DEBUG_C supposed to have been removed from the test dependencies, still
being there is an oversight. Removing it was the sole purpose of
3e58109fbd.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The unit test framework always loads the client key as well, which
requires a different curve and a hash than the server key.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Add a test case with a successful handshake for each test case that
causes the desired handshake failure, with minimal differences between
the two.
The reason is to have more assurance that the handshake is failing for
the desired reason (as opposed to not having done something correctly in
the test code).
Signed-off-by: Janos Follath <janos.follath@arm.com>
There are other issues that can fail with the same error code. Make sure
that the handshake fails exactly the way we want it to fail by analysing
the client logs.
Signed-off-by: Janos Follath <janos.follath@arm.com>
We usually follow the pattern that a zero-initialised struct is safe to
free. This wasn't the case here.
Signed-off-by: Janos Follath <janos.follath@arm.com>
This root certificate uses SECP-384 and if we don't have it in the
build, the parsing already fails even if we don't try to use it, there
is no reason to have it in the build without the SECP-384.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The recursion tests for the crypto code
are run in a TF-PSA-Crypto component.
No need to run them in an Mbed TLS
component as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In `test_suite_debug`, test `mbedtls_debug_snprintf()`, which uses
`mbedtls_vsnprintf()` like `mbedtls_debug_print_msg()`. Do this instead of
testing `mbedtls_snprintf()`, which might be subtly different (older
Windows runtimes had slightly different behavior for vsnprintf() vs
snprintf(); TF-PSA-Crypto might pick up a different function if the
platform configuration is different in TF-PSA-Crypto and Mbed TLS).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Relax the dependencies of the tests about handshake
message defragmentation/reassembly on server side.
TLS 1.3 does not need to be enable anymore for this
to work for TLS 1.2 handshake messages.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Improve DTLS proxy 3d tests with OpenSSL and
GnuTLS servers. Have a better control of which
message is fragmented and verify it is the
case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Improve DTLS reassembly tests with OpenSSL
and GnuTLS server. Check that some messages
have been reassembled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We are about to have full support for TLS 1.2
CH reassembly on server side. The equivalent
positive test would be a duplicate of one of
the tests generated by generate_tls_handshake_tests.py.
Thus just removing the negative test.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
