Commit Graph

468 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
f1c6ad4c5f Declare dependency on tickets for two ssl-opt.sh tests
See https://github.com/ARMmbed/mbedtls/issues/2712
2019-07-02 15:12:29 +02:00
Jarno Lamsa
29f2dd0a7b Address review comments 2019-07-02 15:12:29 +02:00
Jarno Lamsa
5b52b27519 Skip resumption tests if resumption not defined 2019-07-02 15:12:29 +02:00
Hanno Becker
af5ab918d9 Detect mismatching compile-time and cmd line config in ssl-opt.sh 2019-06-25 08:42:20 +01:00
Simon Butcher
7400e8fb36 Merge remote-tracking branch 'origin/pr/591' into baremetal 2019-06-18 17:36:45 +01:00
Simon Butcher
f1ff74574d Merge remote-tracking branch 'origin/pr/597' into baremetal 2019-06-18 14:58:37 +01:00
Hanno Becker
b2c6383b7b Add missing !MBEDTLS_X509_REMOVE_INFO guards to ssl-opt.sh 2019-06-18 11:05:44 +01:00
Hanno Becker
4a156fc854 Apply guards to make ssl-opt.sh work with MBEDTLS_X509_REMOVE_INFO
Multiple tests in ssl-opt.sh grep for debug output that's omitted
if MBEDTLS_X509_REMOVE_INFO is defined. This commit modifies ssl-opt.sh
to skip those tests in this case.
2019-06-18 11:05:44 +01:00
Jarno Lamsa
8a91c0650a Add tests for re-init flow for context serialization 2019-06-18 11:50:11 +03:00
Jarno Lamsa
cc281b8a54 ssl-opt.sh tests for serialization are currently using stub implementation 2019-06-18 11:50:11 +03:00
Jarno Lamsa
dcfc2a7364 Add missing slashes to tests 2019-06-18 11:50:11 +03:00
Jarno Lamsa
fa45e6005e Add serialization tests to ssl-opt.sh 2019-06-18 11:50:11 +03:00
Hanno Becker
1abb159e90 Merge branch 'mbedtls-2.16' into baremetal 2019-06-18 09:00:37 +01:00
Jarno Lamsa
31d940ba5e Change test name 2019-06-12 10:21:33 +03:00
Jarno Lamsa
20095afc58 Changes according to review comments 2019-06-11 17:16:58 +03:00
Jarno Lamsa
41b359114d Add tests for enforced extended master secret flag 2019-06-10 15:51:11 +03:00
Manuel Pégourié-Gonnard
f8c355a012 Adapt buffering test to new ticket size
The size of the ticket used in this test dropped from 192 to 143 bytes, so
move all sizes used in this test down 50 bytes. Also, we now need to adapt the
server response size as the default size would otherwise collide with the new
mtu value.
2019-06-03 10:15:07 +02:00
Manuel Pégourié-Gonnard
57a348ba8c Add tests for session copy without serialisation 2019-06-03 09:51:08 +02:00
Hanno Becker
7a11e72a4f ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset
This should allow to run ssl-opt.sh successfully in the default
configuration minus MBEDTLS_PEM_PARSE_C minus MBEDTLS_FS_IO.
2019-05-30 10:58:07 +01:00
Simon Butcher
0d1d76f987 Merge remote-tracking branch 'origin/pr/561' into baremetal 2019-05-29 15:09:24 +01:00
Simon Butcher
5a790f9214 Merge remote-tracking branch 'origin/pr/563' into baremetal 2019-05-24 15:06:16 +01:00
Hanno Becker
f6fb4ea632 Insert records with unexpected CID in CID tests in ssl-opt.sh 2019-05-24 10:11:23 +01:00
Hanno Becker
a5a2b08a05 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID
Files modified via

sed -i 's/MBEDTLS_SSL_CID\([^_]\|$\)/MBEDTLS_SSL_DTLS_CONNECTION_ID\1/g' **/*.c **/*.h **/*.sh **/*.function
2019-05-20 15:35:36 +01:00
Hanno Becker
84bbc51968 Add CID test not using datagram packing to ssl-opt.sh 2019-05-20 15:32:36 +01:00
Hanno Becker
04ca04caf2 Add Proxy tests for Connection ID to ssl-opt.sh
Also, shorten test names to avoid them being truncated on the cmd line.
2019-05-20 15:32:36 +01:00
Hanno Becker
043a2a4869 Remove indicators and warnings about unfinished CID implementation 2019-05-20 15:32:36 +01:00
Hanno Becker
ad8e2c9144 Fix mismatching debug grep in ssl-opt.sh CID tests 2019-05-20 15:32:36 +01:00
Hanno Becker
9687029d22 Add support for change of CID to ssl_client2 / ssl_server2
And add tests for various CID configuration changes during
renegotiation to ssl-opt.sh.
2019-05-20 15:32:36 +01:00
Hanno Becker
b7f9e9c9a5 Reintroduce grepping for debug messages in CID tests in ssl-opt.sh 2019-05-20 15:32:36 +01:00
Manuel Pégourié-Gonnard
9c5bcc9220 Use more specific name in debug message for testing
While 'session hash' is currently unique, so suitable to prove that the
intended code path has been taken, it's a generic enough phrase that in the
future we might add other debug messages containing it in completely unrelated
code paths. In order to future-proof the accuracy of the test, let's use a
more specific string.
2019-05-20 12:09:50 +02:00
Manuel Pégourié-Gonnard
5478e1e5ed Remove redundant debug message.
Two consecutive messages (ie no branch between them) at the same level are not
needed, so only keep the one that has the most information.
2019-05-20 10:07:29 +02:00
Hanno Becker
d91dc3767f Skip copying CIDs to SSL transforms until CID feature is complete
This commit temporarily comments the copying of the negotiated CIDs
into the established ::mbedtls_ssl_transform in mbedtls_ssl_derive_keys()
until the CID feature has been fully implemented.

