lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-24 17:41:01 +03:00
Code Activity

Add ssl-opt functions to check openssl with ffdh support and openssl ephemeral key exchange

Browse Source 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
2023-06-26 12:59:45 +02:00
parent 98d79335d1
commit 8bfe897ab0
4 changed files with 237 additions and 345 deletions
Download Patch File Download Diff File Expand all files Collapse all files

342
tests/opt-testcases/tls13-compat.sh
View File

File diff suppressed because it is too large Load Diff

86
tests/opt-testcases/tls13-kex-modes.sh
View File

@@ -972,7 +972,7 @@ run_test "TLS 1.3: O->m: all/psk, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
@@ -990,7 +990,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch" \
@@ -1007,7 +1007,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key id mismatch"
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mismatch" \
@@ -1024,7 +1024,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_ephemeral, fail, key material mism
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
@@ -1042,7 +1042,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
@@ -1059,7 +1059,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key id mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
@@ -1076,7 +1076,7 @@ run_test "TLS 1.3: O->m: all/psk_ephemeral, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1095,7 +1095,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1113,7 +1113,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key id mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1131,7 +1131,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_all, fail, key material mismatch"
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1150,7 +1150,7 @@ run_test "TLS 1.3: O->m: all/psk_all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1168,7 +1168,7 @@ run_test "TLS 1.3: O->m: all/psk_all, fail, key id mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1186,7 +1186,7 @@ run_test "TLS 1.3: O->m: all/psk_all, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1205,7 +1205,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1223,7 +1223,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, good, key id mismatch,
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1241,7 +1241,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/ephemeral_all, fail, key material mism
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1260,7 +1260,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1278,7 +1278,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, good, key id mismatch, dhe." \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
@@ -1296,7 +1296,7 @@ run_test "TLS 1.3: O->m: all/ephemeral_all, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -1316,7 +1316,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -1335,7 +1335,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, good, key id mismatch, dhe." \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -1354,7 +1354,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/all, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -1374,7 +1374,7 @@ run_test "TLS 1.3: O->m: all/all, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -1393,7 +1393,7 @@ run_test "TLS 1.3: O->m: all/all, good, key id mismatch, dhe." \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -1412,7 +1412,7 @@ run_test "TLS 1.3: O->m: all/all, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -1431,7 +1431,7 @@ run_test "TLS 1.3: O->m: ephemeral_all/psk_or_ephemeral, good" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -1450,7 +1450,7 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, good" \
-S "key exchange mode: psk_ephemeral" \
-s "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -1468,7 +1468,7 @@ run_test "TLS 1.3: O->m: all/psk_or_ephemeral, fail, key material mismatch" \
-S "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
@@ -1481,7 +1481,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp256r1) check, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
@@ -1494,7 +1494,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp384r1) check, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
@@ -1507,7 +1507,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(secp521r1) check, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
@@ -1520,7 +1520,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x25519) check, good" \
-s "key exchange mode: psk_ephemeral" \
-S "key exchange mode: ephemeral"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
@@ -1534,7 +1534,7 @@ run_test "TLS 1.3: O->m: psk_ephemeral group(x448) check, good" \
-S "key exchange mode: ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_PROTO_TLS1_3 MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
run_test "TLS 1.3 O->m: psk_ephemeral group(secp256r1->secp384r1) check, good" \
"$P_SRV tls13_kex_modes=psk_ephemeral debug_level=5 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef curves=secp384r1" \
@@ -2757,7 +2757,7 @@ run_test "TLS 1.3: m->O: psk/ephemeral_all, fail - no common kex mode" \
-c "Last error was: -0x7780 - SSL - A fatal alert message was received from our peer"
#OPENSSL-SERVER psk_all mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2776,7 +2776,7 @@ run_test "TLS 1.3: m->O: psk_all/all, good" \
-c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2796,7 +2796,7 @@ run_test "TLS 1.3: m->O: psk_all/ephemeral_all, good" \
-c "HTTP/1.0 200 ok"
#OPENSSL-SERVER psk_ephemeral mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2814,7 +2814,7 @@ run_test "TLS 1.3: m->O: psk_ephemeral/all, good" \
-c "Selected key exchange mode: psk_ephemeral" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2833,7 +2833,7 @@ run_test "TLS 1.3: m->O: psk_ephemeral/ephemeral_all, good" \
-c "HTTP/1.0 200 ok"
#OPENSSL-SERVER ephemeral mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2846,7 +2846,7 @@ run_test "TLS 1.3: m->O: ephemeral/all, good" \
-c "Selected key exchange mode: ephemeral" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2860,7 +2860,7 @@ run_test "TLS 1.3: m->O: ephemeral/ephemeral_all, good" \
-c "HTTP/1.0 200 ok"
#OPENSSL-SERVER ephemeral_all mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2879,7 +2879,7 @@ run_test "TLS 1.3: m->O: ephemeral_all/all, good" \
-c "<= write client hello" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2899,7 +2899,7 @@ run_test "TLS 1.3: m->O: ephemeral_all/ephemeral_all, good" \
-c "HTTP/1.0 200 ok"
#OPENSSL-SERVER all mode
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
@@ -2919,7 +2919,7 @@ run_test "TLS 1.3: m->O: all/all, good" \
-c "<= write client hello" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C

