Force TLS 1.2 on OpenSSL/GnuTLS server for TLS 1.2 specific tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:25:27 +02:00
Ronald Cron	634d865d80	ssl-opt.sh: Fix "no TLS 1.3 server support" test check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:25:27 +02:00
Dave Rodgman	017a19997a	Update references to old Github organisation Replace references to ARMmbed organisation with the new org, Mbed-TLS, following project migration. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-03-31 14:43:16 +01:00
Neil Armstrong	b7b549aa71	Force server-side TLS1.2 for ECDH- Opaque PK key test Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Neil Armstrong	023bf8d7c2	Add ECDH- Opaque PK key test Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Ronald Cron	a1b8f6e914	ssl-opt.sh: Do not force TLS 1.3 on client For TLS 1.3 tests, do not force TLS 1.3 version on client to play the negotiation game whenever possible. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	f3b425bbde	ssl-opt.sh: Force TLS 1.2 on server To maximize the number of tests where MbedTLS client proposes both TLS 1.2 and TLS 1.3 to the server, force the TLS 1.2 version on the server side rather than on the client side in TLS 1.2 specific tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e1d3f06399	Allow hybrid TLS 1.3 + TLS 1.2 configuration Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	7320e6436b	ssl_tls12_client.c: Switch to generic Client Hello state handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	086ee0be0e	ssl_tls.c: Reject TLS 1.3 version configuration for server Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Jerry Yu	3a58b462b6	add pss_rsae_sha{384,512} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	919130c035	Add rsa_pss_rsae_sha256 support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:33 +08:00
Manuel Pégourié-Gonnard	7c92fe966a	Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection TLS Cipher 2a: tickets: use PSA for protection	2022-03-17 09:50:09 +01:00
Gilles Peskine	6f160cab59	Skip some DTLS reordering tests in PSK-only builds Some DTLS reordering tests rely on certificate authentication messages. It is probably possible to adapt them to rely on different messages, but for now, skip them in PSK-only builds. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-03-14 20:32:20 +01:00
Gilles Peskine	309ca65846	calc_verify is only called in some configurations If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled at runtime, and if client authentication is not used, then calc_verify is not called, so don't require the corresponding debug trace. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-03-14 20:32:20 +01:00
Gilles Peskine	aa162b5bea	Remove negative check for a message that no longer exists The message was removed in 6be9cf542f3e5763371a347d199c6db6bdd96d06 without a replacement. A failure would cause the test case to fail anyway, so this negative check is not really useful. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-03-14 19:49:18 +01:00
Gabor Mezei	49c8eb3a5a	Enable chachcapoly cipher for SSL tickets Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 17:09:59 +01:00
Gabor Mezei	2fa1c311cd	Remove test dependency The SSL ticket rotation test case is enabled when PSA is used. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 17:09:59 +01:00
Manuel Pégourié-Gonnard	10e5cdbbbf	Merge pull request #5454 from gstrauss/cert_cb-user_data server certificate selection callback	2022-03-10 11:51:42 +01:00
Paul Elliott	17f452aec4	Merge pull request #5448 from lhuang04/tls13_alpn Port ALPN support for tls13 client from tls13-prototype	2022-03-08 17:53:38 +00:00
Glenn Strauss	6989407261	Add accessor to retrieve SNI during handshake Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:53 -05:00
Gilles Peskine	588d7a7538	Add a missing requires_max_content_len Slightly reduce the amount of data so that the test passes with 512. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:23:25 +01:00
Gilles Peskine	6e86e54abb	Adapt tests for PSK in PSK-only builds In a PSK-only build: * Skip tests that rely on a specific non-PSK cipher suite. * Skip tests that exercise a certificate authentication feature. * Pass a pre-shared key in tests that don't mind the key exchange type. This commit only considers PSK-only builds vs builds with certificates. It does not aim to do something useful for builds with an asymmetric key exchange and a pre-shared key for authentication. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Gilles Peskine	2fe796f1b7	Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE This commit is not necessarily complete, but it's a step forward. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Gilles Peskine	3561526249	Only run "Default" tests if the expected ciphersuite is enabled These tests ensure that a certain cipher suite is in use, so they fail in builds that lack one of the corresponding algorithms. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Gilles Peskine	a165b5ced6	Automatically skip tests for some absent features: tickets, ALPN Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Gilles Peskine	82a4ab2486	ssl-opt: automatically skip DTLS tests in builds without DTLS Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Jerry Yu	2ff6ba1df0	Remove rsa_pss_rsae_sha256 support. Sign rsa is not thread safe. Remove it from current code. And a thread-safe version should be re-introduce in future. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 10:38:25 +08:00
Jerry Yu	ccb005e35f	fix missing feedback address Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 17:38:34 +08:00
Jerry Yu	819f29730a	fix various issues in ssl-opt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	2124d05e06	Add sha384 and sha512 case Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	d66409ae92	Add non support sig alg check and test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	562a0fddf0	Add client version check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	6c3d821ff1	update ssl-opt test cases Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	46b53b9920	remove duplicate test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	4bfa22aeb3	remove useless config option Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	42ea733fdc	remove RSA not found test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	7db5b8f68c	add rsa_pss_rsae_sha256 write support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	37987ddd0f	Add test cases Add test cases for different sig algs. Known issue is rsa_pss_rsae_sha256 fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	ca133a34c5	Change state machine Skip CertificateVerfiy if empty certificate or no CertificateRequest received. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	22abd06cd0	Add rsa key check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	aa6214a571	add empty client certificate tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	c19884f487	change expect exit value Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00

... 3 4 5 6 7 ...

975 Commits