a4b773d3bb
Merge pull request #6955 from inorick/nofa_no_session_tickets
...
Guard ticket specific TLS 1.3 function with macro
2024-04-08 08:56:17 +00:00
e146940714
Merge pull request #1216 from Mbed-TLS/mbedtls-3.6.0_mergeback
...
Mbedtls 3.6.0 mergeback
2024-03-28 14:31:03 +00:00
4f1c9278cc
ssl-opt.sh: Add missing MBEDTLS_SSL_SESSION_TICKETS dependencies
...
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com >
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-27 09:37:37 +01:00
35884a4301
ssl-opt.sh: Improve version selection test titles
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-21 09:44:28 +01:00
b70f0fd9a9
Merge branch 'development' into 'development-restricted'
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2024-03-19 22:24:40 +00:00
62ac993d89
Merge pull request #8918 from ronald-cron-arm/improve-tls-srv-version-nego-testing
...
TLS: Improve server version negotiation testing
2024-03-15 14:29:56 +00:00
f1ad73f6ca
ssl-opt.sh: Group TLS 1.3 resumption and early data compat tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-14 20:04:05 +01:00
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime
...
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
2024-03-14 15:59:25 +00:00
e7c08af465
Merge pull request #8575 from lpy4105/issue/wrong-suite-name-in-check_test_cases_py
...
Fix wrong suite name in check_test_cases.py
2024-03-14 15:31:27 +00:00
10797e3da1
ssl-opt.sh: Add O->m server version selection tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 17:16:05 +01:00
114c5f0321
ssl-opt.sh: Expand MbedTLS only version negotiation tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 16:46:37 +01:00
dcfd00c128
ssl-opt.sh: Change MbedTLS only version negotiation tests
...
Change description and dependencies before to
expand MbedTLS only version negotiation tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 16:46:37 +01:00
fe18d8db76
ssl-opt.sh: Group MbedTLS only version negotiation tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 16:46:37 +01:00
a1e7b6a66a
ssl-opt.sh: Group cli ver nego tests against GnuTLS and OpenSSL
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 16:46:37 +01:00
dfad493e8b
ssl-opt.sh: Expand G->m server version selection tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 16:46:35 +01:00
98bdcc4f29
ssl-opt.sh: Change G->m server version selection tests
...
Change description and dependencies before
to expand G->m server version selection tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 16:45:27 +01:00
cd1370e8d8
ssl-opt.sh: Group G->m server version selection checks
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 16:44:37 +01:00
93fa4e1b87
Merge branch 'development' into buffer-sharing-merge
2024-03-12 15:05:06 +00:00
9422725aba
tls13: cli: Discard ticket with zero lifetime
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-10 17:48:26 +01:00
ce79488dd5
tls13: srv: Fail connection if ticket lifetime exceed 7 days
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-10 17:42:43 +01:00
90abb224f7
ssl-opt.sh: Establish TLS 1.3 then TLS 1.2 session
...
Add a test where first we establish a
TLS 1.3 session, then a TLS 1.2 one
with the same server.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-08 12:12:58 +01:00
587cfe65ca
ssl-opt.sh: Establish TLS 1.2 then TLS 1.3 connection
...
Add a test where first we establish a
TLS 1.2 session, then a TLS 1.3 one
with the same server.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-08 12:09:42 +01:00
05754d8e85
ssl-opt: add DH groups requirements in test cases using FFDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-18 09:47:00 +01:00
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
4b09dcd19c
Change renegotiation test to use G_NEXT_SRV
...
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-12 10:50:25 +00:00
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
...
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
e83be5f639
Change renegotiation tests to work with TLS 1.2 only
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 23:39:54 +00:00
1487760b55
Change order of checking of record size limit client tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
2fa99b2ddd
Add tests for client complying with record size limit
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
f501790ff2
Improve comments across record size limit changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
9457e67afd
update record size limit tests to be more consistent
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
3a37756496
Improve record size limit tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
598ea09dd5
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
47d2946943
tls13: server: write Record Size Limit ext in EncryptedExtensions
...
- add the support in library
- update corresponding test cases.
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
42017cd4c9
tls13: cli: write Record Size Limit ext in ClientHello
...
- add the support in library
- update corresponding test case
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2024-01-10 16:17:27 +00:00
60f0f727c3
Add config dependencies to record size tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-04 14:57:31 +00:00
3d46b7f81a
Fix Max fragmen length test to use TLS 1.2 maximum output size
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-01 20:50:53 +00:00
bae705c12b
Fix TLS 1.2 test to use TLS 1.2 maximum output size
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-01 14:21:21 +00:00
ea03183bd7
Adjust TLS 1.3 tests to new maximum output changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-29 15:36:51 +00:00
87a373eea6
Improve Record size limit testing
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-28 17:49:36 +00:00
26e3698357
Revert back checking on handshake messages length
...
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-14 16:23:25 +00:00
177e49ad7a
tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-08 11:00:33 +08:00
9aec1c71f2
Add record size checking during handshake
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-06 15:18:15 +00:00
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2023-12-06 15:18:08 +00:00
3d82ffce5b
ssl-opt: test handshake for TLS 1.2 only cli with TLS 1.3 only srv
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-12-04 17:50:43 +08:00
d1198060a5
Merge branch 'development' into issue/wrong-suite-name-in-check_test_cases_py
2023-11-30 10:05:54 +08:00
3c170d3298
Print suite name when listing test cases
...
When a test script has multiple suites, it is not
true to determine the suite name from the file name
of the script. We need the script to list the suite
name for every test cases.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-29 13:53:34 +08:00
60f76663c0
Align forced ciphersuite with test description
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-11-28 17:52:42 +01:00
29ad2d7609
ssl-opt.sh: Remove unnecessary symmetric crypto dependencies
...
Same test cases as in the previous commit.
Remove the redundant symmetric crypto dependency.
The dependency is ensured by the fact that:
1) the test case forces a cipher suite
2) ssl-opt.sh enforces automatically that the
forced ciphersuite is available.
3) The fact that the forced ciphersuite is
available implies that the symmetric
cipher algorithm it uses is available as
well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-11-28 17:44:39 +01:00
41bc42ac1b
ssl-opt.sh: Fix some symmetric crypto dependencies
...
Fix some dependencies on symmetric crypto that
were not correct in case of driver but not
builtin support. Revealed by "Analyze driver
test_psa_crypto_config_accel_cipher_aead vs reference
test_psa_crypto_config_reference_cipher_aead" in
analyze_outcomes.py.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-11-28 15:59:40 +01:00