2
tests/scripts/generate_tls13_compat_tests.py
View File

@@ -183,7 +183,7 @@ class OpenSSLBase(TLSProgram):
ffdh_groups = ['ffdhe2048', 'ffdhe8192']
if any(x in ffdh_groups for x in self._named_groups):
ret.append('requires_openssl_3_x')
ret = ["requires_openssl_tls1_3_with_ffdh"]
# ffdhe8192 has very long keys and requires intensive computation.
# The test may fail on CI when executor is just very loaded. Give a second chance.

152
tests/ssl-opt.sh
View File

@@ -688,9 +688,23 @@ requires_openssl_3_x() {
fi
}
# skip next test if openssl does not support ffdh keys
requires_openssl_tls1_3_with_ffdh() {
requires_openssl_3_x
}
# skip next test if it cannot handle ephemeral key exchange
requires_openssl_tls1_3_with_compatible_ephemeral() {
requires_openssl_next
if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then
requires_openssl_tls1_3_with_ffdh
fi
}
# skip next test if tls1_3 is not available
requires_openssl_tls1_3() {
requires_openssl_3_x
requires_openssl_next
if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
OPENSSL_TLS1_3_AVAILABLE="NO"
fi
@@ -702,17 +716,8 @@ requires_openssl_tls1_3() {
OPENSSL_TLS1_3_AVAILABLE="NO"
fi
fi
if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then
SKIP_NEXT="YES"
else
if [ "$OPENSSL_3_X_AVAILABLE" = "NO" ]; then
if is_config_enabled "MBEDTLS_ECDH_C"; then
SKIP_NEXT="NO"
else
SKIP_NEXT="YES"
fi
fi
fi
}
@@ -5561,6 +5566,7 @@ run_test "Authentication: client no cert, server optional" \
requires_openssl_tls1_3
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
requires_config_enabled MBEDTLS_ECDH_C
run_test "Authentication: openssl client no cert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$O_NEXT_CLI_NO_CERT -no_middlebox" \
@@ -6769,7 +6775,7 @@ run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
-c "Ciphersuite is TLS-" \
-c "! Usage does not match the keyUsage extension"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
@@ -6781,7 +6787,7 @@ run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
@@ -6793,7 +6799,7 @@ run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
@@ -6805,7 +6811,7 @@ run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
@@ -6817,7 +6823,7 @@ run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
@@ -6829,7 +6835,7 @@ run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \
@@ -6891,7 +6897,7 @@ run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
@@ -6903,7 +6909,7 @@ run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
@@ -6914,7 +6920,7 @@ run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
-s "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
@@ -6926,7 +6932,7 @@ run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
@@ -7009,7 +7015,7 @@ run_test "extKeyUsage cli: codeSign -> fail" \
-c "Processing of the Certificate handshake message failed" \
-C "Ciphersuite is TLS-"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
@@ -7021,7 +7027,7 @@ run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
@@ -7033,7 +7039,7 @@ run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
@@ -7045,7 +7051,7 @@ run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
-C "Processing of the Certificate handshake message failed" \
-c "Ciphersuite is"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli 1.3: codeSign -> fail" \
@@ -7104,7 +7110,7 @@ run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
-s "bad certificate (usage extensions)" \
-s "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
@@ -7115,7 +7121,7 @@ run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
@@ -7126,7 +7132,7 @@ run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
@@ -7137,7 +7143,7 @@ run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
-S "bad certificate (usage extensions)" \
-S "Processing of the Certificate handshake message failed"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
@@ -11296,7 +11302,7 @@ run_test "TLS 1.3: Default" \
-s "ECDH/FFDH group: " \
-s "selected signature algorithm ecdsa_secp256r1_sha256"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -11362,7 +11368,7 @@ run_test "TLS 1.3: minimal feature sets - gnutls" \
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 OK"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_ALPN
@@ -11432,7 +11438,7 @@ run_test "TLS 1.3: alpn - gnutls" \
-c "HTTP/1.0 200 OK" \
-c "Application Layer Protocol is h2"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_ALPN
@@ -11544,7 +11550,7 @@ run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.2" \
-S "Version: TLS1.2" \
-C "Protocol : TLSv1.2"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -11576,7 +11582,7 @@ run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -11604,7 +11610,7 @@ run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -11635,7 +11641,7 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -11666,7 +11672,7 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -11697,7 +11703,7 @@ run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@@ -11730,7 +11736,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@@ -11763,7 +11769,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@@ -11796,7 +11802,7 @@ run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@@ -11831,7 +11837,7 @@ run_test "TLS 1.3: Client authentication, client alg not in server list - gnu
-c "no suitable signature algorithm"
# Test using an opaque private key for client authentication
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@@ -11861,7 +11867,7 @@ run_test "TLS 1.3: Client authentication - opaque key, no server middlebox co