While mbedtls_ssl_decrypt_buf() and mbedtls_ssl_encrypt_buf() do
support CID-based record protection by now and can be unit tested,
the following two changes in the rest of the stack are still missing
before CID-based record protection can be integrated:
- Parsing of CIDs in incoming records.
- Allowing the new CID record content type for incoming records.
- Dealing with a change of record content type during record
  decryption.

Further, since mbedtls_ssl_get_peer_cid() judges the use of CIDs by
the CID fields in the currently transforms, this change also requires
temporarily disabling some grepping for ssl_client2 / ssl_server2
debug output in ssl-opt.sh.
2019-05-17 10:23:47 +01:00
Hanno Becker
6a3ff286a5 Grep for dbug msgs witnessing use of CID in ssl_client2/ssl_server2 2019-05-17 10:20:41 +01:00
Hanno Becker
5e2cd1422e Grep for dbg msg witnessing copying of CIDs to SSL transform 2019-05-17 10:20:41 +01:00
Hanno Becker
cf2a565e3e Grep for dbg msg witnessing parsing of CID extension in ServerHello 2019-05-17 10:20:41 +01:00
Hanno Becker
4eb0587c0f Grep for dbg msg witnessing writing of CID extension in ServerHello 2019-05-17 10:20:41 +01:00
Hanno Becker
c008cb5f8c Grep for dbg msg witnessing parsing of CID extension in ClientHello 2019-05-17 10:20:41 +01:00
Hanno Becker
7345599a7b Grep for dbg msg witnessing writing of CID extension in ClientHello 2019-05-17 10:20:41 +01:00
Hanno Becker
9dae9fd57b Modify CID tests in ssl-opt.sh to grep for CID config debug msgs 2019-05-17 10:20:41 +01:00
Hanno Becker
b60c85c67c Indicate ssl-opt.sh CID tests only test the stub CID code 2019-04-23 12:02:34 +01:00
Hanno Becker
963cb35a24 Fix use of requires_config_enabled in ssl-opt.sh
requires_config_enabled doesn't support multiple config options.
Tests having multiple configuration dependencies must be prefixed
with multiple invocations of requires_config_enabled instead.
2019-04-23 11:52:44 +01:00
Hanno Becker
4f98b6ad17 Fix typo in CID test in ssl-opt.sh 2019-04-23 11:52:14 +01:00
Hanno Becker
2dcdc926b6 Add basic Connection ID tests to ssl-opt.sh 2019-04-09 18:27:04 +01:00
Jaeden Amero
daed232dd7 Merge remote-tracking branch 'origin/pr/2436' into mbedtls-2.16
* origin/pr/2436:
  Use certificates from data_files and refer them
  Specify server certificate to use in SHA-1 test
  refactor CA and SRV certificates into separate blocks
  refactor SHA-1 certificate defintions and assignment
  refactor server SHA-1 certificate definition into a new block
  define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME
  server SHA-256 certificate now follows the same logic as CA SHA-256 certificate
  add entry to ChangeLog
2019-03-05 16:26:34 +00:00
Simon Butcher
799cd57c72 Merge remote-tracking branch 'restricted/pr/550' into mbedtls-2.16
* restricted/pr/550:
  Update query_config.c
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
2019-03-01 13:05:43 +00:00
Simon Butcher
3664fdb5f6 Merge remote-tracking branch 'public/pr/2449' into mbedtls-2.16
* public/pr/2449:
  Reword changelog entry
  Reenable GnuTLS next based tests
2019-03-01 13:01:54 +00:00
Manuel Pégourié-Gonnard
f1e62e8e1e Fix failure in SSLv3 per-version suites test
The test used 3DES as the suite for SSLv3, which now makes the handshake fails
with "no ciphersuite in common", failing the test as well. Use Camellia
instead (as there are not enough AES ciphersuites before TLS 1.2 to
distinguish between the 3 versions).

Document some dependencies, but not all. Just trying to avoid introducing new
issues by using a new cipher here, not trying to make it perfect, which is a
much larger task out of scope of this commit.
2019-03-01 10:30:11 +01:00
k-stachowiak
abb843e8ae Reenable GnuTLS next based tests 2019-02-18 16:14:03 +01:00
Ron Eldor
b76e765f2e Specify server certificate to use in SHA-1 test
Specify the SHA-1 server certificate to use in the SHA-1 test,
because now the default certificates use SHA256 certificates.
2019-02-12 17:10:28 +02:00
Andres Amaya Garcia
0644678507 ssl-opt: Use ssl_server2 to query config instead of grep and sed 2019-02-07 10:32:30 +00:00