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@@ -11894,7 +11900,7 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@@ -11927,7 +11933,7 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
@@ -11960,7 +11966,7 @@ run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@@ -11995,7 +12001,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 -
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@@ -12030,7 +12036,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 -
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@@ -12065,7 +12071,7 @@ run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 -
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "Protocol is TLSv1.3"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_config_enabled MBEDTLS_RSA_C
@@ -12101,7 +12107,7 @@ run_test "TLS 1.3: Client authentication - opaque key, client alg not in serv
-c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
-c "no suitable signature algorithm"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12116,7 +12122,7 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 ok"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12165,7 +12171,7 @@ run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \
-c "Protocol is TLSv1.3" \
-c "HTTP/1.0 200 OK"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -12182,7 +12188,7 @@ run_test "TLS 1.3: Server side check - openssl" \
-s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \
-s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
@@ -12340,7 +12346,7 @@ run_test "TLS 1.3: Server side check, no server certificate available" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
-s "No certificate available."
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12416,7 +12422,7 @@ run_test "TLS 1.3 m->m both with middlebox compat support" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@@ -12429,7 +12435,7 @@ run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \
-C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
-C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@@ -12440,7 +12446,7 @@ run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
1 \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12492,7 +12498,7 @@ run_test "TLS 1.3 m->G both with middlebox compat support" \
-c "Protocol is TLSv1.3" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
@@ -12505,7 +12511,7 @@ run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \
-S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
-C "14 03 03 00 01"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12517,7 +12523,7 @@ run_test "TLS 1.3 O->m server with middlebox compat support, not client" \
-s "Protocol is TLSv1.3" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12607,7 +12613,7 @@ run_test "TLS 1.3 m->m HRR both with middlebox compat support" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@@ -12621,7 +12627,7 @@ run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility"
-C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
-C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
@@ -12633,7 +12639,7 @@ run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client"
-c "received HelloRetryRequest message" \
-c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12688,7 +12694,7 @@ run_test "TLS 1.3 m->G HRR both with middlebox compat support" \
-c "Protocol is TLSv1.3" \
-c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
@@ -12701,7 +12707,7 @@ run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility"
-S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
-C "14 03 03 00 01"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12713,7 +12719,7 @@ run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client"
-s "Protocol is TLSv1.3" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12774,7 +12780,7 @@ run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
-s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
-c "SSL 3.3 ChangeCipherSpec packet received"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12825,7 +12831,7 @@ run_test "TLS 1.3: Check signature algorithm order, m->m" \
-s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
-c "HTTP/1.0 200 [Oo][Kk]"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12878,7 +12884,7 @@ run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
1 \
-S "ssl_tls13_pick_key_cert:check signature algorithm"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12923,7 +12929,7 @@ run_test "TLS 1.3: Check server no suitable certificate, G->m" \
1 \
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12951,7 +12957,7 @@ run_test "TLS 1.3: Check server no suitable certificate, m->m" \
1 \
-s "ssl_tls13_pick_key_cert:no suitable certificate found"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -12994,7 +13000,7 @@ run_test "TLS 1.3: Check client no signature algorithm, m->m" \
1 \
-c "no suitable signature algorithm"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C
requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \
@@ -13027,7 +13033,7 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
-c "HTTP/1.0 200 OK" \
-s "This is a resumed session"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
requires_config_enabled MBEDTLS_SSL_SRV_C
requires_config_enabled MBEDTLS_DEBUG_C
@@ -13113,7 +13119,7 @@ run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \
-s "key exchange mode: psk_ephemeral" \
-s "found pre_shared_key extension"
requires_openssl_tls1_3
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_DEBUG_C
requires_config_enabled MBEDTLS_SSL_CLI_C